6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22

Analysis

max time kernel
150s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe
Size

192KB
MD5

b80e6ac7eeab4812b32f4fdc654791bf
SHA1

61faa03fab756bb3c0cce9fa87eb7c0b6a1d46dc
SHA256

6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22
SHA512

e2dddf29e58397eb9f63f4b4886b8c3d7b239551a425b124ec482c428bd4361271701f347139929054ae567a954def3707bb9ddde3ae1b8914fc864cf579d763
SSDEEP

3072:7pXooXqrk3id1YX2dfG1h8zzdmy6GajDtfXxs3E1kNwivxFK:7pYo9yd1Hd+1h8A/8NNwivxF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1644	Unicorn-46351.exe
2712	Unicorn-21930.exe
2824	Unicorn-46112.exe
2844	Unicorn-59802.exe
2832	Unicorn-59802.exe
2856	Unicorn-35852.exe
1092	Unicorn-62023.exe
3048	Unicorn-33989.exe
1708	Unicorn-49579.exe
2448	Unicorn-41411.exe
1676	Unicorn-48188.exe
2864	Unicorn-20005.exe
3004	Unicorn-14529.exe
2488	Unicorn-1229.exe
2036	Unicorn-41193.exe
2000	Unicorn-21327.exe
2220	Unicorn-24857.exe
2296	Unicorn-11535.exe
344	Unicorn-4991.exe
1200	Unicorn-57036.exe
2940	Unicorn-33086.exe
1436	Unicorn-9973.exe
1532	Unicorn-55666.exe
1744	Unicorn-15188.exe
1968	Unicorn-49444.exe
1540	Unicorn-21410.exe
3060	Unicorn-37000.exe
2156	Unicorn-59558.exe
276	Unicorn-62251.exe
2992	Unicorn-16580.exe
2344	Unicorn-38946.exe
1704	Unicorn-45723.exe
2108	Unicorn-59257.exe
2764	Unicorn-27715.exe
1928	Unicorn-47581.exe
3016	Unicorn-35329.exe
2716	Unicorn-42105.exe
2668	Unicorn-49527.exe
2232	Unicorn-29661.exe
268	Unicorn-41359.exe
1728	Unicorn-25023.exe
2492	Unicorn-58250.exe
2868	Unicorn-35137.exe
2496	Unicorn-53419.exe
2712	Unicorn-33553.exe
1364	Unicorn-4965.exe
1524	Unicorn-24831.exe
1272	Unicorn-13154.exe
2176	Unicorn-43881.exe
2396	Unicorn-38405.exe
2192	Unicorn-49911.exe
992	Unicorn-11016.exe
1932	Unicorn-5541.exe
2500	Unicorn-9802.exe
2400	Unicorn-6273.exe
1004	Unicorn-42283.exe
1988	Unicorn-25947.exe
3056	Unicorn-25131.exe
1240	Unicorn-50150.exe
892	Unicorn-29538.exe
1572	Unicorn-58873.exe
2244	Unicorn-31676.exe
2300	Unicorn-23316.exe
2808	Unicorn-41790.exe

Loads dropped DLL 64 IoCs

pid	Process
2544	6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe
2544	6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe
1644	Unicorn-46351.exe
1644	Unicorn-46351.exe
2544	6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe
2544	6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe
2712	Unicorn-21930.exe
2824	Unicorn-46112.exe
2824	Unicorn-46112.exe
2712	Unicorn-21930.exe
1644	Unicorn-46351.exe
1644	Unicorn-46351.exe
2844	Unicorn-59802.exe
2844	Unicorn-59802.exe
2824	Unicorn-46112.exe
2824	Unicorn-46112.exe
2856	Unicorn-35852.exe
2856	Unicorn-35852.exe
2832	Unicorn-59802.exe
2832	Unicorn-59802.exe
2712	Unicorn-21930.exe
2712	Unicorn-21930.exe
1092	Unicorn-62023.exe
1092	Unicorn-62023.exe
2844	Unicorn-59802.exe
2844	Unicorn-59802.exe
1708	Unicorn-49579.exe
1708	Unicorn-49579.exe
2448	Unicorn-41411.exe
2856	Unicorn-35852.exe
2448	Unicorn-41411.exe
2856	Unicorn-35852.exe
1676	Unicorn-48188.exe
2832	Unicorn-59802.exe
1676	Unicorn-48188.exe
3048	Unicorn-33989.exe
2832	Unicorn-59802.exe
3048	Unicorn-33989.exe
2864	Unicorn-20005.exe
2864	Unicorn-20005.exe
1092	Unicorn-62023.exe
1092	Unicorn-62023.exe
3004	Unicorn-14529.exe
3004	Unicorn-14529.exe
2488	Unicorn-1229.exe
2488	Unicorn-1229.exe
1708	Unicorn-49579.exe
1708	Unicorn-49579.exe
2036	Unicorn-41193.exe
2036	Unicorn-41193.exe
2448	Unicorn-41411.exe
2448	Unicorn-41411.exe
2000	Unicorn-21327.exe
2000	Unicorn-21327.exe
2296	Unicorn-11535.exe
2296	Unicorn-11535.exe
3048	Unicorn-33989.exe
344	Unicorn-4991.exe
3048	Unicorn-33989.exe
344	Unicorn-4991.exe
2220	Unicorn-24857.exe
2220	Unicorn-24857.exe
1676	Unicorn-48188.exe
1676	Unicorn-48188.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
2456	2092	WerFault.exe	258
2364	1016	WerFault.exe	247
876	2024	WerFault.exe	302
2084	2468	WerFault.exe	309
2988	2420	WerFault.exe	319
2908	1680	WerFault.exe	320
1744	2768	WerFault.exe	441
1068	1872	WerFault.exe	544

