47c85e17412b91551c156311f72468447e509be37a880e62d742f84989f44210

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe
Size

184KB
MD5

e3f2b6521976c8dee539b756cbeaddc3
SHA1

7ffde2bb4211a10cc96b612669e41823efe539e0
SHA256

9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53
SHA512

a79e7c78f2cf5c510c9dbf343c5738e6b4badc1e3c928305c28e7653d3df1e695566874a73042ef06ad7aad421fed356a70d3779057748bb53ca2e57730ef638
SSDEEP

3072:Ji5roT9EViA0+Oj4dQnBE8qN9pC6S7/oSDyxFNzLZNlEvyFl:Ji9oAH0+TdWBE8JQp/NlEvyF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2216	Unicorn-61979.exe
2376	Unicorn-50879.exe
2352	Unicorn-17692.exe
2896	Unicorn-56992.exe
2916	Unicorn-24874.exe
2740	Unicorn-48824.exe
1492	Unicorn-12114.exe
2528	Unicorn-45342.exe
1664	Unicorn-57039.exe
1796	Unicorn-30397.exe
1800	Unicorn-2363.exe
1708	Unicorn-822.exe
2204	Unicorn-11683.exe
1812	Unicorn-23381.exe
1188	Unicorn-38347.exe
2860	Unicorn-45124.exe
2704	Unicorn-60905.exe
2212	Unicorn-56821.exe
2944	Unicorn-55430.exe
2832	Unicorn-64496.exe
2040	Unicorn-48736.exe
1864	Unicorn-16618.exe
1076	Unicorn-36484.exe
2328	Unicorn-26732.exe
2940	Unicorn-42514.exe
768	Unicorn-45207.exe
2304	Unicorn-65072.exe
3028	Unicorn-36846.exe
3016	Unicorn-56712.exe
3020	Unicorn-25986.exe
2168	Unicorn-9649.exe
2412	Unicorn-12342.exe
2396	Unicorn-9924.exe
2316	Unicorn-12617.exe
2800	Unicorn-59125.exe
2712	Unicorn-57734.exe
2816	Unicorn-3702.exe
2892	Unicorn-45290.exe
2928	Unicorn-34429.exe
2636	Unicorn-14008.exe
2068	Unicorn-173.exe
2320	Unicorn-50765.exe
2652	Unicorn-50765.exe
2680	Unicorn-36929.exe
2344	Unicorn-13816.exe
1484	Unicorn-6224.exe
1508	Unicorn-39643.exe
2572	Unicorn-62202.exe
340	Unicorn-16531.exe
2028	Unicorn-34813.exe
2376	Unicorn-34813.exe
1916	Unicorn-22561.exe
1604	Unicorn-39451.exe
1216	Unicorn-49971.exe
1584	Unicorn-6800.exe
2844	Unicorn-32051.exe
616	Unicorn-51917.exe
1500	Unicorn-51917.exe
2480	Unicorn-12508.exe
1516	Unicorn-25815.exe
2988	Unicorn-51066.exe
2840	Unicorn-53526.exe
1588	Unicorn-57096.exe
1028	Unicorn-34860.exe

Loads dropped DLL 64 IoCs

pid	Process
2296	9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe
2296	9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe
2216	Unicorn-61979.exe
2216	Unicorn-61979.exe
2296	9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe
2296	9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe
2352	Unicorn-17692.exe
2352	Unicorn-17692.exe
2376	Unicorn-50879.exe
2376	Unicorn-50879.exe
2216	Unicorn-61979.exe
2216	Unicorn-61979.exe
2896	Unicorn-56992.exe
2896	Unicorn-56992.exe
2352	Unicorn-17692.exe
2352	Unicorn-17692.exe
2740	Unicorn-48824.exe
2740	Unicorn-48824.exe
2916	Unicorn-24874.exe
2916	Unicorn-24874.exe
2376	Unicorn-50879.exe
2376	Unicorn-50879.exe
1492	Unicorn-12114.exe
1492	Unicorn-12114.exe
2896	Unicorn-56992.exe
2896	Unicorn-56992.exe
2528	Unicorn-45342.exe
2528	Unicorn-45342.exe
1664	Unicorn-57039.exe
1664	Unicorn-57039.exe
2740	Unicorn-48824.exe
2740	Unicorn-48824.exe
1800	Unicorn-2363.exe
1800	Unicorn-2363.exe
1796	Unicorn-30397.exe
1796	Unicorn-30397.exe
2916	Unicorn-24874.exe
2916	Unicorn-24874.exe
2204	Unicorn-11683.exe
2204	Unicorn-11683.exe
1708	Unicorn-822.exe
1708	Unicorn-822.exe
1492	Unicorn-12114.exe
1188	Unicorn-38347.exe
1492	Unicorn-12114.exe
1188	Unicorn-38347.exe
1664	Unicorn-57039.exe
1664	Unicorn-57039.exe
2704	Unicorn-60905.exe
2704	Unicorn-60905.exe
1800	Unicorn-2363.exe
1800	Unicorn-2363.exe
2212	Unicorn-56821.exe
2212	Unicorn-56821.exe
1796	Unicorn-30397.exe
1796	Unicorn-30397.exe
2860	Unicorn-45124.exe
2860	Unicorn-45124.exe
2944	Unicorn-55430.exe
2944	Unicorn-55430.exe
1812	Unicorn-23381.exe
1812	Unicorn-23381.exe
2528	Unicorn-45342.exe
2528	Unicorn-45342.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1764	1784	WerFault.exe	405
1608	2544	WerFault.exe	550
860	1752	WerFault.exe	505

