87580cff61eeeb9e78f39329be819f6908caf328ed85f3eeba6772a325707e68

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-09-2024 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe
Size

184KB
MD5

bf25ae8e196c79276499ae9c2dc0dcab
SHA1

c8ce05b6b23c482f806278d478f77591a763b90a
SHA256

54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474
SHA512

60239bd9d6f4ab5685b1bd537598eb1174b03f29322e39de35caaec445f1f27ce3420213be1e2bcb331dbb002745ec03b73bd227a83b0a6e782f664ecd2ed234
SSDEEP

3072:sqtGok4yCgUDpjred4DQU8glEPrbeMrbl4xrn3MHmKxvwF7:sqkoUzsp+dqQU8g2KKmKxvwF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1812	Unicorn-33326.exe
2848	Unicorn-25324.exe
2732	Unicorn-26947.exe
2740	Unicorn-14825.exe
2628	Unicorn-30607.exe
2660	Unicorn-38775.exe
3064	Unicorn-44094.exe
2100	Unicorn-40564.exe
1644	Unicorn-3061.exe
1492	Unicorn-60985.exe
1996	Unicorn-15313.exe
2908	Unicorn-57581.exe
2116	Unicorn-58136.exe
1328	Unicorn-22133.exe
2584	Unicorn-33316.exe
1672	Unicorn-13450.exe
3008	Unicorn-53736.exe
600	Unicorn-55360.exe
1376	Unicorn-33207.exe
1764	Unicorn-35297.exe
1840	Unicorn-43465.exe
2376	Unicorn-18215.exe
984	Unicorn-54971.exe
3028	Unicorn-2241.exe
2984	Unicorn-26191.exe
1940	Unicorn-22661.exe
1632	Unicorn-42527.exe
1740	Unicorn-54779.exe
2208	Unicorn-59418.exe
2080	Unicorn-13746.exe
2364	Unicorn-35978.exe
2916	Unicorn-28364.exe
2776	Unicorn-3113.exe
2828	Unicorn-23534.exe
2620	Unicorn-35786.exe
2196	Unicorn-32256.exe
1812	Unicorn-64374.exe
2572	Unicorn-60845.exe
2508	Unicorn-35594.exe
1788	Unicorn-44317.exe
1924	Unicorn-35402.exe
1060	Unicorn-2537.exe
1252	Unicorn-6621.exe
2968	Unicorn-20964.exe
1440	Unicorn-65334.exe
1332	Unicorn-45469.exe
2580	Unicorn-56097.exe
1748	Unicorn-352.exe
2960	Unicorn-40877.exe
2496	Unicorn-28110.exe
1668	Unicorn-15111.exe
1784	Unicorn-60783.exe
892	Unicorn-7498.exe
1532	Unicorn-37622.exe
1052	Unicorn-57488.exe
2500	Unicorn-8842.exe
768	Unicorn-28708.exe
1524	Unicorn-16264.exe
3068	Unicorn-36684.exe
2804	Unicorn-57659.exe
2156	Unicorn-28324.exe
2864	Unicorn-61551.exe
2648	Unicorn-16434.exe
1572	Unicorn-13139.exe

