96af28808736d06495c064e3347d90c6f2e8a3fb64070db4a8f2596112e0ce57

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 00:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ad434889229a0054b15a4609927694f0_JaffaCakes118.exe
Size

188KB
MD5

ad434889229a0054b15a4609927694f0
SHA1

70a80035a716495c3544ce7c766f4f4eeaa627fd
SHA256

96af28808736d06495c064e3347d90c6f2e8a3fb64070db4a8f2596112e0ce57
SHA512

7cf9fb76592efb083b8b98767fa7f59c28cde7c6c27201b9acdc36556941f88e96bd9061785a41d2fec782bfbcde099e2508b28edffc3dfe6aac2fe5f064aeb8
SSDEEP

3072:+CrRoPd9Pu1QROyQ8UHmpwOLKwReMpefM6pxFmE3rxlHtpFi:+CFo3WQRm8Smpweh0rTxlHtpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3052	Unicorn-53142.exe
352	Unicorn-43247.exe
2284	Unicorn-23464.exe
2784	Unicorn-50910.exe
2576	Unicorn-22788.exe
2684	Unicorn-7651.exe
2568	Unicorn-2953.exe
536	Unicorn-30835.exe
820	Unicorn-1417.exe
1124	Unicorn-59834.exe
1872	Unicorn-18195.exe
2916	Unicorn-26403.exe
1936	Unicorn-60393.exe
1688	Unicorn-44524.exe
2172	Unicorn-64389.exe
2376	Unicorn-64965.exe
2256	Unicorn-16642.exe
1152	Unicorn-62313.exe
828	Unicorn-62230.exe
3048	Unicorn-19035.exe
2460	Unicorn-31675.exe
2276	Unicorn-22878.exe
700	Unicorn-57444.exe
2040	Unicorn-49764.exe
1512	Unicorn-29898.exe
1020	Unicorn-47652.exe
1668	Unicorn-52260.exe
1664	Unicorn-32394.exe
2648	Unicorn-47491.exe
1464	Unicorn-27625.exe
3056	Unicorn-60132.exe
1868	Unicorn-42484.exe
1772	Unicorn-53236.exe
2764	Unicorn-34804.exe
2880	Unicorn-32915.exe
2948	Unicorn-13049.exe
1604	Unicorn-23699.exe
2688	Unicorn-4409.exe
2444	Unicorn-39184.exe
1544	Unicorn-23926.exe
1956	Unicorn-43792.exe
1912	Unicorn-22390.exe
2824	Unicorn-15320.exe
2752	Unicorn-63836.exe
2908	Unicorn-31766.exe
1624	Unicorn-795.exe
2120	Unicorn-795.exe
624	Unicorn-30069.exe
1300	Unicorn-1563.exe
2060	Unicorn-37826.exe
1784	Unicorn-10514.exe
692	Unicorn-10514.exe
1312	Unicorn-62316.exe
1508	Unicorn-62316.exe
1788	Unicorn-62316.exe
1056	Unicorn-16645.exe
604	Unicorn-32706.exe
2800	Unicorn-54408.exe
2396	Unicorn-47480.exe
2196	Unicorn-40459.exe
2212	Unicorn-54587.exe
2304	Unicorn-8915.exe
1608	Unicorn-8915.exe
868	Unicorn-19859.exe