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58101.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43597.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51194.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54992.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2128.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21381.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34100.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23623.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7639.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2740.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50879.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8065.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2296	9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe
2216	Unicorn-61979.exe
2352	Unicorn-17692.exe
2376	Unicorn-50879.exe
2896	Unicorn-56992.exe
2916	Unicorn-24874.exe
2740	Unicorn-48824.exe
1492	Unicorn-12114.exe
2528	Unicorn-45342.exe
1664	Unicorn-57039.exe
1796	Unicorn-30397.exe
1800	Unicorn-2363.exe
1708	Unicorn-822.exe
2204	Unicorn-11683.exe
1812	Unicorn-23381.exe
1188	Unicorn-38347.exe
2704	Unicorn-60905.exe
2212	Unicorn-56821.exe
2860	Unicorn-45124.exe
2944	Unicorn-55430.exe
2832	Unicorn-64496.exe
2040	Unicorn-48736.exe
1076	Unicorn-36484.exe
1864	Unicorn-16618.exe
2328	Unicorn-26732.exe
2940	Unicorn-42514.exe
2304	Unicorn-65072.exe
768	Unicorn-45207.exe
3028	Unicorn-36846.exe
3020	Unicorn-25986.exe
3016	Unicorn-56712.exe
2168	Unicorn-9649.exe
2412	Unicorn-12342.exe
2396	Unicorn-9924.exe
2800	Unicorn-59125.exe
2316	Unicorn-12617.exe
2712	Unicorn-57734.exe
2816	Unicorn-3702.exe
2892	Unicorn-45290.exe
2928	Unicorn-34429.exe
2636	Unicorn-14008.exe
2068	Unicorn-173.exe
2652	Unicorn-50765.exe
2320	Unicorn-50765.exe
2680	Unicorn-36929.exe
2344	Unicorn-13816.exe
1484	Unicorn-6224.exe
1508	Unicorn-39643.exe
2572	Unicorn-62202.exe
340	Unicorn-16531.exe
2376	Unicorn-34813.exe
2028	Unicorn-34813.exe
1916	Unicorn-22561.exe
1604	Unicorn-39451.exe
1584	Unicorn-6800.exe
1216	Unicorn-49971.exe
616	Unicorn-51917.exe
1500	Unicorn-51917.exe
2844	Unicorn-32051.exe
2480	Unicorn-12508.exe
1516	Unicorn-25815.exe
2988	Unicorn-51066.exe
2840	Unicorn-53526.exe
1588	Unicorn-57096.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2216	2296	9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe	31
PID 2296 wrote to memory of 2216	2296	9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe	31
PID 2296 wrote to memory of 2216	2296	9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe	31
PID 2296 wrote to memory of 2216	2296	9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe	31
PID 2216 wrote to memory of 2376	2216	Unicorn-61979.exe	32
PID 2216 wrote to memory of 2376	2216	Unicorn-61979.exe	32
PID 2216 wrote to memory of 2376	2216	Unicorn-61979.exe	32
PID 2216 wrote to memory of 2376	2216	Unicorn-61979.exe	32
PID 2296 wrote to memory of 2352	2296	9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe	33
PID 2296 wrote to memory of 2352	2296	9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe	33
PID 2296 wrote to memory of 2352	2296	9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe	33
PID 2296 wrote to memory of 2352	2296	9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe	33
PID 2352 wrote to memory of 2896	2352	Unicorn-17692.exe	34
PID 2352 wrote to memory of 2896	2352	Unicorn-17692.exe	34
PID 2352 wrote to memory of 2896	2352	Unicorn-17692.exe	34
PID 2352 wrote to memory of 2896	2352	Unicorn-17692.exe	34
PID 2376 wrote to memory of 2740	2376	Unicorn-50879.exe	35
PID 2376 wrote to memory of 2740	2376	Unicorn-50879.exe	35
PID 2376 wrote to memory of 2740	2376	Unicorn-50879.exe	35
PID 2376 wrote to memory of 2740	2376	Unicorn-50879.exe	35
PID 2216 wrote to memory of 2916	2216	Unicorn-61979.exe	36
PID 2216 wrote to memory of 2916	2216	Unicorn-61979.exe	36
PID 2216 wrote to memory of 2916	2216	Unicorn-61979.exe	36
PID 2216 wrote to memory of 2916	2216	Unicorn-61979.exe	36
PID 2896 wrote to memory of 1492	2896	Unicorn-56992.exe	37
PID 2896 wrote to memory of 1492	2896	Unicorn-56992.exe	37
PID 2896 wrote to memory of 1492	2896	Unicorn-56992.exe	37
PID 2896 wrote to memory of 1492	2896	Unicorn-56992.exe	37
PID 2352 wrote to memory of 2528	2352	Unicorn-17692.exe	38
PID 2352 wrote to memory of 2528	2352	Unicorn-17692.exe	38
PID 2352 wrote to memory of 2528	2352	Unicorn-17692.exe	38
PID 2352 wrote to memory of 2528	2352	Unicorn-17692.exe	38
PID 2740 wrote to memory of 1664	2740	Unicorn-48824.exe	39
PID 2740 wrote to memory of 1664	2740	Unicorn-48824.exe	39
PID 2740 wrote to memory of 1664	2740	Unicorn-48824.exe	39
PID 2740 wrote to memory of 1664	2740	Unicorn-48824.exe	39
PID 2916 wrote to memory of 1796	2916	Unicorn-24874.exe	40
PID 2916 wrote to memory of 1796	2916	Unicorn-24874.exe	40
PID 2916 wrote to memory of 1796	2916	Unicorn-24874.exe	40
PID 2916 wrote to memory of 1796	2916	Unicorn-24874.exe	40
PID 2376 wrote to memory of 1800	2376	Unicorn-50879.exe	41
PID 2376 wrote to memory of 1800	2376	Unicorn-50879.exe	41
PID 2376 wrote to memory of 1800	2376	Unicorn-50879.exe	41
PID 2376 wrote to memory of 1800	2376	Unicorn-50879.exe	41
PID 1492 wrote to memory of 1708	1492	Unicorn-12114.exe	42
PID 1492 wrote to memory of 1708	1492	Unicorn-12114.exe	42
PID 1492 wrote to memory of 1708	1492	Unicorn-12114.exe	42
PID 1492 wrote to memory of 1708	1492	Unicorn-12114.exe	42
PID 2896 wrote to memory of 2204	2896	Unicorn-56992.exe	43
PID 2896 wrote to memory of 2204	2896	Unicorn-56992.exe	43
PID 2896 wrote to memory of 2204	2896	Unicorn-56992.exe	43
PID 2896 wrote to memory of 2204	2896	Unicorn-56992.exe	43
PID 2528 wrote to memory of 1812	2528	Unicorn-45342.exe	44
PID 2528 wrote to memory of 1812	2528	Unicorn-45342.exe	44
PID 2528 wrote to memory of 1812	2528	Unicorn-45342.exe	44
PID 2528 wrote to memory of 1812	2528	Unicorn-45342.exe	44
PID 1664 wrote to memory of 1188	1664	Unicorn-57039.exe	45
PID 1664 wrote to memory of 1188	1664	Unicorn-57039.exe	45
PID 1664 wrote to memory of 1188	1664	Unicorn-57039.exe	45
PID 1664 wrote to memory of 1188	1664	Unicorn-57039.exe	45
PID 2740 wrote to memory of 2860	2740	Unicorn-48824.exe	46
PID 2740 wrote to memory of 2860	2740	Unicorn-48824.exe	46
PID 2740 wrote to memory of 2860	2740	Unicorn-48824.exe	46
PID 2740 wrote to memory of 2860	2740	Unicorn-48824.exe	46