Loads dropped DLL 64 IoCs

pid	Process
2088	54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe
2088	54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe
1812	Unicorn-33326.exe
1812	Unicorn-33326.exe
2088	54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe
2088	54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe
2848	Unicorn-25324.exe
1812	Unicorn-33326.exe
1812	Unicorn-33326.exe
2848	Unicorn-25324.exe
2732	Unicorn-26947.exe
2732	Unicorn-26947.exe
2628	Unicorn-30607.exe
2628	Unicorn-30607.exe
2848	Unicorn-25324.exe
2848	Unicorn-25324.exe
2740	Unicorn-14825.exe
2740	Unicorn-14825.exe
2732	Unicorn-26947.exe
2732	Unicorn-26947.exe
2660	Unicorn-38775.exe
2660	Unicorn-38775.exe
3064	Unicorn-44094.exe
3064	Unicorn-44094.exe
2628	Unicorn-30607.exe
2628	Unicorn-30607.exe
2100	Unicorn-40564.exe
2100	Unicorn-40564.exe
1492	Unicorn-60985.exe
1492	Unicorn-60985.exe
2740	Unicorn-14825.exe
2740	Unicorn-14825.exe
1996	Unicorn-15313.exe
1996	Unicorn-15313.exe
2660	Unicorn-38775.exe
2660	Unicorn-38775.exe
2908	Unicorn-57581.exe
2908	Unicorn-57581.exe
3064	Unicorn-44094.exe
3064	Unicorn-44094.exe
1644	Unicorn-3061.exe
1644	Unicorn-3061.exe
2116	Unicorn-58136.exe
2116	Unicorn-58136.exe
1328	Unicorn-22133.exe
1328	Unicorn-22133.exe
2100	Unicorn-40564.exe
2100	Unicorn-40564.exe
2584	Unicorn-33316.exe
2584	Unicorn-33316.exe
1492	Unicorn-60985.exe
1492	Unicorn-60985.exe
600	Unicorn-55360.exe
600	Unicorn-55360.exe
3008	Unicorn-53736.exe
3008	Unicorn-53736.exe
1996	Unicorn-15313.exe
1996	Unicorn-15313.exe
1672	Unicorn-13450.exe
1672	Unicorn-13450.exe
1376	Unicorn-33207.exe
1376	Unicorn-33207.exe
2908	Unicorn-57581.exe
2908	Unicorn-57581.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2784	1848	WerFault.exe	137
2712	1844	WerFault.exe	437
3004	988	WerFault.exe	408
2756	2760	WerFault.exe	447

