c29a26b9ff23e4ed7e4d813966c0fbb6dda3a784b8aa62be13fb9ee4bee1b250

Analysis

max time kernel
150s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13-08-2024 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe
Size

188KB
MD5

94c41e56c1ae0236c479818022b5abd4
SHA1

08631fdb755dc5028387f835feafd709fee2635b
SHA256

c29a26b9ff23e4ed7e4d813966c0fbb6dda3a784b8aa62be13fb9ee4bee1b250
SHA512

d31b1e1f2bbab84016430e0cbbb4d5dda35f178991962e9223f1d240d80cd6d75d67a0a861bec4c37298ee9630fcdb3ec2f67518a6038db4c6f4312ebcdec04f
SSDEEP

3072:vjyooYm7VAd0OjxdTLz//9fEUd60cSmn5wx8oP2njlPdpFX:vjhovyd0+dHz//u19RjlPdpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1156	Unicorn-50926.exe
1464	Unicorn-30649.exe
2948	Unicorn-53762.exe
2932	Unicorn-36762.exe
2740	Unicorn-43538.exe
2992	Unicorn-32678.exe
2000	Unicorn-7187.exe
376	Unicorn-28354.exe
888	Unicorn-60472.exe
2460	Unicorn-56388.exe
2276	Unicorn-5796.exe
3032	Unicorn-31967.exe
1888	Unicorn-55080.exe
828	Unicorn-58417.exe
2424	Unicorn-18131.exe
2676	Unicorn-37997.exe
2244	Unicorn-11354.exe
2216	Unicorn-26299.exe
2296	Unicorn-58692.exe
2256	Unicorn-53025.exe
2280	Unicorn-46248.exe
992	Unicorn-63331.exe
1708	Unicorn-64722.exe
1328	Unicorn-20928.exe
1436	Unicorn-10067.exe
2400	Unicorn-55184.exe
864	Unicorn-12760.exe
2660	Unicorn-32626.exe
1084	Unicorn-7929.exe
1728	Unicorn-61769.exe
2936	Unicorn-31028.exe
2864	Unicorn-31028.exe
2976	Unicorn-25552.exe
2928	Unicorn-53586.exe
2888	Unicorn-48687.exe
2736	Unicorn-44048.exe
2996	Unicorn-21490.exe
1740	Unicorn-38380.exe
1324	Unicorn-4961.exe
2364	Unicorn-41910.exe
2172	Unicorn-41910.exe
2700	Unicorn-5516.exe
2968	Unicorn-25382.exe
2904	Unicorn-37634.exe
1872	Unicorn-45480.exe
2308	Unicorn-15630.exe
1120	Unicorn-35496.exe
1276	Unicorn-25936.exe
1604	Unicorn-5236.exe
2384	Unicorn-41993.exe
2248	Unicorn-22127.exe
2548	Unicorn-3098.exe
1692	Unicorn-35771.exe
1424	Unicorn-52662.exe
1076	Unicorn-41801.exe
1936	Unicorn-19243.exe
2336	Unicorn-24649.exe
276	Unicorn-17873.exe
2800	Unicorn-51292.exe
2652	Unicorn-5620.exe
1564	Unicorn-34763.exe
2132	Unicorn-54629.exe
2808	Unicorn-50545.exe
2592	Unicorn-56767.exe

Loads dropped DLL 64 IoCs

pid	Process
808	94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe
808	94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe
1156	Unicorn-50926.exe
1156	Unicorn-50926.exe
808	94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe
808	94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe
1464	Unicorn-30649.exe
1464	Unicorn-30649.exe
1156	Unicorn-50926.exe
1156	Unicorn-50926.exe
2948	Unicorn-53762.exe
2948	Unicorn-53762.exe
2932	Unicorn-36762.exe
2932	Unicorn-36762.exe
1464	Unicorn-30649.exe
1464	Unicorn-30649.exe
2992	Unicorn-32678.exe
2992	Unicorn-32678.exe
2740	Unicorn-43538.exe
2740	Unicorn-43538.exe
2948	Unicorn-53762.exe
2948	Unicorn-53762.exe
2000	Unicorn-7187.exe
2000	Unicorn-7187.exe
2932	Unicorn-36762.exe
2932	Unicorn-36762.exe
2460	Unicorn-56388.exe
2460	Unicorn-56388.exe
2740	Unicorn-43538.exe
2740	Unicorn-43538.exe
888	Unicorn-60472.exe
888	Unicorn-60472.exe
2276	Unicorn-5796.exe
2276	Unicorn-5796.exe
2992	Unicorn-32678.exe
2992	Unicorn-32678.exe
3032	Unicorn-31967.exe
3032	Unicorn-31967.exe
2000	Unicorn-7187.exe
2000	Unicorn-7187.exe
1888	Unicorn-55080.exe
1888	Unicorn-55080.exe
376	Unicorn-28354.exe
376	Unicorn-28354.exe
828	Unicorn-58417.exe
828	Unicorn-58417.exe
2460	Unicorn-56388.exe
2460	Unicorn-56388.exe
2676	Unicorn-37997.exe
2676	Unicorn-37997.exe
2424	Unicorn-18131.exe
2424	Unicorn-18131.exe
2216	Unicorn-26299.exe
2216	Unicorn-26299.exe
888	Unicorn-60472.exe
888	Unicorn-60472.exe
2244	Unicorn-11354.exe
2244	Unicorn-11354.exe
2276	Unicorn-5796.exe
2276	Unicorn-5796.exe
2256	Unicorn-53025.exe
2296	Unicorn-58692.exe
2256	Unicorn-53025.exe
2296	Unicorn-58692.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
2076	1708	WerFault.exe	52
1560	1892	WerFault.exe	403
1076	2972	WerFault.exe	388
1064	376	WerFault.exe	550
1644	444	WerFault.exe	437