C:\Users\Admin\AppData\Local\Temp\9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe
"C:\Users\Admin\AppData\Local\Temp\9b50e9f15ec982756013d9f86cbcfcc94c839f0d9ac06da4ae832c3b39df9a53.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36484.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3702.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58570.exe
        10⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-765.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        12⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14499.exe
        13⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
        14⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
        15⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        16⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
        18⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45206.exe
        19⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8554.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
        10⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15906.exe
        11⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
        12⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43311.exe
        13⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
        14⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7639.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53903.exe
        16⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
        17⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe
        18⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        19⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
        11⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25268.exe
        12⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        13⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
        14⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        15⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44116.exe
        16⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe
        17⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32051.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        9⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39668.exe
        10⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
        11⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        12⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe
        13⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
        14⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
        15⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25834.exe
        16⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45290.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36178.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
        10⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
        11⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6471.exe
        12⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24749.exe
        13⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        14⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10649.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55050.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
        17⤵
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        9⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
        11⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
        12⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
        13⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55091.exe
        14⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        15⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
        16⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        17⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        18⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
        19⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 188
        20⤵
        Program crash
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51066.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        9⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        10⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5039.exe
        12⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        13⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59481.exe
        14⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
        15⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
        16⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        17⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45124.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
        9⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16342.exe
        10⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23052.exe
        11⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31687.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24884.exe
        13⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31329.exe
        14⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        15⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23473.exe
        16⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        17⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1241.exe
        18⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17851.exe
        11⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
        12⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        13⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        14⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
        16⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64963.exe
        7⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23516.exe
        9⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
        11⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
        12⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15568.exe
        13⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        14⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
        15⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
        16⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        17⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
        7⤵
        Executes dropped EXE
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
        7⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58526.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
        10⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        12⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
        13⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
        14⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44469.exe
        15⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
        16⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19140.exe
        17⤵
        
        PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34267.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
        10⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
        11⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12828.exe
        12⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50156.exe
        13⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27593.exe
        14⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        15⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 220
        16⤵
        Program crash
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
        10⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23623.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        13⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-514.exe
        14⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18652.exe
        17⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        18⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-173.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2571.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-765.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39668.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        10⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
        11⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24255.exe
        12⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
        13⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        14⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
        15⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1843.exe
        16⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39660.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39668.exe
        9⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
        10⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exe
        11⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48210.exe
        12⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe
        13⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        14⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
        15⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61718.exe
        16⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        17⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64805.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
        11⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6378.exe
        12⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35045.exe
        13⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16815.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
        15⤵
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
        6⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30449.exe
        7⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63897.exe
        8⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54992.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65490.exe
        10⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20390.exe
        11⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        13⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
        14⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 368
        15⤵
        Program crash
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
        9⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
        10⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31075.exe
        12⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        13⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        15⤵
        
        PID:1272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24874.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50765.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        9⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11271.exe
        10⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
        11⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50156.exe
        12⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
        13⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
        14⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56316.exe
        15⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        16⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2571.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        9⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
        10⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        11⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        12⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
        13⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        14⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
        15⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        16⤵
        
        PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
        7⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43469.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
        9⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        10⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30644.exe
        11⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47099.exe
        12⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44510.exe
        13⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12024.exe
        14⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
        15⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
        16⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-561.exe
        17⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14156.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        10⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34100.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
        12⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
        14⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49544.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12626.exe
        16⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31146.exe
        10⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
        11⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        12⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51381.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
        14⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11298.exe
        15⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46166.exe
        16⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29768.exe
        6⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63889.exe
        7⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        10⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe
        11⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
        13⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
        14⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4562.exe
        15⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
        16⤵
        
        PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55430.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22561.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
        7⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
        10⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
        11⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        12⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43311.exe
        13⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        14⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16768.exe
        15⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40089.exe
        16⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        17⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        18⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
        12⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-327.exe
        13⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6949.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        17⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
        18⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2615.exe
        9⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        10⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        11⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
        12⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20390.exe
        13⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
        14⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
        15⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        16⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30027.exe
        17⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65024.exe
        18⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        10⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        11⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63067.exe
        12⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        13⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        15⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8065.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
        7⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        8⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        9⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50545.exe
        10⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
        11⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        12⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23094.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        14⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe
        15⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe
        16⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50381.exe
        6⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61092.exe
        7⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13959.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        10⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        11⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12875.exe
        12⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4292.exe
        13⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        14⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45782.exe
        15⤵
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39451.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61886.exe
        6⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41990.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        10⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
        11⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        12⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14733.exe
        13⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46498.exe
        14⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        15⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17385.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36408.exe
        9⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31869.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34531.exe
        12⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53903.exe
        13⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        14⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        15⤵
        
        PID:888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17692.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17692.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48736.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6079.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
        9⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54133.exe
        10⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7462.exe
        11⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exe
        12⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
        13⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13814.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27562.exe
        15⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        16⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58034.exe
        17⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38128.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24144.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40955.exe
        9⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
        10⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
        11⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40893.exe
        12⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
        13⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53607.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4463.exe
        15⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
        16⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
        17⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32371.exe
        13⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        14⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56285.exe
        15⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9663.exe
        16⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57734.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49971.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43085.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20613.exe
        10⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        11⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
        12⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12226.exe
        13⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62595.exe
        14⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40847.exe
        15⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16618.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        8⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        9⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
        10⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28105.exe
        11⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
        12⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45460.exe
        14⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        15⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
        16⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        6⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        7⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46269.exe
        9⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
        10⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52865.exe
        11⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6373.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
        14⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58117.exe
        15⤵
        
        PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11683.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64496.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9924.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63505.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe
        10⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45885.exe
        11⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
        12⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52870.exe
        13⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
        14⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
        15⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
        16⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        17⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45398.exe
        18⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        11⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17759.exe
        12⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        13⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        14⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
        15⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
        16⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40032.exe
        17⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        18⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
        14⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        15⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26078.exe
        16⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe
        17⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        13⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41843.exe
        14⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        15⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43540.exe
        16⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35751.exe
        17⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
        8⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33773.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        11⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        12⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        13⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20224.exe
        14⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43161.exe
        15⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45595.exe
        16⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52772.exe
        17⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63292.exe
        7⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14662.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10695.exe
        9⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3015.exe
        10⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15818.exe
        11⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22035.exe
        12⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52865.exe
        13⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17635.exe
        15⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        16⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55704.exe
        17⤵
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12617.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8601.exe
        6⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23651.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27299.exe
        8⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6222.exe
        10⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe
        12⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        13⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
        14⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
        15⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        16⤵
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16037.exe
        6⤵
        
        PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
        10⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
        11⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63560.exe
        12⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60649.exe
        13⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52237.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54842.exe
        15⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62595.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42876.exe
        17⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
        18⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38979.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
        8⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        10⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11126.exe
        11⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45164.exe
        12⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
        13⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31392.exe
        15⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57096.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        9⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53669.exe
        10⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        11⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50151.exe
        12⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        13⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
        14⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
        15⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26540.exe
        16⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31816.exe
        13⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45574.exe
        14⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59404.exe
        15⤵
        
        PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42234.exe
        6⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17870.exe
        7⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12444.exe
        9⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        10⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58511.exe
        11⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17619.exe
        12⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        13⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        14⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
        15⤵
        
        PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34860.exe
        6⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        10⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23898.exe
        11⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
        12⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
        13⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
        14⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
        15⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65024.exe
        16⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45010.exe
        6⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9600.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
        9⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29160.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
        12⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
        13⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
        14⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16924.exe
        15⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44163.exe
        16⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40731.exe
        12⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2128.exe
        13⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16924.exe
        14⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        15⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        16⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
        5⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
        6⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21762.exe
        7⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28558.exe
        10⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37852.exe
        11⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60597.exe
        12⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
        13⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
        14⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
        15⤵
        
        PID:1028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11263.exe

Filesize
184KB

MD5
8ee71800c8b7c2641de0c1763a2e919f

SHA1
0f0bcda9fcba8dcd78dcd8f8212801d92e6db33d

SHA256
e4e3c8387609f34f26c3347bd90d1b8de35e7ace33f9cb372a9dace7e8c24272

SHA512
b0fac357c8624192d0b7a6e6d803ec8d37bf0f390af7df474852f2b48e64ee5a97b58676139d79cf6fdb52634293e574c44637710f65fcd1877f6dc72bf4b195

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14156.exe

Filesize
184KB

MD5
92d5790a0978790d4fe59339f84f22b9

SHA1
9884e204c3001b151d1c2211515f985390b84a1f

SHA256
d532db3dedcaf141aadbeab286da8baaf4910e4869c4d4fe84eb9fd02ea393e0

SHA512
9e95d86d969072e4b99d59575b05913da20e380863ada5e5c99181b44f15a34d9cdec116c2f23651190d64993ef22959b548176d451c64ab7a5651a4219f77e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe

Filesize
184KB

MD5
34ec6b21cfa1629f6134c2885c7a1a2c

SHA1
63fbce34441fd96d1850ba4ffd5a855fc5d1b69e

SHA256
76c45b7a76ef553ac3c2af7fec4f8b5f2e3409e66710d44afcd50900064806fb

SHA512
854407a009f7a6d357a327fe7d6e0cc021f189679725ccdab137917c092b983904cacaebe8e9d8eca4aa8e50b818c0de34a7afb6e47e6b5c3c9cdc81621c3080

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17692.exe

Filesize
184KB

MD5
8e76668819b3c58b3a310635f4097bc8

SHA1
0b2e6a909ad2c63f7f0a6e6e89a0665b8e482f53

SHA256
db7afdaa7c4950a2b673f97b8fd8741dce978e4bf5b0c05fcfabd8de62c27ef5

SHA512
bdc8fc224937809fd670c677e0115c6e16a1ff1429c3f578724a8723b38525df179aa921a3820cd1aacc4a6a827788f25c9a271229343feed66d1ce9501cb1bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31973.exe

Filesize
184KB

MD5
e3d731164c8df5537b05dc3eeba665ad

SHA1
14f66c4524c3cf11cf248f927695b137b43db6ee

SHA256
34e558ac87754c057e04cb0da200fee320e0b695151d77476347fb69fee11e55

SHA512
58fba0e477222b1a747398ddc54db80eb5148aeedf03e9e7777ab8292acf653a04442b682ba52bd8ee835ba9fedb78995eae0ccc8f26898a75774b1441948f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe

Filesize
184KB

MD5
ea9140a105055964ba1353bdd26f6fad

SHA1
bbaa614d15b7be39a350ac770faffb0da55f5fcc

SHA256
65d92468ded7e9e9ffa93ba7ae1d04e0df7170ab10ceac2a26ea74b1b206f539

SHA512
9b8813621ddbe5af3a27d5b059e99523509f013d2425431821ff67f19c12568f285b0623541b99d56f1366cdf2fb843d5543c774bc323a786b0d6b6b3ffb30ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39643.exe

Filesize
184KB

MD5
dbd972f2d0d61aac054d39cbd11928c4

SHA1
4aceb817a18b109c77896cf105a0c912bff36308

SHA256
a331254689a9751274096181747026d1e99ca41945d021dec4c1db4d99b9d1c5

SHA512
00aa6bff12c5dc718382afa1b40f497a50e65c16f05066c60ab720d00d4b8c4eef01c194562c343ab74c8231a4ab093d9945a49320a8072ab0d9c2e3b953f952

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49971.exe

Filesize
184KB

MD5
da760ac867d604e4d4cedc35fc6783bd

SHA1
31cab1a360fd42e3264f9cd1c08d3024b32d1e9a

SHA256
70bbf9999246be1a922b8bf5e2566fc6fd08b7b09e6f2e024061a15137f7b205

SHA512
f266109b46f6d926bbb32002156fed03d0cfc80e602c59d5d62d1dc9b23bc84b9c93bcde455ba4c0080dc3cc97c204d821338078b952b54a237b814d2b2eef07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5517.exe

Filesize
184KB

MD5
5cc6a225b085f9638ff024444cd9811a

SHA1
b2e5692a60d1cc96a5f66d731e2acd5e53a2087b

SHA256
745c878ffed73e052ad4120985102420d62b8cb9f64bb62ef34985b785b595f3

SHA512
f51c1fc37fa694e9d42450f4c4a00e5d5d7ad31d9f403d70d8064c517a9b26a9e0ebfdaa0bf330331d02f886c4197a934703d00e367df77bcb76a2381134f522

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe

Filesize
184KB

MD5
8a10a664960537012c55361e08f5025a

SHA1
ebd2e0123fa86501ab72c6744a3999a1a4e67a67

SHA256
e9a27a21bf8261b3281fe936bc4e69d7c300f5d18dd91cad02ea2efc37e67d91

SHA512
a572e15ba4b461f2169c37c6d6f437c5f5d170c127162a9027dac0a756bf75b6c081ba6f37373864a788340546ae153ad3049a337dcc2903a144e08cfd0fce12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe

Filesize
184KB

MD5
376b4e5035edd9fb5fc0c1266d9c7011

SHA1
618e592a805fbfdd434d76356ce8889028734c8d

SHA256
8e6f3d46471b21ac4fd45c650da8ef5108e129d51102d7d18654d17c775ec7d1

SHA512
eb0451ffb31d2c578c10d4ea5206364772b022426085d9730b9f6207005690c7be9f6511dc374367fa38fda270492c92c669e3c2a4aabff0b555b73864b04a5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe

Filesize
184KB

MD5
274ee2e5636c2b20d6b561928d267ea3

SHA1
6f3d688df77b5516d412818c2250183b8f044dae

SHA256
3f05c79181ce82dcb646c8843d07ee7573fbe2100b034f8fb6f76ef1de4d0db8

SHA512
2c1f51ac173c5144cadf9470b02da9c1015b0ba5674e3c32149dd5f54ba3a6f8460083fdd05fa3f6c470d9b8cf24b1fb614b2753be03558370db90eff55e4eb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6224.exe

Filesize
184KB

MD5
59384fcdf26a2430b62b40cc7894655d

SHA1
26699cd60043f4cae3cb2e22a1b97c93d9a9b737

SHA256
d0c7e74fe5364acf6cbb62b896acbd41f63c981653021b1c9d3f4f81b01bc07c

SHA512
bdfde6ec71aa6e21e4b4fefa4f1c544f7afd3f88911514ad10561acd1c7cae960f7387065db578028ec0fb33e21a5dd0fc01ce6901df92ceac3973c9a166afc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6284.exe

Filesize
184KB

MD5
41fd45d80570d71bbec1af8f0d64a84c

SHA1
2e11fe3ca9b8a6542f3c50ec03c09b2469f6bb04

SHA256
4c0d610834aaff178282e62f09a076796108cda70aa206598c57fe1acf3795ef

SHA512
8227f38f90f34694cda75c5c7549b4bcfb5b2aa4e348c3a76b5528ee7a88f8efcca9973b6993897f7c74b0f2913211e7d1b47d534f69e48396f8a234e06fcab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6378.exe