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64130.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6343.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22133.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47149.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-352.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23895.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50896.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18020.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33899.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2088	54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe
1812	Unicorn-33326.exe
2848	Unicorn-25324.exe
2732	Unicorn-26947.exe
2628	Unicorn-30607.exe
2740	Unicorn-14825.exe
2660	Unicorn-38775.exe
3064	Unicorn-44094.exe
2100	Unicorn-40564.exe
1644	Unicorn-3061.exe
1492	Unicorn-60985.exe
1996	Unicorn-15313.exe
2908	Unicorn-57581.exe
2116	Unicorn-58136.exe
1328	Unicorn-22133.exe
2584	Unicorn-33316.exe
1672	Unicorn-13450.exe
3008	Unicorn-53736.exe
600	Unicorn-55360.exe
1376	Unicorn-33207.exe
1764	Unicorn-35297.exe
1840	Unicorn-43465.exe
2376	Unicorn-18215.exe
984	Unicorn-54971.exe
2984	Unicorn-26191.exe
3028	Unicorn-2241.exe
1940	Unicorn-22661.exe
1632	Unicorn-42527.exe
1740	Unicorn-54779.exe
2208	Unicorn-59418.exe
2080	Unicorn-13746.exe
2916	Unicorn-28364.exe
2364	Unicorn-35978.exe
2776	Unicorn-3113.exe
2828	Unicorn-23534.exe
2620	Unicorn-35786.exe
2196	Unicorn-32256.exe
1812	Unicorn-64374.exe
2572	Unicorn-60845.exe
2508	Unicorn-35594.exe
1788	Unicorn-44317.exe
1924	Unicorn-35402.exe
1252	Unicorn-6621.exe
1060	Unicorn-2537.exe
2968	Unicorn-20964.exe
2580	Unicorn-56097.exe
1332	Unicorn-45469.exe
1440	Unicorn-65334.exe
1748	Unicorn-352.exe
2960	Unicorn-40877.exe
2496	Unicorn-28110.exe
1784	Unicorn-60783.exe
1668	Unicorn-15111.exe
892	Unicorn-7498.exe
1532	Unicorn-37622.exe
1052	Unicorn-57488.exe
2500	Unicorn-8842.exe
768	Unicorn-28708.exe
1524	Unicorn-16264.exe
3068	Unicorn-36684.exe
2804	Unicorn-57659.exe
2156	Unicorn-28324.exe
2864	Unicorn-61551.exe
2648	Unicorn-16434.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 1812	2088	54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe	30
PID 2088 wrote to memory of 1812	2088	54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe	30
PID 2088 wrote to memory of 1812	2088	54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe	30
PID 2088 wrote to memory of 1812	2088	54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe	30
PID 1812 wrote to memory of 2848	1812	Unicorn-33326.exe	31
PID 1812 wrote to memory of 2848	1812	Unicorn-33326.exe	31
PID 1812 wrote to memory of 2848	1812	Unicorn-33326.exe	31
PID 1812 wrote to memory of 2848	1812	Unicorn-33326.exe	31
PID 2088 wrote to memory of 2732	2088	54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe	32
PID 2088 wrote to memory of 2732	2088	54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe	32
PID 2088 wrote to memory of 2732	2088	54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe	32
PID 2088 wrote to memory of 2732	2088	54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe	32
PID 1812 wrote to memory of 2740	1812	Unicorn-33326.exe	34
PID 1812 wrote to memory of 2740	1812	Unicorn-33326.exe	34
PID 1812 wrote to memory of 2740	1812	Unicorn-33326.exe	34
PID 1812 wrote to memory of 2740	1812	Unicorn-33326.exe	34
PID 2848 wrote to memory of 2628	2848	Unicorn-25324.exe	33
PID 2848 wrote to memory of 2628	2848	Unicorn-25324.exe	33
PID 2848 wrote to memory of 2628	2848	Unicorn-25324.exe	33
PID 2848 wrote to memory of 2628	2848	Unicorn-25324.exe	33
PID 2732 wrote to memory of 2660	2732	Unicorn-26947.exe	35
PID 2732 wrote to memory of 2660	2732	Unicorn-26947.exe	35
PID 2732 wrote to memory of 2660	2732	Unicorn-26947.exe	35
PID 2732 wrote to memory of 2660	2732	Unicorn-26947.exe	35
PID 2628 wrote to memory of 3064	2628	Unicorn-30607.exe	36
PID 2628 wrote to memory of 3064	2628	Unicorn-30607.exe	36
PID 2628 wrote to memory of 3064	2628	Unicorn-30607.exe	36
PID 2628 wrote to memory of 3064	2628	Unicorn-30607.exe	36
PID 2848 wrote to memory of 2100	2848	Unicorn-25324.exe	37
PID 2848 wrote to memory of 2100	2848	Unicorn-25324.exe	37
PID 2848 wrote to memory of 2100	2848	Unicorn-25324.exe	37
PID 2848 wrote to memory of 2100	2848	Unicorn-25324.exe	37
PID 2740 wrote to memory of 1644	2740	Unicorn-14825.exe	38
PID 2740 wrote to memory of 1644	2740	Unicorn-14825.exe	38
PID 2740 wrote to memory of 1644	2740	Unicorn-14825.exe	38
PID 2740 wrote to memory of 1644	2740	Unicorn-14825.exe	38
PID 2732 wrote to memory of 1492	2732	Unicorn-26947.exe	39
PID 2732 wrote to memory of 1492	2732	Unicorn-26947.exe	39
PID 2732 wrote to memory of 1492	2732	Unicorn-26947.exe	39
PID 2732 wrote to memory of 1492	2732	Unicorn-26947.exe	39
PID 2660 wrote to memory of 1996	2660	Unicorn-38775.exe	40
PID 2660 wrote to memory of 1996	2660	Unicorn-38775.exe	40
PID 2660 wrote to memory of 1996	2660	Unicorn-38775.exe	40
PID 2660 wrote to memory of 1996	2660	Unicorn-38775.exe	40
PID 3064 wrote to memory of 2908	3064	Unicorn-44094.exe	41
PID 3064 wrote to memory of 2908	3064	Unicorn-44094.exe	41
PID 3064 wrote to memory of 2908	3064	Unicorn-44094.exe	41
PID 3064 wrote to memory of 2908	3064	Unicorn-44094.exe	41
PID 2628 wrote to memory of 2116	2628	Unicorn-30607.exe	42
PID 2628 wrote to memory of 2116	2628	Unicorn-30607.exe	42
PID 2628 wrote to memory of 2116	2628	Unicorn-30607.exe	42
PID 2628 wrote to memory of 2116	2628	Unicorn-30607.exe	42
PID 2100 wrote to memory of 1328	2100	Unicorn-40564.exe	43
PID 2100 wrote to memory of 1328	2100	Unicorn-40564.exe	43
PID 2100 wrote to memory of 1328	2100	Unicorn-40564.exe	43
PID 2100 wrote to memory of 1328	2100	Unicorn-40564.exe	43
PID 1492 wrote to memory of 2584	1492	Unicorn-60985.exe	44
PID 1492 wrote to memory of 2584	1492	Unicorn-60985.exe	44
PID 1492 wrote to memory of 2584	1492	Unicorn-60985.exe	44
PID 1492 wrote to memory of 2584	1492	Unicorn-60985.exe	44
PID 2740 wrote to memory of 1672	2740	Unicorn-14825.exe	45
PID 2740 wrote to memory of 1672	2740	Unicorn-14825.exe	45
PID 2740 wrote to memory of 1672	2740	Unicorn-14825.exe	45
PID 2740 wrote to memory of 1672	2740	Unicorn-14825.exe	45