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40776.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-750.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14291.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39453.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23316.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56251.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10376.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31269.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49816.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2544	6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe
1644	Unicorn-46351.exe
2712	Unicorn-21930.exe
2824	Unicorn-46112.exe
2844	Unicorn-59802.exe
2832	Unicorn-59802.exe
2856	Unicorn-35852.exe
1092	Unicorn-62023.exe
1708	Unicorn-49579.exe
3048	Unicorn-33989.exe
2448	Unicorn-41411.exe
1676	Unicorn-48188.exe
2864	Unicorn-20005.exe
3004	Unicorn-14529.exe
2488	Unicorn-1229.exe
2036	Unicorn-41193.exe
2000	Unicorn-21327.exe
344	Unicorn-4991.exe
2220	Unicorn-24857.exe
2296	Unicorn-11535.exe
1200	Unicorn-57036.exe
2940	Unicorn-33086.exe
1436	Unicorn-9973.exe
1532	Unicorn-55666.exe
1744	Unicorn-15188.exe
1968	Unicorn-49444.exe
1540	Unicorn-21410.exe
3060	Unicorn-37000.exe
2156	Unicorn-59558.exe
276	Unicorn-62251.exe
2344	Unicorn-38946.exe
2992	Unicorn-16580.exe
1704	Unicorn-45723.exe
2108	Unicorn-59257.exe
2716	Unicorn-42105.exe
1928	Unicorn-47581.exe
2764	Unicorn-27715.exe
2668	Unicorn-49527.exe
3016	Unicorn-35329.exe
2232	Unicorn-29661.exe
268	Unicorn-41359.exe
1728	Unicorn-25023.exe
2492	Unicorn-58250.exe
2868	Unicorn-35137.exe
2712	Unicorn-33553.exe
2496	Unicorn-53419.exe
1524	Unicorn-24831.exe
1364	Unicorn-4965.exe
2176	Unicorn-43881.exe
1272	Unicorn-13154.exe
992	Unicorn-11016.exe
2192	Unicorn-49911.exe
2396	Unicorn-38405.exe
1932	Unicorn-5541.exe
2500	Unicorn-9802.exe
2400	Unicorn-6273.exe
1988	Unicorn-25947.exe
1004	Unicorn-42283.exe
3056	Unicorn-25131.exe
1240	Unicorn-50150.exe
892	Unicorn-29538.exe
1572	Unicorn-58873.exe
2300	Unicorn-23316.exe
2244	Unicorn-31676.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 1644	2544	6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe	29
PID 2544 wrote to memory of 1644	2544	6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe	29
PID 2544 wrote to memory of 1644	2544	6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe	29
PID 2544 wrote to memory of 1644	2544	6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe	29
PID 1644 wrote to memory of 2712	1644	Unicorn-46351.exe	30
PID 1644 wrote to memory of 2712	1644	Unicorn-46351.exe	30
PID 1644 wrote to memory of 2712	1644	Unicorn-46351.exe	30
PID 1644 wrote to memory of 2712	1644	Unicorn-46351.exe	30
PID 2544 wrote to memory of 2824	2544	6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe	31
PID 2544 wrote to memory of 2824	2544	6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe	31
PID 2544 wrote to memory of 2824	2544	6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe	31
PID 2544 wrote to memory of 2824	2544	6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe	31