Filesize
184KB

MD5
01b6a39a600ca792bc011aafdf12452b

SHA1
25458d854c249e9ac48f8b834c3aeb5d8f811928

SHA256
06c81fb8d81d32ffa07a1f3bce508b62dd29a40914f4371b37ac7ca198e843f5

SHA512
53ebc41ac9e2a0747ee1bbc6159533db9807263168783b137bc254f8e3bcbd0cb200e848a5d189b791d023583295ba3cff165e689d38fc5147b40b465c1bd6b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe

Filesize
184KB

MD5
f56a1869184f6313d0691b96276047f6

SHA1
c367dfca637a05917a26025068affa92bc67c0ad

SHA256
180b4b724c497d670b91533e87f260a78e04859420c2d4103a1773b13bba5d43

SHA512
ac3280b2a39a27d5aea76642944c005b0037d098502dbc99d35ac64be9ac951ba2af84cd1fa9fe195b9ed86430cf31e946fd09ee46970fb225ce0056659d75ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11683.exe

Filesize
184KB

MD5
388b92d5b43850de906827917cf40121

SHA1
9c1c68a8274f1f7f07080b01462078fd95020188

SHA256
61d92b0a3bf4df628345239d3bd615be9c60376a7064a5608fa9af090482e208

SHA512
de13cc85051122c82336946c4b92359ff472f10dd0ffddd565291852ccdc932fb4db212b7132e04e3f2284a0e7733469b30f39045fd004745da515b837140288

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe

Filesize
184KB

MD5
862eb41ecb6bd3827b988b06be1eee92

SHA1
da90221748710789299cd51d660d346e011f6c25

SHA256
f29712692a3a7df15c23c5edfcba1a8feed4a313d8ff56000990ef2c516c78d8

SHA512
3e69511ac5c9ef92bd20bdb62d793573fa42d5d04d39823e3700a1d7eb49b5a22d83190af35c50faf0d4fe009780c28fe528bb1ac6ecde94f22c423aabd7d28d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe

Filesize
184KB

MD5
20eec77f64b156b78972f8d54faff9e9

SHA1
d3fc20e88d0c6fef3d81c047bbf9d68b536f4137

SHA256
61f1a80997bfb633cedecaa336f8285c9ea8126a4804f22e66e454d666dbe4e5

SHA512
3679e7b8b94784c5d44d76b3756422c00fc70ad6e6df41b60d3eb5847b718e8a4fd12f073581dbeb11984eb77fc0211f87a962dd9e69a2d1fa0094753a8707f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2363.exe

Filesize
184KB

MD5
3e1d90c4780cf7c1443f7bd0ac599279

SHA1
3848b60f2f97ba211e89eec438ebf0ba74396fc5

SHA256
e6f90641b4d9fced1ccae1e4b9f42f6755e9605030f9d143e07e9464fb0c811a

SHA512
7feb6d647103660836901257aadae969d7aef79e083ab66ddb791e4a07af15c09c0d483d4805f1f456228b196aeb3216d0ba09992eab68bc26b9e9ced568dfb7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24874.exe

Filesize
184KB

MD5
c9e32d08cfba74016157f5c1b8c72bd8

SHA1
24e2d5f4bfa11d82469eed8ec5341891b38300f5

SHA256
3ae2938b5b9f1d596bfbdbd7036a970d4aca4961a6ff09f7b12b3f2de5019456

SHA512
71eeeebc1141889a2179d94e12efe087f3fe71547a7b4e0b6f2e83561898b3f04f7cd6f264d2ef6a16e5b6c4b5c9b529112c11720fe4c8be91d42dd448f2f0c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe

Filesize
184KB

MD5
f15a287633a7183b915ab85899f156bf

SHA1
224b4b2696fd4112674df2bccd7dae1b5dd830c1

SHA256
a911234e7e98e800438ec5964ef4170202ec4a4e28623400df8e6a862c76cac1

SHA512
331032e2fbfafc699404f81d5e5930fc51b7b3859d609cf30b292916f1f13d302a66749c3c06e4722e0eb615eaccad5f1f84bf3267381a6cc4fd9f6cb7727b7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe

Filesize
184KB

MD5
015b7cb841d510eb9c0c8670c48a1993

SHA1
c64670ee264b6262eba1fd9d0e38e7be3adf0bf3

SHA256
93778477037f06d603b91e2834b1435f35f13b35da4e136a6b4f6d78f1ba72d3

SHA512
92c9ba24ce8866e8f9a5252892a96a45d680a60b3bf4f5257300c12c3c1c9adc38e9c5f8cd379e40ae896ee2a3c9cd7525fd3936b34e25c4fa664d5a55878e70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45124.exe