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33725.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43787.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54328.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28963.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43218.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11350.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52434.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54887.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1329.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25552.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
808	94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe
1156	Unicorn-50926.exe
1464	Unicorn-30649.exe
2948	Unicorn-53762.exe
2932	Unicorn-36762.exe
2992	Unicorn-32678.exe
2740	Unicorn-43538.exe
2000	Unicorn-7187.exe
376	Unicorn-28354.exe
888	Unicorn-60472.exe
2460	Unicorn-56388.exe
2276	Unicorn-5796.exe
3032	Unicorn-31967.exe
1888	Unicorn-55080.exe
828	Unicorn-58417.exe
2676	Unicorn-37997.exe
2244	Unicorn-11354.exe
2424	Unicorn-18131.exe
2216	Unicorn-26299.exe
2296	Unicorn-58692.exe
2256	Unicorn-53025.exe
2280	Unicorn-46248.exe
992	Unicorn-63331.exe
1708	Unicorn-64722.exe
1328	Unicorn-20928.exe
1436	Unicorn-10067.exe
2400	Unicorn-55184.exe
2660	Unicorn-32626.exe
864	Unicorn-12760.exe
1084	Unicorn-7929.exe
1728	Unicorn-61769.exe
2936	Unicorn-31028.exe
2976	Unicorn-25552.exe
2864	Unicorn-31028.exe
2928	Unicorn-53586.exe
2888	Unicorn-48687.exe
2736	Unicorn-44048.exe
2996	Unicorn-21490.exe
1740	Unicorn-38380.exe
1324	Unicorn-4961.exe
2364	Unicorn-41910.exe
2968	Unicorn-25382.exe
2172	Unicorn-41910.exe
2700	Unicorn-5516.exe
2904	Unicorn-37634.exe
1872	Unicorn-45480.exe
1120	Unicorn-35496.exe
2308	Unicorn-15630.exe
1276	Unicorn-25936.exe
2384	Unicorn-41993.exe
1604	Unicorn-5236.exe
2248	Unicorn-22127.exe
2548	Unicorn-3098.exe
1692	Unicorn-35771.exe
1424	Unicorn-52662.exe
1936	Unicorn-19243.exe
1076	Unicorn-41801.exe
2336	Unicorn-24649.exe
276	Unicorn-17873.exe
2800	Unicorn-51292.exe
1564	Unicorn-34763.exe
2132	Unicorn-54629.exe
2808	Unicorn-50545.exe
2592	Unicorn-56767.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 1156	808	94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe	30
PID 808 wrote to memory of 1156	808	94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe	30
PID 808 wrote to memory of 1156	808	94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe	30
PID 808 wrote to memory of 1156	808	94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe	30
PID 1156 wrote to memory of 1464	1156	Unicorn-50926.exe	31
PID 1156 wrote to memory of 1464	1156	Unicorn-50926.exe	31
PID 1156 wrote to memory of 1464	1156	Unicorn-50926.exe	31
PID 1156 wrote to memory of 1464	1156	Unicorn-50926.exe	31
PID 808 wrote to memory of 2948	808	94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe	32
PID 808 wrote to memory of 2948	808	94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe	32
PID 808 wrote to memory of 2948	808	94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe	32
PID 808 wrote to memory of 2948	808	94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe	32
PID 1464 wrote to memory of 2932	1464	Unicorn-30649.exe	33
PID 1464 wrote to memory of 2932	1464	Unicorn-30649.exe	33
PID 1464 wrote to memory of 2932	1464	Unicorn-30649.exe	33
PID 1464 wrote to memory of 2932	1464	Unicorn-30649.exe	33
PID 1156 wrote to memory of 2740	1156	Unicorn-50926.exe	34
PID 1156 wrote to memory of 2740	1156	Unicorn-50926.exe	34
PID 1156 wrote to memory of 2740	1156	Unicorn-50926.exe	34
PID 1156 wrote to memory of 2740	1156	Unicorn-50926.exe	34
PID 2948 wrote to memory of 2992	2948	Unicorn-53762.exe	35
PID 2948 wrote to memory of 2992	2948	Unicorn-53762.exe	35
PID 2948 wrote to memory of 2992	2948	Unicorn-53762.exe	35
PID 2948 wrote to memory of 2992	2948	Unicorn-53762.exe	35
PID 2932 wrote to memory of 2000	2932	Unicorn-36762.exe	36
PID 2932 wrote to memory of 2000	2932	Unicorn-36762.exe	36
PID 2932 wrote to memory of 2000	2932	Unicorn-36762.exe	36
PID 2932 wrote to memory of 2000	2932	Unicorn-36762.exe	36
PID 1464 wrote to memory of 376	1464	Unicorn-30649.exe	37
PID 1464 wrote to memory of 376	1464	Unicorn-30649.exe	37
PID 1464 wrote to memory of 376	1464	Unicorn-30649.exe	37
PID 1464 wrote to memory of 376	1464	Unicorn-30649.exe	37
PID 2992 wrote to memory of 888	2992	Unicorn-32678.exe	38
PID 2992 wrote to memory of 888	2992	Unicorn-32678.exe	38
PID 2992 wrote to memory of 888	2992	Unicorn-32678.exe	38
PID 2992 wrote to memory of 888	2992	Unicorn-32678.exe	38
PID 2740 wrote to memory of 2460	2740	Unicorn-43538.exe	39
PID 2740 wrote to memory of 2460	2740	Unicorn-43538.exe	39
PID 2740 wrote to memory of 2460	2740	Unicorn-43538.exe	39
PID 2740 wrote to memory of 2460	2740	Unicorn-43538.exe	39
PID 2948 wrote to memory of 2276	2948	Unicorn-53762.exe	40
PID 2948 wrote to memory of 2276	2948	Unicorn-53762.exe	40
PID 2948 wrote to memory of 2276	2948	Unicorn-53762.exe	40
PID 2948 wrote to memory of 2276	2948	Unicorn-53762.exe	40
PID 2000 wrote to memory of 3032	2000	Unicorn-7187.exe	41
PID 2000 wrote to memory of 3032	2000	Unicorn-7187.exe	41
PID 2000 wrote to memory of 3032	2000	Unicorn-7187.exe	41
PID 2000 wrote to memory of 3032	2000	Unicorn-7187.exe	41
PID 2932 wrote to memory of 1888	2932	Unicorn-36762.exe	42
PID 2932 wrote to memory of 1888	2932	Unicorn-36762.exe	42
PID 2932 wrote to memory of 1888	2932	Unicorn-36762.exe	42
PID 2932 wrote to memory of 1888	2932	Unicorn-36762.exe	42
PID 2460 wrote to memory of 828	2460	Unicorn-56388.exe	43
PID 2460 wrote to memory of 828	2460	Unicorn-56388.exe	43
PID 2460 wrote to memory of 828	2460	Unicorn-56388.exe	43
PID 2460 wrote to memory of 828	2460	Unicorn-56388.exe	43
PID 2740 wrote to memory of 2424	2740	Unicorn-43538.exe	44
PID 2740 wrote to memory of 2424	2740	Unicorn-43538.exe	44
PID 2740 wrote to memory of 2424	2740	Unicorn-43538.exe	44
PID 2740 wrote to memory of 2424	2740	Unicorn-43538.exe	44
PID 888 wrote to memory of 2676	888	Unicorn-60472.exe	45
PID 888 wrote to memory of 2676	888	Unicorn-60472.exe	45
PID 888 wrote to memory of 2676	888	Unicorn-60472.exe	45
PID 888 wrote to memory of 2676	888	Unicorn-60472.exe	45