PID 2824 wrote to memory of 2844	2824	Unicorn-46112.exe	33
PID 2824 wrote to memory of 2844	2824	Unicorn-46112.exe	33
PID 2824 wrote to memory of 2844	2824	Unicorn-46112.exe	33
PID 2824 wrote to memory of 2844	2824	Unicorn-46112.exe	33
PID 2712 wrote to memory of 2832	2712	Unicorn-21930.exe	32
PID 2712 wrote to memory of 2832	2712	Unicorn-21930.exe	32
PID 2712 wrote to memory of 2832	2712	Unicorn-21930.exe	32
PID 2712 wrote to memory of 2832	2712	Unicorn-21930.exe	32
PID 1644 wrote to memory of 2856	1644	Unicorn-46351.exe	34
PID 1644 wrote to memory of 2856	1644	Unicorn-46351.exe	34
PID 1644 wrote to memory of 2856	1644	Unicorn-46351.exe	34
PID 1644 wrote to memory of 2856	1644	Unicorn-46351.exe	34
PID 2844 wrote to memory of 1092	2844	Unicorn-59802.exe	35
PID 2844 wrote to memory of 1092	2844	Unicorn-59802.exe	35
PID 2844 wrote to memory of 1092	2844	Unicorn-59802.exe	35
PID 2844 wrote to memory of 1092	2844	Unicorn-59802.exe	35
PID 2824 wrote to memory of 3048	2824	Unicorn-46112.exe	36
PID 2824 wrote to memory of 3048	2824	Unicorn-46112.exe	36
PID 2824 wrote to memory of 3048	2824	Unicorn-46112.exe	36
PID 2824 wrote to memory of 3048	2824	Unicorn-46112.exe	36
PID 2856 wrote to memory of 1708	2856	Unicorn-35852.exe	37
PID 2856 wrote to memory of 1708	2856	Unicorn-35852.exe	37
PID 2856 wrote to memory of 1708	2856	Unicorn-35852.exe	37
PID 2856 wrote to memory of 1708	2856	Unicorn-35852.exe	37
PID 2832 wrote to memory of 2448	2832	Unicorn-59802.exe	38
PID 2832 wrote to memory of 2448	2832	Unicorn-59802.exe	38
PID 2832 wrote to memory of 2448	2832	Unicorn-59802.exe	38
PID 2832 wrote to memory of 2448	2832	Unicorn-59802.exe	38
PID 2712 wrote to memory of 1676	2712	Unicorn-21930.exe	39
PID 2712 wrote to memory of 1676	2712	Unicorn-21930.exe	39
PID 2712 wrote to memory of 1676	2712	Unicorn-21930.exe	39
PID 2712 wrote to memory of 1676	2712	Unicorn-21930.exe	39
PID 1092 wrote to memory of 2864	1092	Unicorn-62023.exe	40
PID 1092 wrote to memory of 2864	1092	Unicorn-62023.exe	40
PID 1092 wrote to memory of 2864	1092	Unicorn-62023.exe	40
PID 1092 wrote to memory of 2864	1092	Unicorn-62023.exe	40
PID 2844 wrote to memory of 3004	2844	Unicorn-59802.exe	41
PID 2844 wrote to memory of 3004	2844	Unicorn-59802.exe	41
PID 2844 wrote to memory of 3004	2844	Unicorn-59802.exe	41
PID 2844 wrote to memory of 3004	2844	Unicorn-59802.exe	41
PID 1708 wrote to memory of 2488	1708	Unicorn-49579.exe	42
PID 1708 wrote to memory of 2488	1708	Unicorn-49579.exe	42
PID 1708 wrote to memory of 2488	1708	Unicorn-49579.exe	42
PID 1708 wrote to memory of 2488	1708	Unicorn-49579.exe	42
PID 2448 wrote to memory of 2036	2448	Unicorn-41411.exe	43
PID 2448 wrote to memory of 2036	2448	Unicorn-41411.exe	43
PID 2448 wrote to memory of 2036	2448	Unicorn-41411.exe	43
PID 2448 wrote to memory of 2036	2448	Unicorn-41411.exe	43
PID 2856 wrote to memory of 2000	2856	Unicorn-35852.exe	44
PID 2856 wrote to memory of 2000	2856	Unicorn-35852.exe	44
PID 2856 wrote to memory of 2000	2856	Unicorn-35852.exe	44
PID 2856 wrote to memory of 2000	2856	Unicorn-35852.exe	44