Filesize
184KB

MD5
212492b61c3ed7219af9a02779eefa20

SHA1
57cee1712adc39c85b8b37c613ea2bfe286e0e08

SHA256
95773e2f0072a635b6560482290949fd1aded4f7a5594b5f0a8feb451ecb2858

SHA512
ef8237570ac806d6acccbd1454228ff7085e4ec9b9daf17eee044d9128f0b282fd209b23c18657502ea2ee1f67fdfd3aaf1c65cabda87bfc4aaa407d64daf6a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe

Filesize
184KB

MD5
8cf5fa99713aa1ef35434edd30be41bc

SHA1
a0446b5bab55c123db6fdccc6cc03160f7ab8625

SHA256
6e99b84d547ba899c9c008fecbf8b9c5c9ce57bd465146c62233ed21e6312064

SHA512
fa4ea015b70073c511666a3bff73f2dd00472599ec5380dfdceaa27b540535c406b56065c945e41d2dfa084b9578063cb1f5a7a6481b5bb65abfae32c15ca3f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe

Filesize
184KB

MD5
c3e53520be83fbd63dbce62172382705

SHA1
2644165087a463562c56f3b1db195b3d59b01cda

SHA256
b8786e167932e0583fdce790d8a81312c24c8c09a4719c50414661ac23215a7a

SHA512
782aa59fc774d34680495ecb7efef2f6f6f27091a9514521292508f809450f158907e6645c521428ece7a1810f41a1203b5ef991810bb726868fab467a0de9fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe

Filesize
184KB

MD5
0683bb617cd8a520d75cf1bc151ea18f

SHA1
2a7dcadb527828ff525f1426dc22786d9c6cbf93

SHA256
d94b3e759e19cd8268968c0be1a6b75cce8a1a7e60049513924030377d0767dc

SHA512
968ff68a382559dbd0c26684d849d90fceba49801c47fea8050dfb4e7ec265ab616eb12edb75862634d09c2b1dc4d2e2602177f8c0ce8f798f61269002270e69

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56821.exe

Filesize
184KB

MD5
33fd9b940d1d8841937c025fa62c8673

SHA1
1547fe7914221bdc0babb9c1c7c760bb7cee36f5

SHA256
4e9dbe84a2474d30950d40f9da05ea998ae93d23b4bd92e310ed01fe18c630ba

SHA512
5c3a7ce0cd74be0df9dd85be0cacdc9c80305d12f424e94ee64f2af98252078c647aa293683a252cbb687b39c32b28df368badae1d026461981232e297284fb1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe

Filesize
184KB

MD5
b6768c9fa318f40139942dc556fd03fd

SHA1
cba2631348417e649c6a342bbc494807348897b2

SHA256
d684e83f22065ea56f3f29fffcd238b6c17524eeb018056ddfc62032d81e7416

SHA512
1acd368de7fde2a9817caf4cf49689d1c7e6881e0a763673010eb063984d08abb528f0b413ac748f9cf7a5b7c11310fa9f53cb43b9a27c5e3cfc8bc782d97434

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe

Filesize
184KB

MD5
7e28240f96f8009b184108cd3586b7d5

SHA1
4cd0123edf94fd3c8762653f98d03e5d0ebd7cc1

SHA256
c42c3519b761831339c86ec213628006b9e6d982c6e4b5e4057b86e4e04cfefa

SHA512
cc1e83726ad152edda805c5b6507b99b99ae9b9e9ff2a608d2f0bda55ee3150d63b764115dedcbc2fcacc4be15e1122c9386980a8d413a6228e2c78d58975994

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe

Filesize
184KB

MD5
3eab2873765f398bdc93ea5c56e36178

SHA1
a6e1c540491ff3388179d0feff426e69b013372c

SHA256
23503a11c7cc08d8a8eb0fed6722be5fc322324b4167880d5bcc0de3f097d7a2

SHA512
3addd2c5ce83bb0a09a64b40f787b37fede0136e37b25fb1a4c7c64bc1a4e0e451ef31a842594630dc59bc8cafed8a5126d2e64d3dc7a1850238063c7bb2adbb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-822.exe

Filesize
184KB

MD5
cc65243c9d23d84822fcc93ee8efd9d0

SHA1
e7f0f0c56e62df0f0374c64cda6e0ba9edef5fb4

SHA256
887654c31100e7da1b1d3079f82710dd2f14337ff5b35e026a269f20826f7541

SHA512
a7e83367a1638cd1e4db0177f36ec7817b56d51cc82524355178dfb0e297785a9393bdfb616501115d137bed957c4c4ce5ae99a2fc104c7023621988ab8619d4

Download Submit
memory/2496-1502-0x00000000779E0000-0x0000000077ADA000-memory.dmp

Filesize
1000KB

Download
memory/2496-1501-0x00000000778C0000-0x00000000779DF000-memory.dmp

Filesize
1.1MB

Download