C:\Users\Admin\AppData\Local\Temp\94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\94c41e56c1ae0236c479818022b5abd4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58692.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5236.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42180.exe
        11⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39414.exe
        12⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
        13⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3311.exe
        14⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7712.exe
        15⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        16⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        9⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
        10⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47779.exe
        11⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8303.exe
        12⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
        13⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        14⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        15⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27609.exe
        16⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58640.exe
        10⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43498.exe
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38148.exe
        12⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
        13⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25263.exe
        14⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17718.exe
        15⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30876.exe
        17⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59113.exe
        14⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63789.exe
        15⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        16⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21849.exe
        17⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        18⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22324.exe
        19⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22127.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        10⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17157.exe
        11⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
        12⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        13⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
        14⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
        15⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        16⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        17⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31828.exe
        18⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63439.exe
        19⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
        17⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57051.exe
        18⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41993.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39589.exe
        9⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28833.exe
        10⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
        11⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        12⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        13⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12818.exe
        14⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        15⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59788.exe
        16⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        17⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        18⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45969.exe
        19⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        20⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        20⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2346.exe
        17⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        16⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        18⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40362.exe
        19⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23586.exe
        15⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50104.exe
        10⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        11⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
        12⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        13⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
        14⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
        15⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56767.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-711.exe
        10⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
        11⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
        12⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52637.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23696.exe
        14⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        16⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40274.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
        9⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65153.exe
        11⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        12⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        13⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11552.exe
        14⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21826.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18823.exe
        10⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        11⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        12⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
        13⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        14⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
        15⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15819.exe
        16⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        17⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9269.exe
        18⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
        17⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        18⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        16⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64308.exe
        17⤵
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46248.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40514.exe
        9⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18143.exe
        10⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
        11⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        12⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52445.exe
        13⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
        14⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
        15⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51379.exe
        16⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60016.exe
        14⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29113.exe
        9⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        10⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        11⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
        12⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        13⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        14⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe
        15⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59700.exe
        16⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52658.exe
        17⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24649.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49066.exe
        8⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4608.exe
        9⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4048.exe
        11⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11780.exe
        12⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        14⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11552.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21728.exe
        14⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40847.exe
        15⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
        16⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        17⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4017.exe
        16⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
        17⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30576.exe
        15⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        16⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52959.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        18⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        19⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46389.exe
        17⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
        9⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        10⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
        11⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1059.exe
        12⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
        13⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16203.exe
        14⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        15⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10813.exe
        16⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        8⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58002.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
        10⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
        11⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
        12⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        13⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2320.exe
        14⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        15⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        16⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        17⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        18⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        19⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
        18⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28650.exe
        20⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16788.exe
        15⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
        16⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56762.exe
        9⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        10⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22331.exe
        11⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        12⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1303.exe
        13⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        15⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62507.exe
        16⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
        17⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65491.exe
        18⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23136.exe
        19⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
        20⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35942.exe
        18⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30357.exe
        20⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        14⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32056.exe
        15⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        16⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
        9⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62403.exe
        10⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
        11⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        12⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1059.exe
        13⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28683.exe
        14⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27801.exe
        15⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62502.exe
        16⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        17⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57027.exe
        15⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50336.exe
        16⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11389.exe
        17⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26870.exe
        7⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40871.exe
        8⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        10⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33134.exe
        11⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13934.exe
        12⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        13⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        14⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35341.exe
        15⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
        13⤵
        Program crash
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        10⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe
        11⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        12⤵
        
        PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63331.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44048.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17873.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34100.exe
        8⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        9⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        10⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        11⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13918.exe
        12⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49544.exe
        13⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        14⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
        15⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65460.exe
        16⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
        17⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
        18⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12372.exe
        19⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57214.exe
        18⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30903.exe
        15⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53042.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        17⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe
        18⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35064.exe
        19⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        12⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46887.exe
        13⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33047.exe
        14⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8283.exe
        16⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
        17⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33722.exe
        18⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
        19⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24821.exe
        18⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57619.exe
        19⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43888.exe
        20⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        21⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
        17⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59653.exe
        18⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
        19⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
        20⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        21⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        22⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        16⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5429.exe
        18⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        19⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63384.exe
        15⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
        16⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47675.exe
        7⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
        8⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59040.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40177.exe
        10⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
        11⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27557.exe
        12⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe
        13⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22791.exe
        14⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
        15⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
        7⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40405.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
        9⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        10⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe
        11⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
        12⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        13⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37624.exe
        14⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3436.exe
        15⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
        16⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 240
        18⤵
        Program crash
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51853.exe
        12⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        13⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14593.exe
        14⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47396.exe
        15⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        16⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
        17⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
        10⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60312.exe
        12⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21579.exe
        13⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63462.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37858.exe
        15⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
        17⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54731.exe
        16⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        13⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27796.exe
        14⤵
        
        PID:2832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56388.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56388.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58417.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        7⤵
        Program crash
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        8⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54199.exe
        12⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        13⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe
        14⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        15⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14380.exe
        12⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        13⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43369.exe
        14⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59316.exe
        15⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe
        7⤵
        Executes dropped EXE
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61308.exe
        10⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11780.exe
        11⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1059.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
        13⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35388.exe
        15⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        16⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43730.exe
        17⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
        18⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42308.exe
        19⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27922.exe
        17⤵
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34763.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        7⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42180.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
        10⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        11⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        12⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32056.exe
        13⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64339.exe
        14⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe
        15⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
        16⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        15⤵
        
        PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        7⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27276.exe
        8⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        9⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58656.exe
        10⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44728.exe
        12⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        13⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
        14⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
        15⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39560.exe
        16⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14909.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18055.exe
        9⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe
        10⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59606.exe
        11⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40193.exe
        12⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        14⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62938.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32246.exe
        16⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
        17⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45712.exe
        16⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7691.exe
        11⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4282.exe
        12⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
        13⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5896.exe
        14⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55460.exe
        13⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42921.exe
        8⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14624.exe
        10⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
        11⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
        12⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
        13⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        6⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58656.exe
        8⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        9⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50867.exe
        10⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
        11⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51952.exe
        12⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9030.exe
        13⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30541.exe
        14⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
        15⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        9⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29264.exe
        10⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        11⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10813.exe
        12⤵
        