C:\Users\Admin\AppData\Local\Temp\6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe
"C:\Users\Admin\AppData\Local\Temp\6dce93049f6d4aec25bf92f5cefd6f038718718cd39ab12161e81e72c39bda22.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59802.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
        11⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29974.exe
        12⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21609.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64644.exe
        14⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
        15⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28275.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
        17⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
        18⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10340.exe
        19⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8368.exe
        20⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        21⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6740.exe
        9⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        10⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        11⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
        12⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
        13⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
        14⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16407.exe
        15⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-750.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        17⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        18⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        19⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        20⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        10⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
        11⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
        12⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        13⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
        14⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31456.exe
        15⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        16⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
        17⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        18⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55644.exe
        19⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42283.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
        9⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32631.exe
        10⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
        11⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        12⤵
        
        PID:500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        13⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
        14⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        15⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36879.exe
        16⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        17⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56438.exe
        18⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24337.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31209.exe
        10⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49403.exe
        11⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        12⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
        13⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54206.exe
        14⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        16⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
        17⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48358.exe
        18⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30543.exe
        19⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34347.exe
        20⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
        18⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        19⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56339.exe
        16⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        17⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60195.exe
        18⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13154.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        8⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
        9⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe
        10⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
        11⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        12⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11279.exe
        13⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20875.exe
        14⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42804.exe
        15⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
        16⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        17⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-985.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3933.exe
        9⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
        10⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45555.exe
        12⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        13⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
        14⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        15⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
        16⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        17⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
        18⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64523.exe
        19⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        17⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52463.exe
        18⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        19⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4991.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26305.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe
        10⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        12⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20003.exe
        13⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        14⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe
        15⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
        16⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62198.exe
        17⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45810.exe
        18⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-496.exe
        19⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4877.exe
        8⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-534.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55329.exe
        10⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65054.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        12⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39868.exe
        13⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43049.exe
        14⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57119.exe
        7⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3419.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39595.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30244.exe
        10⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30802.exe
        11⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        12⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        13⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
        15⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
        16⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
        17⤵
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38405.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14161.exe
        7⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        8⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34525.exe
        9⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59133.exe
        10⤵
        
        PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38946.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49911.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50726.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        9⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3414.exe
        10⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
        11⤵
        
        PID:1016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 200
        12⤵
        Program crash
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51281.exe
        7⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
        8⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe
        9⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
        10⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        11⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        12⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35265.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37507.exe
        14⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23475.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
        16⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
        17⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33252.exe
        18⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5541.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4841.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44203.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
        11⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 188
        12⤵
        Program crash
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54805.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
        9⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41837.exe
        10⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
        11⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
        12⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        13⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
        14⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
        15⤵
        
        PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        7⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21318.exe
        8⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60124.exe
        9⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60420.exe
        10⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        11⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
        12⤵
        
        PID:2468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
        13⤵
        Program crash
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52667.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22792.exe
        8⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
        9⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55057.exe
        10⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        11⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        12⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        7⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56318.exe
        9⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        10⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        11⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
        12⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40387.exe
        13⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
        14⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        15⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        16⤵
        
        PID:2944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60072.exe
        8⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43518.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11395.exe
        10⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        11⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52444.exe
        12⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35056.exe
        13⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
        14⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
        15⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
        16⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        17⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        19⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29682.exe
        8⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
        9⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
        10⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14291.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        13⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
        14⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
        15⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        16⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44362.exe
        17⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
        18⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34544.exe
        19⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        20⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49816.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        18⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
        19⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40725.exe
        10⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41837.exe
        11⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59141.exe
        12⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31269.exe
        13⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
        14⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
        15⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        15⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62924.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        17⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        18⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19438.exe
        19⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44948.exe
        14⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        15⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        16⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25992.exe
        17⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
        18⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
        13⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
        14⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22105.exe
        15⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17933.exe
        16⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        17⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        8⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        9⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
        10⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23454.exe
        11⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28171.exe
        12⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
        13⤵
        Program crash
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3279.exe
        7⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
        9⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1935.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15142.exe
        11⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21783.exe
        12⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45514.exe
        13⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        15⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
        16⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        17⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53698.exe
        18⤵
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53331.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        9⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
        10⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60402.exe
        11⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49909.exe
        13⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43428.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        15⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42520.exe
        16⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19717.exe
        17⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39647.exe
        10⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
        11⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45104.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
        13⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe
        14⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        15⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        16⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48951.exe
        6⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15116.exe
        8⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        9⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        10⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        11⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63194.exe
        12⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40055.exe
        13⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        14⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
        15⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14211.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51731.exe
        17⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        15⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        17⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4704.exe
        13⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36879.exe
        14⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        15⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36978.exe
        16⤵
        
        PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37000.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        9⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37753.exe
        10⤵
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        6⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
        7⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54011.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        10⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28991.exe
        11⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17995.exe
        12⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
        13⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        14⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
        15⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        16⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
        17⤵
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60072.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        9⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        10⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
        11⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61331.exe
        12⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        13⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25805.exe
        14⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25800.exe
        15⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        17⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
        15⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65265.exe
        16⤵
        
        PID:1808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59802.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62023.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57036.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59257.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
        10⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        12⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
        14⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        15⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        16⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        17⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
        18⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        8⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        9⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29288.exe
        10⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
        11⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
        12⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31373.exe
        13⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
        14⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33610.exe
        15⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48166.exe
        16⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        17⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27715.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44312.exe
        7⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        9⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24411.exe
        10⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        11⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        12⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 188
        13⤵
        Program crash
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        10⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
        11⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
        12⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44611.exe
        13⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29592.exe
        14⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28758.exe
        15⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
        16⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
        17⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45334.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11603.exe
        9⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
        10⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
        11⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36827.exe
        12⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43153.exe
        13⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3438.exe
        14⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        15⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        16⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29538.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21531.exe
        9⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
        10⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        11⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        12⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        13⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47320.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        15⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14694.exe
        17⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58873.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
        7⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        8⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
        9⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        10⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28171.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
        12⤵
        Program crash
        
        PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35329.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35568.exe
        7⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
        8⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
        9⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        10⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
        11⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43298.exe
        12⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11196.exe
        13⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49847.exe
        14⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        15⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        16⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
        17⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38279.exe
        18⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52302.exe
        19⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31046.exe
        11⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31269.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51513.exe
        15⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13744.exe
        16⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27279.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63127.exe
        19⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
        14⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        15⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
        16⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36319.exe
        17⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12831.exe
        18⤵
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63341.exe
        6⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
        7⤵
        
        PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42105.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50150.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16248.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55246.exe
        9⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
        10⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
        11⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        12⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55877.exe
        13⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57159.exe
        14⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
        15⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56012.exe
        16⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1316.exe
        17⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33252.exe
        18⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35219.exe
        6⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41375.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        9⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5856.exe
        10⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44699.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
        13⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60828.exe
        14⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        15⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61373.exe
        16⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
        8⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53988.exe
        9⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        10⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23672.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56448.exe
        13⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        14⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62276.exe
        15⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 200
        16⤵
        Program crash
        
        PID:1068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59558.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
        9⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54390.exe
        10⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        11⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
        12⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        13⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2784.exe
        14⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        15⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        16⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        6⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10264.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49382.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23921.exe
        10⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48228.exe
        11⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        12⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53459.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
        14⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28841.exe
        15⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
        16⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
        13⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 200
        14⤵
        Program crash
        
        PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62251.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41790.exe
        6⤵
        Executes dropped EXE
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64104.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43788.exe
        8⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        9⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36767.exe
        10⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12052.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        12⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33402.exe
        13⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        14⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe
        15⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        16⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
        17⤵
        
        PID:500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16709.exe
        9⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49136.exe
        10⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59473.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
        12⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        13⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
        13⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
        14⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1404.exe
        15⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe
        16⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50513.exe
        5⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49268.exe
        6⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51030.exe
        9⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        10⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
        12⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe

Filesize
192KB

MD5
f591ca7f50de2a9672fff149268ae606

SHA1
523036fe9db80de243c7c6c97b25c8acfb9d9e18

SHA256
ffc51e12fb744a9820f9e2ed632d0e7323a5da4ad9583481a99f0daf735b84b8

SHA512
be4c5b1e329c42b98a1b24a04f81c81ed071033ff1cfe22c58d091ade680a079a565d02483f74bfb379c9432857826b1f45aef2a98fe29cc513c49c839a66bcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21327.exe

Filesize
192KB

MD5
a42e6d11f2b2033d556b352632d92b03

SHA1
947bad2dc30638a71d4a7bbd993c4c0f6b904352

SHA256
082ebcefa48e54fe9c102c89a5205a55a1e6c96c868993e1caf5197c9f3d7642

SHA512
59566272b2f67be941e0bd10b9b066a5f932c75cc0442f89bec6dc13e76a6e65c62d9b58ccf1d9fc10c76a3622a4a71dd390a104437a0049ce30b0cf420e6b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35852.exe

Filesize
192KB

MD5
2fd9da9bcd2668e74208d3b63bf41daa

SHA1
cf2b3086127b72503c030abb83cc3ca142498907

SHA256
8148f485a35962728ddb0edc9df172ae7f543d866ac2a016dc3c162f4c44dfc7

SHA512
9e847e4138a5ad6481a6d875132ced77bdb252f7ba23683c62a8c5ed4b39ee00674e807cedf82b41ba52e7ec327ea2d5ecd911ca87f8f038c60403906c0d75a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe

Filesize
192KB

MD5
a29ee40c2ba87411c8a628f0f802a0c1

SHA1
3fd0df12ecd361e4efc29d9abf921b7ee0b318ff

SHA256
7cc1ef67eb0635edbbe8fb5751ba8792f9bf98612bb00c732e770655784b9c20

SHA512
29377ee16853036fa90897e4b2021d2c899db1d2ae994dc1239a70c54710376e308228f6f0a6c617641e41d7fccc2fe80bf9e921078357c29bdf0ee00302dded

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36402.exe

Filesize
192KB

MD5
e4ca931a4f74f6f6455ea8bc1fe8ac9b

SHA1
5af9282fb7111842783419996d3f94f1cc222755

SHA256
b7d33b3ab1e8684634a9f7e331d697007c6e8ed187d7162e476d4eba21487106

SHA512
b9807281b131b31bd5a0792e8b6cb09dfbf5cfb492f01631fbde8a2d08aa5788f5422f67c018ef61967301736ef08e002ab4395bcd2de9197ad6d1f1bd8fdf3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40725.exe

Filesize
192KB

MD5
f62cf75e9d202b40711ea694311da4b1

SHA1
ae9dfbca9cd8cca8ffa9fe82fe04b6ab1a3f353b

SHA256
61d6969584cf30291c2e24e80bcae635ea57f690801106ad16e1a2727db18b61

SHA512
d235336d3d9c8c857b2e1711b2eb5b2781c40272baa4f60672541c6dc7faba5f15009d9841a94256db01cbc25468bf262524d696daee4227f36c450ee7abf462

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe

Filesize
192KB

MD5
9bc4bb9eb22b62ce1bd7d9a50c61a5af

SHA1
c21b20a3d0c54d1a19a17bd10a6276c46f838d0d

SHA256
250db86f090d12b30d0f1f33db3c4ab01ae07ca8c8c91f0a76953759853ce0a7

SHA512
37958d813ef2346b6d21ce873a0c8427e2b4cddb13bffbb909253cb8a5c5d6c9d82ec72bfd12f7c4824ab96b8c729b0863fddbab99948db1a461edd98f89a3b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5856.exe

Filesize
192KB

MD5
d539597ab2ad2714d86be262b30b884f

SHA1
a1676f8a872f8dc6014d51dbae8c35283c8b00e9

SHA256
9789b8b13e06147b10e0df8ed8077afeca05abd7143f1f2d6a05397ce2b49251

SHA512
fc199c690855347845a66741cac955ef099586bfb1bf1ab51f88a62cf0bc425fad01908a02ee5456df791f970bdab11a6c5f9af2c27941e4886f17a691a3569e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe

Filesize
192KB

MD5
77b81646d23bd578ac21d4ec882b2039

SHA1
84eeed4df402f899a106b8484294d672b0e4e817

SHA256
f8ef17f77d46aa49e73b9577fbaee6ccf2f9e9c745150a494a359ea2836f26a8

SHA512
f8aeade461ff38f0b142adbaa8d901bc98fd9aefd2383ffba5cbc599f173d8fa782797eb25f090f1b16a41cb1e0e7e5ccc5369a85c9aaa181279e110cdaeada3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe

Filesize
192KB

MD5
45b268a4a6426d1314ddbc33d109d7f6

SHA1
ea5754f4f47238358ac79cffabdcd19592ec6f24

SHA256
b0866e8db139815be9e15d4c1bad47a00568eba1e5b03f1e9dd17115a9771a3f

SHA512
523e27ca20ea87f00396100f8213069509f17443a181a44d3174b88186df054cf8d7917d62c5f4d6bf0e8fafa0f79e170cf0cd9d2e01be947bf42a59a13ece10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6564.exe

Filesize
192KB

MD5
4509daf83cc405be3dfafbd8ef4ab24c

SHA1
afbe9de8904b5db92944671f56026657823cebd1

SHA256
2a973fdad90e33e1c3d4540cab3a016dcb76eb96c22ae4a4b916bf856df2b1ad

SHA512
86b1e6965cad537e567224db26828b4f357d8ceaa3e71f10881b9df5d782e3ec5ea04b6eec9ae7ba497ff92d232ba5e2a4842ec037ab065eedcf9fcbe0b698ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe

Filesize
192KB

MD5
ccebc9793fe69bc15963d3aa501cf353

SHA1
a2da73a7449c03121be02e4726160ea9bc1b0ed7

SHA256
1ca7bcbf42f92917abc009f049b879b4b1862c2efd21502f9943f9feb1203ac3

SHA512
f1d6ca738a36071f3cf0690f33df85bcce6038a0c740a7f6e8841901e46931a485b6297124ab53d8b1134b84ed95251674d136aa6ef535f68c3b51bc4ce615a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe

Filesize
192KB

MD5
a5fd6f7623b8a7790fde107f53d71eb8

SHA1
dfbc86ce40e8701df03e9cdaf00f9db6a43c5bf4

SHA256
a44e01b40ae0423d8f6b1e35210f8858a1dd7c8c3b7bbc5d4191058114225337

SHA512
10d72197ec2105d35d41d2f41ae4a52da725184f9787c4c45de71636c1758be990097cba2038a767507492241041afc811d95d491f2214eb7b45948bf75e81a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe

Filesize
192KB

MD5
91a038f9da7e78a3ac4c7877942b0411

SHA1
86d669c783a13a871c1be1a9b347a9e2099efc6b

SHA256
0e3a31682b1f1d935582bf9a461870cb63d548a26d1ed8f2d30684d632ff1a95

SHA512
7e293ced4a737bfefa446120c53eb38cc0763005957439c2f49644705a45b60127a5e15d99ccd313f4d721c3aac0583ce917f47a18b9c4a64cfceb0abd4e10cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe

Filesize
192KB

MD5
8df19fd21a54dfe952dd0459de5ce98b

SHA1
957120331a59fc36bfdb70ff03d715c91311e363

SHA256
d4e8952b5d0e4433b3969ebe7866d32fe4d7519997d2e3eabb96aa622dc02f7b

SHA512
84c24cf39ef902a297f0148739aeaff72188480d160981d5ccffde65c192195e71e495a2996abb1970be275678d6ac14296184bff2508e6ca847c9b915623629

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe

Filesize
192KB

MD5
c7586f6134cb2153f279fd63e9b9f2e5

SHA1
8fca81df8b4897c2ede67ca04233839f83eddf3a

SHA256
01d35df441ff31107006eabe1628f46e6ece14dbc625ec824d7f2b86f2d5ec2a

SHA512
f2f07ceee742c9ae7256d6d07e3a49d21ebdbfc4b7d7de79787a6e22927ff69bffdb34490a1b4733c02413daa8b8cc430185f7aa6fae19235b3ddebb929db35c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe

Filesize
192KB

MD5
0ccb6696d075e4297af04c11f9904b4a

SHA1
5bd58eace45baec9513bf77c10c2dc95548b2433

SHA256
ea8186ca3588aee15db80e53dc1d565d68eb965b4959467f63218e3775345d06

SHA512
d737051e1129dfe3aeabc0f834b6fa18dacb69f41521a8720b31aeb85b48be0db3281e6d686f1c5d3d45241b6ead294537359df304134033f6c8837ad2f5a41a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24857.exe

Filesize
192KB

MD5
58052a1c686f9d570f3741117b530469

SHA1
575f00cf2eea7c9ea595f2b0b0dc4ebc905ba29e

SHA256
980704d69358ec5efbb7bd3acdca56a06ac818362ffd2955fc7c9e2dce849301

SHA512
44f8f8a9476bf5fafd833987d2600a64823466360c06f017c517367e93e1dda8f5df37f42d58edadef530cfdcc8ce362627f3d8d42391b7e24b881389392652a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33989.exe

Filesize
192KB

MD5
54bd42ae5879e77afbd8bebdea29cbd0

SHA1
ea60eaacfce9eca9acfbb5ee69e84a161d30b7f7

SHA256
7a35b5ff4c7aa58419186b07e1bd816076856a667bed912db1cf1f6a8928b24b

SHA512
39aad5b0cc32d4e4fb401a8086b3c473643b7757ea25b18d2e2c4fdd2c996eaecf356a8cc0c351086da7c3abba430a512f525cd05071eaed16ebca5c755d5b65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe

Filesize
192KB

MD5
d084500792fd9b76b791003520a1a5c6

SHA1
74bc951eb40054d183a2a0f44f56b325011ea6ac

SHA256
2b43d12955b6abca346c520162317f2ff6c31dc0ea374cb74dec0d7bfcc81fa1

SHA512
2eadad2827d68e1747ce93f4017a41cea8032e32c48f274c9e77f4c4873313fdf3520bcc09d13162ecbc5ebdbf17a4decf0d91bfc1e0dc9cf6c354d99ee4e20f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41411.exe