Loads dropped DLL 64 IoCs

pid	Process
3032	ad434889229a0054b15a4609927694f0_JaffaCakes118.exe
3032	ad434889229a0054b15a4609927694f0_JaffaCakes118.exe
3052	Unicorn-53142.exe
3052	Unicorn-53142.exe
3032	ad434889229a0054b15a4609927694f0_JaffaCakes118.exe
3032	ad434889229a0054b15a4609927694f0_JaffaCakes118.exe
352	Unicorn-43247.exe
352	Unicorn-43247.exe
3052	Unicorn-53142.exe
2284	Unicorn-23464.exe
3052	Unicorn-53142.exe
2284	Unicorn-23464.exe
2784	Unicorn-50910.exe
2784	Unicorn-50910.exe
352	Unicorn-43247.exe
352	Unicorn-43247.exe
2684	Unicorn-7651.exe
2684	Unicorn-7651.exe
2284	Unicorn-23464.exe
2284	Unicorn-23464.exe
2576	Unicorn-22788.exe
2576	Unicorn-22788.exe
536	Unicorn-30835.exe
536	Unicorn-30835.exe
2568	Unicorn-2953.exe
2568	Unicorn-2953.exe
2784	Unicorn-50910.exe
2784	Unicorn-50910.exe
1124	Unicorn-59834.exe
1124	Unicorn-59834.exe
1872	Unicorn-18195.exe
820	Unicorn-1417.exe
1872	Unicorn-18195.exe
820	Unicorn-1417.exe
2576	Unicorn-22788.exe
2576	Unicorn-22788.exe
2684	Unicorn-7651.exe
2684	Unicorn-7651.exe
2916	Unicorn-26403.exe
2916	Unicorn-26403.exe
536	Unicorn-30835.exe
536	Unicorn-30835.exe
1688	Unicorn-44524.exe
1688	Unicorn-44524.exe
1152	Unicorn-62313.exe
1152	Unicorn-62313.exe
828	Unicorn-62230.exe
828	Unicorn-62230.exe
1124	Unicorn-59834.exe
1124	Unicorn-59834.exe
1936	Unicorn-60393.exe
1936	Unicorn-60393.exe
2568	Unicorn-2953.exe
2256	Unicorn-16642.exe
2568	Unicorn-2953.exe
2256	Unicorn-16642.exe
2376	Unicorn-64965.exe
2376	Unicorn-64965.exe
820	Unicorn-1417.exe
820	Unicorn-1417.exe
1872	Unicorn-18195.exe
1872	Unicorn-18195.exe
3048	Unicorn-19035.exe
3048	Unicorn-19035.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
3064	2752	WerFault.exe	74
1868	2740	WerFault.exe	120
1724	1488	WerFault.exe	133
2988	536	WerFault.exe	197
1672	1640	WerFault.exe	356
2072	1300	WerFault.exe	355
2160	2256	WerFault.exe	434
856	1636	WerFault.exe	410
760	1780	WerFault.exe	409