        PID:1944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32678.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60472.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10067.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21490.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58412.exe
        8⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40981.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
        10⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        11⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
        12⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        13⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        14⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27360.exe
        15⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50280.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18828.exe
        9⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21947.exe
        10⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        11⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41022.exe
        13⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
        14⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35528.exe
        15⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        16⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38380.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3098.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36814.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
        9⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13778.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53197.exe
        11⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
        12⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        13⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        14⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
        15⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-149.exe
        16⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
        17⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45537.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe
        8⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55278.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43706.exe
        10⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
        11⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58039.exe
        12⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
        13⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12760.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
        9⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
        10⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
        11⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43135.exe
        12⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-358.exe
        13⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29072.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        15⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe
        16⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
        17⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54702.exe
        15⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        16⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53788.exe
        8⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33554.exe
        9⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28204.exe
        10⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28007.exe
        11⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61827.exe
        12⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41812.exe
        13⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe
        14⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51345.exe
        15⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30440.exe
        16⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
        13⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20235.exe
        14⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25362.exe
        15⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38168.exe
        14⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        15⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        16⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        17⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe
        8⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        9⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
        10⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
        12⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55232.exe
        13⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54887.exe
        15⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52662.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
        9⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
        10⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        11⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        12⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11967.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64453.exe
        14⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43787.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        16⤵
        
        PID:1388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 216
        15⤵
        Program crash
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18754.exe
        9⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36477.exe
        10⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59990.exe
        11⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        12⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39093.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9025.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5237.exe
        15⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44882.exe
        16⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
        17⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
        13⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5547.exe
        7⤵
        
        PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50545.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10555.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55200.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
        10⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        11⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        12⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        13⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        14⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        15⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31828.exe
        16⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33725.exe
        17⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
        16⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36554.exe
        13⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        14⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6646.exe
        15⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27726.exe
        16⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
        15⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14743.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        9⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13643.exe
        10⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12543.exe
        11⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55325.exe
        12⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15905.exe
        13⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        6⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38044.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        9⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26939.exe
        10⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
        11⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
        12⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-281.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17573.exe
        14⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31828.exe
        15⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8417.exe
        7⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62257.exe
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
        9⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
        10⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22191.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63389.exe
        12⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60753.exe
        13⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19908.exe
        14⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11350.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11817.exe
        16⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        17⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
        15⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50654.exe
        9⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44173.exe
        10⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        11⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        12⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27225.exe
        13⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        14⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
        15⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        7⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4619.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20136.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
        11⤵
        
        PID:1892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
        12⤵
        Program crash
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        11⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        12⤵
        
        PID:2316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11354.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7929.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35496.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16586.exe
        8⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        10⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47603.exe
        11⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52896.exe
        12⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
        14⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17770.exe
        15⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
        9⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        10⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
        11⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
        12⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35481.exe
        13⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        14⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11355.exe
        15⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
        16⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        17⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        14⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25230.exe
        15⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
        16⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56485.exe
        15⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49813.exe
        7⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3612.exe
        10⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
        11⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
        12⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
        13⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        14⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        15⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
        16⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
        6⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59455.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17986.exe
        8⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
        9⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20712.exe
        10⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
        12⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59980.exe
        13⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-891.exe
        14⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe
        12⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
        13⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47313.exe
        14⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        6⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        7⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49445.exe
        8⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7037.exe
        9⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
        11⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        12⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2196.exe
        13⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        14⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58832.exe
        6⤵
        
        PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25382.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47120.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58132.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18911.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        10⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        12⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        13⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41994.exe
        14⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
        15⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29200.exe
        6⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        7⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        8⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4982.exe
        9⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
        10⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
        11⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
        12⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32625.exe
        5⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
        6⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48070.exe
        9⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        11⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26649.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55014.exe
        13⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5328.exe
        14⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        15⤵
        
        PID:812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe

Filesize
188KB

MD5
1ac9cedd4e7c45ae1a7d697cfd9a5c21

SHA1
9587085b4c6ea445985a515ca9ba3c8e1f1f021c

SHA256
68e4c582b8cbaab3b8f2d4a146f4aaea8cbd62039cc337992285dbf48d2296e9

SHA512
dbc87ac5f31be676d661c02fe2b6c35d05fc65a2ab45028d34b97dedf200126779b2340e5146d755c199f34521f8e453eefde3e36aaa0fc915810d235f506bd6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe

Filesize
188KB

MD5
6dce37dab82f44810add661ccd70b2cb

SHA1
cf7db21803ddbe0287e97e03de2928b3f2659fa8

SHA256
85c9a11df517e22c8dcb4fd5fe865eee8ce596cfc89262ee932fdfa46872cc32

SHA512
6cb01f418f06b7d23943e9008c85c13b9d72cda73cf390f59ebebb282e76bb9a4b8892b5816a6f00a6a877016e7e1961ec2acca96fe183899910902785cc037c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32246.exe