C:\Users\Admin\AppData\Local\Temp\54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe
"C:\Users\Admin\AppData\Local\Temp\54840d8eae8572f48fa8ca1ff5455db8932790062c36e23ad6eb5375036d2474.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33326.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33326.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35978.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        9⤵
        Executes dropped EXE
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
        10⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
        11⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53952.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
        13⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        14⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        15⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        16⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62352.exe
        17⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63857.exe
        18⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        19⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
        20⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62378.exe
        18⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27112.exe
        19⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43024.exe
        9⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22224.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        11⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44492.exe
        12⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        13⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        14⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14139.exe
        15⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28149.exe
        16⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        17⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
        18⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28814.exe
        19⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55301.exe
        12⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17098.exe
        15⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        16⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41164.exe
        17⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        18⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60915.exe
        19⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65254.exe
        9⤵
        
        PID:1848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
        10⤵
        Program crash
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28364.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
        10⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        11⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38794.exe
        12⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        14⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        15⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        16⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe
        17⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22103.exe
        18⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1032.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        10⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14616.exe
        11⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27435.exe
        12⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        13⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
        14⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        15⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        16⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31253.exe
        17⤵
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35297.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11210.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58067.exe
        10⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15769.exe
        11⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47663.exe
        12⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        13⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        14⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41164.exe
        15⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18916.exe
        15⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23915.exe
        16⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
        17⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53080.exe
        10⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
        11⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        12⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
        13⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        14⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        15⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43623.exe
        16⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        17⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
        18⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
        13⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        14⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
        15⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
        16⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        8⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3469.exe
        9⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
        10⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        11⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16885.exe
        12⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18380.exe
        13⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20587.exe
        14⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33427.exe
        15⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19520.exe
        16⤵
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18215.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40877.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        9⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
        10⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        11⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        12⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5364.exe
        14⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        15⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        17⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60168.exe
        18⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62151.exe
        11⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        12⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        13⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16133.exe
        14⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58071.exe
        16⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35482.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13058.exe
        18⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
        17⤵
        Program crash
        
        PID:2756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 236
        16⤵
        Program crash
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30497.exe
        8⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
        9⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        10⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9572.exe
        11⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        12⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24114.exe
        13⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
        14⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-515.exe
        15⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
        16⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37563.exe
        17⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        18⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46471.exe
        8⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6214.exe
        9⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe
        10⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59930.exe
        11⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        12⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41742.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        14⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14443.exe
        15⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
        8⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
        10⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
        11⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43257.exe
        12⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13973.exe
        13⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20466.exe
        14⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60873.exe
        15⤵
        
        PID:1844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 200
        16⤵
        Program crash
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14242.exe
        9⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        10⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        11⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
        12⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        13⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
        14⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14085.exe
        15⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35482.exe
        16⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        17⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-552.exe
        18⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6343.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47989.exe
        8⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30382.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43205.exe
        10⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        11⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
        12⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        13⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13968.exe
        14⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
        15⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
        16⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
        17⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
        18⤵
        
        PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22133.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64374.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        10⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
        11⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        12⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
        13⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        14⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        15⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
        16⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39566.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62389.exe
        18⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60783.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13414.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41752.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        12⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
        13⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28149.exe
        14⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        15⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        16⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        17⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33796.exe
        18⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60845.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28708.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        8⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        9⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        10⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        11⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        12⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe
        13⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30995.exe
        14⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21844.exe
        15⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47666.exe
        16⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        17⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
        18⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
        19⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
        7⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3988.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18706.exe
        9⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8.exe
        10⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
        11⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35292.exe
        12⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
        13⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
        14⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe
        15⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
        16⤵
        