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7745.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4002.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2996.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37108.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46947.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5855.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22407.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22772.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18762.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54902.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54979.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54045.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15297.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34804.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9651.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3032	ad434889229a0054b15a4609927694f0_JaffaCakes118.exe
3052	Unicorn-53142.exe
352	Unicorn-43247.exe
2284	Unicorn-23464.exe
2784	Unicorn-50910.exe
2576	Unicorn-22788.exe
2684	Unicorn-7651.exe
2568	Unicorn-2953.exe
536	Unicorn-30835.exe
1124	Unicorn-59834.exe
820	Unicorn-1417.exe
1872	Unicorn-18195.exe
2916	Unicorn-26403.exe
1688	Unicorn-44524.exe
1936	Unicorn-60393.exe
2172	Unicorn-64389.exe
1152	Unicorn-62313.exe
2256	Unicorn-16642.exe
2376	Unicorn-64965.exe
828	Unicorn-62230.exe
3048	Unicorn-19035.exe
2460	Unicorn-31675.exe
2276	Unicorn-22878.exe
700	Unicorn-57444.exe
2040	Unicorn-49764.exe
1512	Unicorn-29898.exe
1020	Unicorn-47652.exe
1668	Unicorn-52260.exe
1664	Unicorn-32394.exe
2648	Unicorn-47491.exe
1464	Unicorn-27625.exe
3056	Unicorn-60132.exe
1868	Unicorn-42484.exe
1772	Unicorn-53236.exe
2764	Unicorn-34804.exe
2948	Unicorn-13049.exe
2880	Unicorn-32915.exe
1604	Unicorn-23699.exe
2688	Unicorn-4409.exe
2444	Unicorn-39184.exe
1956	Unicorn-43792.exe
1544	Unicorn-23926.exe
1912	Unicorn-22390.exe
2824	Unicorn-15320.exe
2752	Unicorn-63836.exe
2908	Unicorn-31766.exe
1624	Unicorn-795.exe
2120	Unicorn-795.exe
624	Unicorn-30069.exe
1300	Unicorn-1563.exe
2060	Unicorn-37826.exe
1784	Unicorn-10514.exe
1508	Unicorn-62316.exe
1312	Unicorn-62316.exe
1788	Unicorn-62316.exe
692	Unicorn-10514.exe
1056	Unicorn-16645.exe
604	Unicorn-32706.exe
2800	Unicorn-54408.exe
2396	Unicorn-47480.exe
2196	Unicorn-40459.exe
2304	Unicorn-8915.exe
2212	Unicorn-54587.exe
1608	Unicorn-8915.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 3052	3032	ad434889229a0054b15a4609927694f0_JaffaCakes118.exe	31
PID 3032 wrote to memory of 3052	3032	ad434889229a0054b15a4609927694f0_JaffaCakes118.exe	31
PID 3032 wrote to memory of 3052	3032	ad434889229a0054b15a4609927694f0_JaffaCakes118.exe	31
PID 3032 wrote to memory of 3052	3032	ad434889229a0054b15a4609927694f0_JaffaCakes118.exe	31
PID 3052 wrote to memory of 352	3052	Unicorn-53142.exe	32
PID 3052 wrote to memory of 352	3052	Unicorn-53142.exe	32
PID 3052 wrote to memory of 352	3052	Unicorn-53142.exe	32
PID 3052 wrote to memory of 352	3052	Unicorn-53142.exe	32
PID 3032 wrote to memory of 2284	3032	ad434889229a0054b15a4609927694f0_JaffaCakes118.exe	33
PID 3032 wrote to memory of 2284	3032	ad434889229a0054b15a4609927694f0_JaffaCakes118.exe	33
PID 3032 wrote to memory of 2284	3032	ad434889229a0054b15a4609927694f0_JaffaCakes118.exe	33
PID 3032 wrote to memory of 2284	3032	ad434889229a0054b15a4609927694f0_JaffaCakes118.exe	33
PID 352 wrote to memory of 2784	352	Unicorn-43247.exe	34
PID 352 wrote to memory of 2784	352	Unicorn-43247.exe	34
PID 352 wrote to memory of 2784	352	Unicorn-43247.exe	34
PID 352 wrote to memory of 2784	352	Unicorn-43247.exe	34
PID 3052 wrote to memory of 2576	3052	Unicorn-53142.exe	35
PID 3052 wrote to memory of 2576	3052	Unicorn-53142.exe	35
PID 3052 wrote to memory of 2576	3052	Unicorn-53142.exe	35
PID 3052 wrote to memory of 2576	3052	Unicorn-53142.exe	35
PID 2284 wrote to memory of 2684	2284	Unicorn-23464.exe	36
PID 2284 wrote to memory of 2684	2284	Unicorn-23464.exe	36
PID 2284 wrote to memory of 2684	2284	Unicorn-23464.exe	36
PID 2284 wrote to memory of 2684	2284	Unicorn-23464.exe	36
PID 2784 wrote to memory of 2568	2784	Unicorn-50910.exe	37
PID 2784 wrote to memory of 2568	2784	Unicorn-50910.exe	37
PID 2784 wrote to memory of 2568	2784	Unicorn-50910.exe	37
PID 2784 wrote to memory of 2568	2784	Unicorn-50910.exe	37
PID 352 wrote to memory of 536	352	Unicorn-43247.exe	38
PID 352 wrote to memory of 536	352	Unicorn-43247.exe	38
PID 352 wrote to memory of 536	352	Unicorn-43247.exe	38
PID 352 wrote to memory of 536	352	Unicorn-43247.exe	38
PID 2684 wrote to memory of 820	2684	Unicorn-7651.exe	39
PID 2684 wrote to memory of 820	2684	Unicorn-7651.exe	39
PID 2684 wrote to memory of 820	2684	Unicorn-7651.exe	39
PID 2684 wrote to memory of 820	2684	Unicorn-7651.exe	39
PID 2284 wrote to memory of 1124	2284	Unicorn-23464.exe	40
PID 2284 wrote to memory of 1124	2284	Unicorn-23464.exe	40
PID 2284 wrote to memory of 1124	2284	Unicorn-23464.exe	40
PID 2284 wrote to memory of 1124	2284	Unicorn-23464.exe	40
PID 2576 wrote to memory of 1872	2576	Unicorn-22788.exe	41
PID 2576 wrote to memory of 1872	2576	Unicorn-22788.exe	41
PID 2576 wrote to memory of 1872	2576	Unicorn-22788.exe	41
PID 2576 wrote to memory of 1872	2576	Unicorn-22788.exe	41
PID 536 wrote to memory of 2916	536	Unicorn-30835.exe	42
PID 536 wrote to memory of 2916	536	Unicorn-30835.exe	42
PID 536 wrote to memory of 2916	536	Unicorn-30835.exe	42
PID 536 wrote to memory of 2916	536	Unicorn-30835.exe	42
PID 2568 wrote to memory of 1936	2568	Unicorn-2953.exe	43
PID 2568 wrote to memory of 1936	2568	Unicorn-2953.exe	43
PID 2568 wrote to memory of 1936	2568	Unicorn-2953.exe	43
PID 2568 wrote to memory of 1936	2568	Unicorn-2953.exe	43
PID 2784 wrote to memory of 1688	2784	Unicorn-50910.exe	44
PID 2784 wrote to memory of 1688	2784	Unicorn-50910.exe	44
PID 2784 wrote to memory of 1688	2784	Unicorn-50910.exe	44
PID 2784 wrote to memory of 1688	2784	Unicorn-50910.exe	44
PID 1124 wrote to memory of 2172	1124	Unicorn-59834.exe	45
PID 1124 wrote to memory of 2172	1124	Unicorn-59834.exe	45
PID 1124 wrote to memory of 2172	1124	Unicorn-59834.exe	45
PID 1124 wrote to memory of 2172	1124	Unicorn-59834.exe	45
PID 1872 wrote to memory of 2376	1872	Unicorn-18195.exe	46
PID 1872 wrote to memory of 2376	1872	Unicorn-18195.exe	46
PID 1872 wrote to memory of 2376	1872	Unicorn-18195.exe	46
PID 1872 wrote to memory of 2376	1872	Unicorn-18195.exe	46