Filesize
188KB

MD5
3a2bdbacf06b9bbe244893563e004608

SHA1
50b6810e393047950dd5146126820e33ccc5800d

SHA256
ea3d7d7f41fd26bdbe9ce3f3fd87e20b9a1fe1fe8ccbf1b53967010b3ca70128

SHA512
ee424fef2ba1e91d9154576f5519e15a9167783e70a7411ebd33356d170a7b9ef784480090afc23464651b953b6d74e6a68b562fbbc46eb5d3346ee5182a3ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37997.exe

Filesize
188KB

MD5
4fad659761a11e491cd524b9e8cf1cf0

SHA1
7c5a65da86656907531a5dcdbaedbc9ac6d5beff

SHA256
f4e91d23ef71dfc61e70b224c1d1d98a421882bab070d1fbe2359ddc989ee16f

SHA512
5329892ebb439b033499a01225e15dd70ad971a362592c8cd2f089790b6bb4e44472ee4a57f45e9b35cfa3797cf3c3cfe1efbd82df69ec7e97e33b4e48c4756c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40274.exe

Filesize
188KB

MD5
f2d95919ca5457a2acb0d9ed5373c50e

SHA1
dd788c5f285afcd436053f37338113ff0a7d225d

SHA256
8cd2233c4bb01bd7d33a0cc86ac43c76cf4cc90b43e2fce8c7b0222bbd7525ad

SHA512
8ed5d8678ee0e1cc676b662e18a75ecbe2fb0327b4f6c07249306bb8d6ccca2182d3fa69e941f4a3a90b8324090651f50582447cd0058b7082ac126ed2e98e8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe

Filesize
188KB

MD5
9d3492058bdb90a1e6009dc8cdb01ea8

SHA1
2362aee0aeffd0153e2358a549646c3a9ab936da

SHA256
a1a306e80610b082069269b9d3ef12ce7409a3aff05a521d64e6898e6b279546

SHA512
7c2a14b40494e40d3da558c8f2b9c9809ef548534eb315dc9dd29ade0547f909a5386b95d180e0b3685d8e0ff664f160c96e8f65d9a29c216ee2ee5766203301

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40871.exe

Filesize
188KB

MD5
afd0408073e93c5618b13430e13879e4

SHA1
76a2cc0f65d9abe49d889bd0fbf7ad5afa46a61a

SHA256
378277d1f27f37041ca61c9071b382fe7d45a32d9d53725b757de9b3e8afd6a0

SHA512
058184aa08505daf0cd78b9682c48cb179b001e6fd3c8f33c0c517e0f8b50c3081cf47099c0648d4194e310b3a40e32623426cf256b13cd8cf6d74beedadc5a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe

Filesize
188KB

MD5
0e0303c40abddf190485f7400c24779e

SHA1
a8e885004568290e8002270efbf933ec6110ae40

SHA256
e427511794364138db86a6c26d3a44a1c2b9e1c905e778491ee7c17e3c83e8f9

SHA512
7e9e7706f201f3d508d708754d5fc5dc526aea8ee0507c653edbba1c0934b87f6906fed1acd75e782971f6cc6898973ac25cea43363c4c81db1d61a6de0d7861

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe

Filesize
188KB

MD5
a6d13c08893cc7b0f58f0362d0b851ae

SHA1
78d28a5d5b34e2c6225553eb0c2720470a5c82e2

SHA256
2671d485a533a4d5199a6f02250ba821a91bf3016a28a2b555a0c72d15a9af36

SHA512
6c475715c7b51d54f73950fcfa453efbd164efe1c291e7540a357deb22ba0cc978d0d3766dbfc8d797ce6b92aebc179705c0c9522afe8aae896f1f1038e29803

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe

Filesize
188KB

MD5
15026c93b2c97ce1ced5392adbf302c5

SHA1
750d89a57aaf334fb5b78c392cf952e3fb2cfc89

SHA256
9b1fbc049e50df912bbf4ca75b5baa086cdbe769331aa5fcb07a21a07abf7845

SHA512
b01e81e98060f8f9404fa7ff988fc3f0c3b1948d0de9f8cc2da3fdb0d2a83f5b568c9ac6dfe91b4a0fa3e0083143018618b21d39a777c3d84029c37deee98cca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe

Filesize
188KB

MD5
70ff68713ebb109f2959bf424cb7f369

SHA1
fa16748ca181492cdaa124e20c69794b2fdb1bd1

SHA256
2f71470229afb13d73d4348134b718245be3865eb62cb15d28284f5d112878a4

SHA512
d6f7759f617251004ed95ec60be816cd9747031007705589d47f00fdfd4cd5061add6cfeacfa5d16a5f8033c09f3cf1bc01568faf203d28eb06bd85c3fd2cfd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe

Filesize
188KB

MD5
25324d965a34c5509dacf0d4ede445ea

SHA1
97bebf8fbb575c4d80dfe60a4cb4f2b8248919fb

SHA256
79372d131612e54086b184401da7fca19b2712a029cf050f10155b5d52988a30

SHA512
e82ff84a5771f20a280893ae5685cc56a54e512f3feec80affce1e8eb7d842b828050bccf5e828e17d15192e16159504aef0dafc0d3ebb38bfe57a993e4afe67