        PID:348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2241.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7498.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22159.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44061.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
        10⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        11⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18380.exe
        12⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
        14⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        15⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe
        16⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1299.exe
        15⤵
        
        PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3061.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43465.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23534.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15111.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        8⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
        9⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
        10⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
        11⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57507.exe
        12⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23735.exe
        13⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30995.exe
        14⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25736.exe
        15⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        17⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        18⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6592.exe
        18⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
        11⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
        12⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        13⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        14⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        15⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
        16⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        18⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe
        14⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        15⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52560.exe
        16⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        17⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16049.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        10⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        13⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        14⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
        15⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        16⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26401.exe
        18⤵
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34795.exe
        7⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23895.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55083.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8150.exe
        11⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25598.exe
        12⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45686.exe
        13⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
        14⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
        15⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1465.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
        17⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        18⤵
        
        PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        9⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        10⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        11⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1861.exe
        12⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        13⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        14⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43022.exe
        15⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        16⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1512.exe
        17⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
        18⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        17⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56386.exe
        11⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
        12⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6542.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        14⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        15⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        16⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42090.exe
        6⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52234.exe
        7⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53952.exe
        9⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27445.exe
        10⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25074.exe
        12⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
        13⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
        14⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19452.exe
        15⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57547.exe
        16⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        17⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        18⤵
        
        PID:1280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45469.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        6⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22032.exe
        7⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        9⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62546.exe
        10⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60351.exe
        11⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        12⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        13⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
        14⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
        15⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17111.exe
        16⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9846.exe
        15⤵
        
        PID:3036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2537.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36684.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        9⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        10⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9406.exe
        11⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31197.exe
        12⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        13⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43800.exe
        14⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        15⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        16⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
        17⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57659.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18075.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25540.exe
        9⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18519.exe
        10⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26703.exe
        11⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28016.exe
        12⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11866.exe
        13⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
        14⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        15⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56924.exe
        16⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48040.exe
        17⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        18⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        19⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63096.exe
        13⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        14⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        15⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
        16⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
        17⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27480.exe
        18⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        19⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59806.exe
        14⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
        15⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        16⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25965.exe
        17⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
        8⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
        9⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30382.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3132.exe
        11⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
        12⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
        13⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42723.exe
        14⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        15⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-297.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34688.exe
        16⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
        17⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11860.exe
        9⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16480.exe
        10⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        11⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
        12⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
        13⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55551.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42695.exe
        15⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53136.exe
        16⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe
        17⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35402.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64130.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        9⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15717.exe
        10⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32432.exe
        11⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40268.exe
        12⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57751.exe
        13⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14679.exe
        14⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61070.exe
        15⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
        16⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16702.exe
        17⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        6⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47439.exe
        7⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37102.exe
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe
        10⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        11⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34363.exe
        12⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32083.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22836.exe
        15⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20262.exe
        16⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
        15⤵
        
        PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42527.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65334.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        7⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        9⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        10⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36900.exe
        11⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
        12⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
        14⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        15⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3494.exe
        16⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60915.exe
        17⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
        17⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46175.exe
        6⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19811.exe
        7⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41036.exe
        10⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        11⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
        12⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42072.exe
        13⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56924.exe
        14⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        15⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
        17⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-352.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60985.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33316.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26191.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35594.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57488.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
        8⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
        9⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe
        10⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
        11⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
        12⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19132.exe
        13⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        14⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        16⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25581.exe
        17⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61294.exe
        18⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        7⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40408.exe
        10⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
        11⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
        12⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13392.exe
        14⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64599.exe
        15⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47895.exe
        17⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7408.exe
        10⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37658.exe
        11⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58024.exe
        13⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        14⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        15⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64117.exe
        16⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-464.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        9⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25032.exe
        10⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63314.exe
        11⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
        12⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        13⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62160.exe
        14⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45819.exe
        15⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
        15⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
        16⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62062.exe
        17⤵
        
        PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        6⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4372.exe
        7⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63075.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44907.exe
        10⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19262.exe
        11⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        12⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
        14⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        15⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39966.exe
        16⤵
        
        PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14182.exe
        7⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
        9⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44103.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61067.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        12⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe
        13⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
        14⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27864.exe
        15⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        16⤵
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
        8⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        9⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13916.exe
        10⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
        11⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1968.exe
        12⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22462.exe
        13⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64999.exe
        14⤵
        
        PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        6⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
        7⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
        9⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41389.exe
        10⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-761.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        12⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
        13⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
        14⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        15⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9292.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63527.exe
        11⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        12⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55134.exe
        13⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15313.exe

Filesize
184KB

MD5
878040155927d820002a65e689fc8248

SHA1
cd0073b788855014924e79752da4288847eff9a3

SHA256
c89c729e2a4918a7748dd8a45b4bb7618ae74da5ca29332a1c465a08c1683d6f

SHA512
d002aa6bda1f7d456c1f1dfc4951126ad8c6862fb87e34e3255aaba3bcf046cc5a66bd1dd078e4b6f63e5fce26e0e8291eddb4f2b972afb75641a922dd777191

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22133.exe

Filesize
184KB

MD5
f40f9416beb6c1d112630522ea8fe44b

SHA1
636329752bac479f1bd69337599710e472103242

SHA256
fa318ce2a16f51ab28d95758d7377297f423609190d1c31e77906d94f6696be7

SHA512
e2e2aa8c3301ce5bd5845a7cb46566357553d2a99f6ea1b822f39c7430562031413101880a9eea8a1f5e49585f44458163bedb7b247cf13a62b31961b1f53205

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3061.exe

Filesize
184KB

MD5
8ee3efaf951de82354bf81f0bac26542

SHA1
2ad107021279bcb4c994113953f160b35caf15b4

SHA256
c097477c00137eaa7c6fee61ba4aa5d834d5cbcd403ad5f3b543d6b502b7aed0

SHA512
b13d6f213bff9f31faf50c398a48a9c55a1612d5ba843fb41c68c7b693459ade72a031513850352f5ef0973532ea02cddb5cc41253c272fa5ae94540b80793b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe

Filesize
184KB

MD5
5681a2824f0750977a75dcea6ce1fc85

SHA1
0fbc9f995cb92b0ba62742f3187ce171397b3ed3

SHA256
5077b69ccca0c9e6c32a5f5c01d125d91fd0dcb862a00d101f37e7a1b65af9e6

SHA512
dbf89f355372f7f43ca24bbacb30775713a0ae31257608ae3ac0a7068639d0cb25b58a1bed3f2cb52dd5213648b42063a2739ceeb11f3bb623d1d304a4e88cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe

Filesize
184KB

MD5
a261af65a1ba7035e8b5dec0784e1870

SHA1
68658b25f900799b50ca31083ac1a82ae029254a

SHA256
1f826e48104e5643f21d96c39cdd9a51efc4dd727e3dc39280142b7be7a0bf10

SHA512
2cdbabb98496f4d78e473ca5f94076f247b70f6d20625d4111f190a1f5f4fb03d25ca6ff8f7f36704e282411a1b677d9a329fc9404781752f4d5733dc83d3c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe

Filesize
184KB

MD5
db7e1c76ceef7086b666c44c11485c56

SHA1
fe7842a1488f6236ee5cbaeaa038021e6459e091

SHA256
6bf22626ede5e9407e8277a6a3c19ee3b3ea39949f3b9a784cb8205d28e99d4c

SHA512
da613e016baed654852b8037e2a4c7b299ddecf933ba4bccf2270e9f71c2b488450810ccf4003baf675e97f972629160869ad8e4393008620c91488550d8d87c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe

Filesize
184KB

MD5
5bd74f81de70437984a5b1bea6abe419

SHA1
3e13e5d77ecde7601cfaca700912acbdfa282750

SHA256
0e895978794a36156e0a8f32df028ec85f0903c86394cff4c90293d1b4bc0a5c

SHA512
43aa5df9ce4c2c0b6896f356ffdea8f0e22ca24e7244f8ca4164c3372cd461d515a088235cd2a6d0cbbb63645876a8d08558d93e10e6be5c768a418231a068fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40564.exe

Filesize
184KB

MD5
1b79e696404cb75096a068d049abf701

SHA1
5ed273f61d47282ec8d6e9457bc320399f689145

SHA256
404b9b4731a159998850f98e542649e3d389fdd1763ed8e87d31049824ebac47

SHA512
a544045b31e90c4dc9225010653b326479871c8972a6b347e55bf4ca3f8d73b123274439ecff13bc33a1bf677573908ce688525e27eef41c246e0de4828196e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5736.exe