Filesize
192KB

MD5
bf520017f98650979f2ad0d32a2561c6

SHA1
3f68f0d623f6abf1102e01833f6d74c37195eb08

SHA256
a6a72f59f231e1b3a25f258d04507a5f8a1d812a631410e5c909b2ce59a605f6

SHA512
6017cfb974e855a8795710badf87e68655b9cd27778d066836313de1cc75ad697e6e9d84d00308d72ceed2445f7da7a0917f3e751c049a4abdcb4a881e1a79cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46112.exe

Filesize
192KB

MD5
06358265d0dd33a7e677432f1582ac90

SHA1
7cf1fe91751c20bfe29a2af479ae6d7895818f8f

SHA256
eb31456e4884f2976594ac9639183358a1256e0ab7ff2be46139aaf324026369

SHA512
7a8a8af37c2cb616baec53ece7936677ca99b5f1be607f32dd975a3bdec4d39eb7a046cb20b2ffb22843dd7884d7a14f20435fdf74d02dab89da7f979178fa8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46351.exe

Filesize
192KB

MD5
7688ab429de00bc03c156de69b738c00

SHA1
5c26c570b44727c2f01c9432aa4540ccfb2e0b4f

SHA256
dfecea6bebdcdbe7e68a842db92055f6b2b5096a1372e4317359b153c886056c

SHA512
1b8ff71e33aed0184d63978267fdabf91d32537c86881a1cba3fc055e34218fbda4d448b47ff2bb2d225693163780726418823c7d501b78b7307c25fb1adbd9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe

Filesize
192KB

MD5
10ffea38f8a800e5bfc6314e51ab8302

SHA1
30a30e489ee08cc98cbd946f06451c94efb14344

SHA256
d62ba37cac19b0bd80c80d69f0247e0b01818e651f7ce31df7f3c195e8571a6b

SHA512
2af38a3e9ebd46e0a6f4756960eed87903772860d111caeeb4ddca04d0cbc11d042938a34488e9ef5674197712f2d080a873914c83444adce264360af26af437

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe

Filesize
192KB

MD5
f58779f5a9625a1cffbc9b408b56ae92

SHA1
bc0ffc0053d73aa296f17567ee0c7151269f911c

SHA256
db839290ae3331a8a8aa35b0f2d8cffbf78962468275d52a5209809706bb6af4

SHA512
b1454b6a3881e9f4d3d54c270e3f6e0d6880a2df43236ce454df65bf0c7534d4c953eb360d05b89a2fc2f8cf26aff8632f536557b9594079045bfc080f8f3ab5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4991.exe

Filesize
192KB

MD5
a60cc85b5d336c4e662c1161bd0bf8a9

SHA1
b0d1ebf648f15e9a4c1a76de64bfcd92fa93a5cf

SHA256
bbb315ea33925bb1166b2b812365a18d85d4c6c44147144e372ee28aa13993c1

SHA512
5db18f1c4ad2227a411e6ab3a76e4a75eab90a82653bb523610cf96367b070569075ff529ec9083350a270b10fc53bc787f9275571d586e2ac60a1154d6af07d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59802.exe

Filesize
192KB

MD5
2b8bce610521c3a790534d46d1aa30fb

SHA1
df108ce0423a6ca9029e61e83bb17a10ec18cf92

SHA256
e605d8de02e58b7abdd8b40c671bbddfdad315e372c0bd601e4faddb42de5c92

SHA512
6bd8f7b663028b91f75dd638663184d7490e5538b11ec96185b09092e0a01b438fa934ecda4a6239c7065daa3493b9a88a6e0e6dff0f86534a51938b57b751e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62023.exe

Filesize
192KB

MD5
ce0f524590569a46c4597c694f61d04d

SHA1
cff1b116fe4859058b9a7bedee73a9b1225d2d4a

SHA256
4ef8696bb135d854fd16859d5a35062f35bcf8320474fd6aa6a6b72514d7cd35

SHA512
5bad7fec62322ae5c441aa8101cf21972365dc3885fe2feef72abb38163627ccfefd09ad4a595514c0a2aa1c4fd34644a04113bb314836da762c5a9a312ebbc7

Download Submit
memory/2336-2136-0x0000000076B70000-0x0000000076C8F000-memory.dmp

Filesize
1.1MB

Download
memory/2336-2137-0x0000000076C90000-0x0000000076D8A000-memory.dmp

Filesize
1000KB

Download
memory/2336-1946-0x0000000002890000-0x00000000029EC000-memory.dmp

Filesize
1.4MB

Download
memory/2336-3457-0x0000000002460000-0x0000000002570000-memory.dmp

Filesize
1.1MB

Download