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5620.exe

Filesize
188KB

MD5
6fc40c4aa3df25584c9be1bcdc6b0950

SHA1
d878d62f9e9abe91efdfacce749ee2835537a56f

SHA256
0a29ef340e5e88f52b82d0dff76e8f5b3622c889477ae530eb7eccf32d8716e9

SHA512
c9b72adfa67cd05c21e36a596eb1bcecbee2be4194e259a5dda5db90169a206cf6eeddcab45a68a06cc89418dac49b26697d1f8820ef08fbdc6e4f3228ef13f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59788.exe

Filesize
188KB

MD5
1a35b2822debf5df37309097e0cd103a

SHA1
11bb927be73fb395c8331328dbe6cc512410f2cd

SHA256
8ff403648f073a786248d5147471b824be52148412b0214d6b5617be453e03ad

SHA512
dba78843b8c5f3a38e98d0741871423e0f481bbf570d5243af1688c75234de299a4440eda8ed9e7122d45ccaf492b6310ff1e0d617d8acae5017fc653b7dccb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe

Filesize
188KB

MD5
0f1a67c1c5fa4c4c3c27609ed120faf5

SHA1
8cd5fb04fb7cc10f50d7b6c438e6d20f5edf40b6

SHA256
547d7c4944f9a8c27f96835d51618c036d394e2db6ee2e64107de6f656fd70ce

SHA512
b415ad3b88996f31c0039480bb7d4ff94b8b12708ec53d6bbde203b06bc017d64297a23263005d6d28191635275ed85972755b338800f0e3e4b8e6eb40446117

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60472.exe

Filesize
188KB

MD5
3e73a5f1a44cf183e3514397704004f0

SHA1
363534e0527c7112981ee9c05cbd6e498d61b412

SHA256
63d45674ec055e4a464c339cc8fbf9dbcc74116ef9b462dc2bd379f8df31f379

SHA512
3a1ab76d3f280afbbea099f963f3cb020380b8b0a5d0d8d05caa1863b3e6dae4bc113fc281421a107cece1ae083d33918df9765e8dda06d8753a631455b687f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6082.exe

Filesize
188KB

MD5
0deeecb23d2fbceedfa0a4b1c397a7ae

SHA1
5b305225dc5010f4d8a629f4fa0cadc52fec08f1

SHA256
5dfe52c574ebe19497cdcc60f4a22515851df970864116a2f1c64015c94b8577

SHA512
73905d9342fa6ac5f0d5d07b5f3fd14947936cbc022cf0584f50faab862edc4389a6e490c46d52a582db279b67ae26e0e922966531f8876e8d93b5d6d904c55d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe

Filesize
188KB

MD5
096189a3742e2d4cd43470d9704fa391

SHA1
66cbd3c2e1d862f04446ba5ff1ca8ddc7a68a4d8

SHA256
7034a8edf58a02ce064b47c97c53812c04099440514b37eb1106b0619c9924f9

SHA512
8e6cf839ccaada689fe2d6f010290b32362754972be5623912efe6c100773eaf26ff889ab6b0fb6930ba91d7c03a2491abb78eeb2a488916b4979aedd7f2207e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe

Filesize
188KB

MD5
690bd147115db2bb4fe5264f341ab0ef

SHA1
f0461f6335d7928a5ca6ab6c969af7bc7707763e

SHA256
582787c47acc5a647b9e1afbf963a6ab2f628d95ba568c9284858046f68ad62f

SHA512
cceee5520388e75f2eaac241bc39dd525e3c83a58c637fa4f5176a83ecfb177964184392fef22a42b8c50d8f273357b5229c7f0cfcc7e8f7bcf3a57cc4af48f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11354.exe

Filesize
188KB

MD5
f0f1d2b4d08c956920ca1d7876336415

SHA1
2d10ceba83af2778c55138ab7ce3d54a9688a21c

SHA256
475ef1d8154892aa898cc3f245d54477529f1a35bba59b21ec221e635fc5cee6

SHA512
e30ab71bf3f8bac0f0573ee4a36a414c7e50d88f8a2579a8e0fc3e8f5765c5e52f33d52dd57f422a3f93a7e48323fe58d3d8207b80d90215f43c927572fdc16a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26299.exe

Filesize
188KB

MD5
a5b425c00d0c008b9dde342a42808938

SHA1
644a1995549aacbbd81698f73f5d60b19aab7587

SHA256
c0b17d1d27182b8be06647651763c142ff3467dae7e15355bb5679bddf60017f

SHA512
2604b92478c9b9b31d19dfaf706f3dd82169fddf29af7748963ecacf4cabf970bcabebc7a858c9c0cd1012558d9011016fc68322a6cc00ba0faeece844c10a84