Filesize
184KB

MD5
b05eb510d6057238ddbcd6d0733422e4

SHA1
64d33201e94fcbd0504de1532ccd858f1cbe2679

SHA256
47cfcaae8f9090d3bdf79df2da1a0be39a0a1ad930f0abd326c2720c632287e1

SHA512
117cfbc42664689d94155cdf4d6fe3c472dbd09cdee906b1f0834613aa7b258292df0b699a32527d311e8bddbb1ea2c3d297710e9f6652422c05145ac39aeb17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6214.exe

Filesize
184KB

MD5
4c278b787d3043201121afbb414eccaa

SHA1
e70681eab7a52c94352bba64f35a0cb31ccf81c8

SHA256
291e726e2ad25fb8feb3ae6c1fef9c31f9450f854b13dc4a7be1f7ca2e2ad4c3

SHA512
e0c685f23635e36573b06ecac2fb109ccf12ec56bdc681fd17b3844ed8eab1a5f9a3328d13a1e8b67406b26ea00c73f29f28de41a0dc2da345c0ae70ea4b5910

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe

Filesize
184KB

MD5
54bd85c18958210807e9551ea29b3a4f

SHA1
e9e58ac43bcd660b22504966d5077c5008375e18

SHA256
1ec088cc19560fc0741ffb3c8b09fe07f0bb555652a7e6270897b22e0502389e

SHA512
dececef9fb21affe937f179bc396e5b5cf5166fe2f34affff6fd5a81f2aa5743cfcad795fbb0716747c758a41c5ac726c51dd76402c120ff63415f4a7dc61e82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe

Filesize
184KB

MD5
5abb774ca26eba1d5f4bc6bba1bad35b

SHA1
72971d973602773858e770613b0d6866e408c201

SHA256
0919ce07dc3f5dfa05cb3a68eb5a2703af43fd1ecc04310ec70403b445581097

SHA512
bda086f57e446150f885c711401b2a011ce7895de8007ea10b71b1d4f49e556c6bc5705a3f8be0d3dcec84711e4e08e410a2e320c9949a2ecd64702d55bf92ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe

Filesize
184KB

MD5
9dcf48aa7a767fcdfb1731459a460ff2

SHA1
e80341b28a44b85ff025facad3d08ac0204c2153

SHA256
7b07eb06e90f6a5ac9f92b8e68273f9c6e3fb89b33caf1a9e492a826135bf679

SHA512
f4c2536272292abee219f6a5c38fd908c0d9c2578dce1a72b8ea6cbd006dc5211e63e8d0338cbf240c90fcd48ae2844b0c354121b1a2429b53ffe433f07007e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe

Filesize
184KB

MD5
bc2e8d7452ec0d3c79cc9e2fa90a4525

SHA1
a5125a2f90a652ddc43185247b0d0bac83c00060

SHA256
1881f95b067113985b219d05dca6cdfccbe488fb7e2cb7d219c5e0947124548e

SHA512
76fe0394850ec15713826c82a3c6c474353c83a9c7f0f2da393953bda4c639c594518b4c660ed7bdbf7c0dd780567224d323ec77f89f10762a4bcf676f54a89f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe

Filesize
184KB

MD5
21ab3d416aa9f3fdd7e5fa29c22807c4

SHA1
6866fc0bd79ebddc05b5e69852d78dc4018172af

SHA256
0a21306667ad7f980b5f85e0b993787e95c92981fc4d6fbc0e6d6e1babe6adab

SHA512
d9bc235c91c3196c104c8a0dc5ab8f18a5a3d61c196181cc0a4bd3f829587e927eadaaa6fdd1c088483c64f89b229b750ffd9f9192fab9e9f0eec0d0be20ba39

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe

Filesize
184KB

MD5
5223a6d59a0c8c60109c6c0f19cacde3

SHA1
b61cdf1adafbecae0f30c3aee23b15efaf240949

SHA256
2f85dcedb9bd62b717e9b8ba5275f9275fc014a071fd555aef2afa4dca65e124

SHA512
73e1db8460c4d9c6531a451d0da9634cc844e7dca1ff771579ddf033116a8904711c41116a6da096e642d7457e126d23b9eeb84f3a47bde00044cbdacf3a3256