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30649.exe

Filesize
188KB

MD5
173deb775eb861daf797440855136c17

SHA1
b2f07ef19cc1ce0b950e08eb121385648fae4469

SHA256
ac7721321e8b684f3702f90759c7a81e9afb4f9a35c7ab9ee134563766953c1f

SHA512
669076aa799db468a4ee37d265b20bd3701f17abd445eda92297eba2a29dc7cf6b2300cabc8b974d74a6e083baf50cac79e97dd3cf8dc28afcec56a5c48f5c49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31967.exe

Filesize
188KB

MD5
57ac5801454c1fa8ae79159a2b9ba5eb

SHA1
1184f3e72a472a2bebef0860ef5fa84cbf4157a1

SHA256
4739bdd22cfd9485821f7371b022dd160f35fc4ef08294c420cebe0870657b75

SHA512
ddae5e4640035109e14ee6607fc71412e443c551c4c7531efadfafaa433467b423e11badd6c5ca70e7df898d5d3f43929b35c05a9a2251ef484f86f7abe3e9c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32678.exe

Filesize
188KB

MD5
6fd8f9144eb1caf59e5b53f08b7ed8b8

SHA1
5d50d5fca201f2a88e45abb2699572687cc6e9f4

SHA256
04943b3d4e9e07cdd8a9e9907c1a29052acab820018d430f8155271ea7f8efd0

SHA512
3d22d071b7ae449c0da6a81024cc8eaa5c8bb606afe37c4910c8ef7515205ba1bb845d0be2df1ac6a41d43401cb41149babb50a36d58e35726fa39d7bbe16024

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe

Filesize
188KB

MD5
94652b91ccd4fa021e122301e4d532cb

SHA1
88c43f29c87654c66e5cf346850ab65db412007b

SHA256
a1c650e85662871b45ad0782761362a478e414c06690a00ba75a32a0bc00b63e

SHA512
73e8630d7cc4a85df3f735b66280caee14f408bd69449dab8aa85f72d518632cd9a512400112163c5f47d7d7a6c3a64a6cd664f53402d58d102e3073e34f3cea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe

Filesize
188KB

MD5
dbe805cd2e5b21161c2be97eeb4abfbe

SHA1
93dd2d80106d514126fc301be0274c9a8e88969c

SHA256
d21f6af0b81fbb6137961213dd2e591ff8a49db8f6e8290e8058dcf695424dbb

SHA512
bcc47d4bd13dac7f06d8c7df1bb4c90fba304c34b5867f100cbca697a34342fdc14fffe81e9a8b390fafe3caf1c8f1ba4db50f8aa281f5c9d28f245edb9e057a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe

Filesize
188KB

MD5
69e92ebba8795b14a1899882e3521222

SHA1
782e42e05bc9a347b91766d7833deab9ec2139ee

SHA256
e64dd03e3e72ae03dc1a610d5c55e9e5c1d9304398067bba903082e9b7d80b94

SHA512
51b8298cad090c18af298238ed553f4d073505eb7685fa1219af7cb5c37b95dead0a5f9a389bc84fa997b8859cfb5c02a23c7fb27eb8236fbe5e33ae68fdfdbe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56388.exe

Filesize
188KB

MD5
fba6dd9fd1ffc233bcadf402f26bc3b1

SHA1
c18a17a3c8b1b54bcf2213c14ca82103e82253bd

SHA256
aa1bca711be7532c5439e8df60b156b3486f049e1a61f934aa891e61d1fba95f

SHA512
1271428795911467bb071279068b85535112d95fe81897b5a7822750988b68bf29e568324a5f4e4730de1bd0bb464d00e9b4b6c1d4a7ff38307289c848b75da2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe

Filesize
188KB

MD5
c2daaf2f765cb4c364b3e9ce55f1cdd1

SHA1
b4afb920b6f6527b3da1f93771f29be6a656b402

SHA256
7bec4c27a73d8c94b7b8c512092f15a2df13e00a84b4f6ebf7db1d497950c94e

SHA512
98def680dd344bb77d517705eeab861e9ff1e87963da07add17fb9cefcd60e7fdb49bd9aaedb664aae14394ccf0ab22aa7e477a30819f01708a1ee01e1c0f476

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58417.exe

Filesize
188KB

MD5
55f26fb7565adc9f644f3b071655898f

SHA1
11c42b16f1381ac936af22738372446a8eb5069b

SHA256
4ac6893c9b83549847b92ee3d2197e8cdbbe254db4ce2c95daec98614328f271

SHA512
5929efc3c997e6f54a4bb065464cad3cfbbb760153398164b6cbf20d9a4a6fd26c6f8160986340e51f817e686fa7f7f63fe79301593b1e38a56f14c3f539eaa2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe

Filesize
188KB

MD5
acbecdc92029e759b39ef093072bb17b

SHA1
4d034c6d5fb5870edccdf61d272a128e7b364336

SHA256
aa50e26524798b11dcd3d4cbb118b5d7f5a474f057a4b538038afbdee0b6e429

SHA512
0962f84a736de0821e66f6ac695299d09d100a5fe5f3281ce8aa91ce5505b3b211442259137b1944217bf630d07c83176d0b6a4d6802e9fad7a2f596052673b3

Download Submit