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33316.exe

Filesize
184KB

MD5
139cc4a4360094cd6e08d297065359ad

SHA1
c9ae5f5c4bafd201d06718cc96ba48309bb16e20

SHA256
e8a2dc3b369f17895f9d20a604d7391db8089cd21e36437ec1d8015a2ec65a37

SHA512
fe8eb28d71cccdb1967c6ea150cadfa3b0a92239dc7ec123c886e3ec48bc8985972a32349d7096ff25dead8e9b5ffa600d0f60afc48fe95a0c2cb22c5659756c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33326.exe

Filesize
184KB

MD5
ec1495734d163b16af592ce35436ccc6

SHA1
bd1fa7244ab5d43a5bf58a94fe9656917fa71d23

SHA256
e00f5ae26691e272b9f3b12996af8bf7423b6f0a658777491fec7f5f59911174

SHA512
c9e133a157dfb17f246c8ce50c178f9b643befd1e1dde1ac497baaf9201f61514391d33290b701b56010ae256779b9bc722050e446a1f29206d83f0346d7c705

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe

Filesize
184KB

MD5
33d0ad2be03e2807c018cb04e51ba354

SHA1
a2d82bc5deff3c99231f86467f66c51177c000a0

SHA256
6216016a8c891951d86180d27d96593097d2ea5f810ff6cdc43cbb94c9d9ad83

SHA512
aadb5cf9dc437712640b18a71b20972ad99c91773d6dd86ccd4f010b57e97a01c1f28cb98af8a1f9de1a3e64c8a569b359e538b2c4b5ac2c74d0d60657cb07ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe

Filesize
184KB

MD5
f40c4e7e35df4137d9e008ff816d4ead

SHA1
6bdeab33a497aaca2d9d67f0f946cd137627c2d2

SHA256
03a649d9a4e76eeed277098732954abd2440365f0d5be771a7561ac43b97b9f1

SHA512
22a472dde7ffced829a5adbdc19a6428ac28113207ba1666f4dd6dafef1734447690abce5d0d8028cb09e31a98fff1caf12e3dd235c321a3f7d7825a68cb5b43

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe

Filesize
184KB

MD5
ed4df3b4ba7a784313e9c9c0b23858e0

SHA1
c8d379b2ae0ed803e9a341d72ec7fc2ee70541b5

SHA256
b1b9c38d27b202e2a965f6046e8f03ad07e94b4c00a309695fb68d1fe12d258b

SHA512
677b3490861ca0602c6964aa0e055659374801148b645f5c06e5e038df03b1149cea239767b3a1b1aa3032c97e00e59581d5a07a1ef2e525d7440bb484ca4c63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe

Filesize
184KB

MD5
cb79b316960c6b0759e57dfe656c429c

SHA1
558e7ea83f52866b4119edc19512c65636fbb5ff

SHA256
688b8b65d804887d81d5877b546972152c4bc346e7403fcda9f2676c72537b7b

SHA512
eda78c1516d41b48828477ecff89e9b868a46515814babf70e39e7399c92783d93598fb417f0ec8921b43cd2e11a8e94ecee83b2abeef883c6888abe30e659d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe

Filesize
184KB

MD5
8568a4394b55e7d76dadcd1316079caf

SHA1
85b6e10a26afb2f4e9009b56a9f5ab883a79b0a8

SHA256
50e70ee58d6e8b3481f11bec3cc5681755e18bc5546b273988ced97f9006cbe7

SHA512
846fb70c0820761c6885f2490293c1b4ba2341b0260094994c52acd166d18bfe23b209e3e01b44e28bba428e1c3aacb34f6eace3391c1c3defabdf85ce67dc87

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60985.exe

Filesize
184KB

MD5
c166dab4bb3ef9303188e2266cc0c13f

SHA1
6490b1456966f0c082c0f153a0a7d408ec70e6ed

SHA256
325d66e28b435955736361b161395022abaa28865b4ffc33d735af7041bec892

SHA512
ba35fcc1486e659f399a81b7501e3e7e8b97e1cf99965cb1bee16b45ee14cb655616fe744a4a4c0e2aa17fb4703448a91562f724302c6c6635a63951bf914296

Download Submit