C:\Users\Admin\AppData\Local\Temp\ad434889229a0054b15a4609927694f0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ad434889229a0054b15a4609927694f0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43792.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25904.exe
        10⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
        11⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
        12⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        13⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        14⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57855.exe
        15⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64649.exe
        16⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8002.exe
        17⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17226.exe
        18⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
        19⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28884.exe
        20⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
        8⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8618.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13806.exe
        10⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
        11⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        12⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe
        13⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
        15⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
        16⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
        17⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
        18⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
        19⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58556.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61014.exe
        9⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2514.exe
        11⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14131.exe
        12⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
        13⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
        14⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
        15⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47718.exe
        16⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
        17⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22622.exe
        18⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
        19⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        20⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12165.exe
        9⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
        10⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54979.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
        12⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        13⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12499.exe
        14⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17406.exe
        15⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        16⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe
        17⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        18⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
        19⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45542.exe
        20⤵
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32394.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31766.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63840.exe
        9⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        10⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe
        12⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39503.exe
        13⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        14⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54648.exe
        15⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        16⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        17⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60735.exe
        18⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        19⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
        10⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27467.exe
        11⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11711.exe
        13⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
        14⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50212.exe
        15⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
        16⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
        17⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
        18⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31670.exe
        19⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
        12⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
        14⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
        15⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38456.exe
        16⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        17⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45542.exe
        18⤵
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4761.exe
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
        9⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe
        11⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58431.exe
        13⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        14⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37804.exe
        15⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        16⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6868.exe
        17⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39304.exe
        18⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        10⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29130.exe
        11⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48041.exe
        12⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
        13⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
        14⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27003.exe
        15⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
        16⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
        17⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
        18⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10514.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7745.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
        9⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51406.exe
        10⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
        11⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
        12⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27328.exe
        13⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        14⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        15⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
        16⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        17⤵
        
        PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26403.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16645.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62687.exe
        9⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        10⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35318.exe
        11⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
        12⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        13⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe
        14⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
        15⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
        16⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57196.exe
        17⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
        18⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25031.exe
        20⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23138.exe
        21⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22890.exe
        15⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
        16⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        17⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9683.exe
        18⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2951.exe
        19⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        9⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
        10⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        11⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14936.exe
        12⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38858.exe
        13⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18019.exe
        14⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12175.exe
        15⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
        16⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
        17⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
        18⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33087.exe
        19⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
        18⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61420.exe
        10⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25989.exe
        12⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        13⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22627.exe
        14⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22368.exe
        15⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
        16⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58874.exe
        18⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35188.exe
        19⤵
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        7⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18379.exe
        8⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
        9⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
        10⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        12⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26412.exe
        13⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
        14⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-124.exe
        15⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15772.exe
        16⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
        17⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        18⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52262.exe
        19⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36579.exe
        14⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45470.exe
        15⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        17⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        18⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10514.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        8⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50435.exe
        9⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10231.exe
        10⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
        11⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        12⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35645.exe
        13⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
        14⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
        15⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
        16⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        17⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46936.exe
        18⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31743.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        9⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        10⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52927.exe
        11⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
        12⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        13⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41004.exe
        15⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        16⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        17⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        18⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
        15⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
        16⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-911.exe
        17⤵
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        10⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
        11⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        12⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
        13⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6952.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        15⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
        17⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26539.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54045.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54027.exe
        16⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32861.exe
        17⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
        18⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21423.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56324.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60061.exe
        10⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        11⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49057.exe
        12⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42567.exe
        13⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
        14⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26830.exe
        15⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28253.exe
        16⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
        17⤵
        
        PID:820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47491.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-795.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15676.exe
        9⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
        10⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4403.exe
        10⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        11⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13645.exe
        12⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54710.exe
        13⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64649.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
        15⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41405.exe
        16⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        17⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        19⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
        8⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
        9⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44928.exe
        11⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9651.exe
        12⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exe
        13⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15192.exe
        14⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48034.exe
        15⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        16⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31814.exe
        17⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60092.exe
        18⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1563.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
        7⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        8⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13753.exe
        9⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        10⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46597.exe
        11⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44912.exe
        12⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        13⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62426.exe
        14⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2932.exe
        15⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33122.exe
        16⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        17⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        18⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        19⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27111.exe
        20⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        21⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56541.exe
        17⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        18⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        19⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43521.exe
        20⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23479.exe
        13⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64349.exe
        14⤵
        
        PID:1640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
        15⤵
        Program crash
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
        7⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43124.exe
        9⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        10⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
        11⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        12⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
        13⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64216.exe
        14⤵
        
        PID:1636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 244
        15⤵
        Program crash
        
        PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63836.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 200
        7⤵
        Program crash
        
        PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23699.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42609.exe
        8⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7102.exe
        9⤵
        
        PID:1488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
        10⤵
        Program crash
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        7⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19903.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
        9⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
        10⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe
        11⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41299.exe
        12⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50939.exe
        13⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19257.exe
        14⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
        15⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
        16⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
        17⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27254.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61911.exe
        9⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        10⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14969.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe
        12⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
        13⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        14⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
        15⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56365.exe
        16⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        17⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe
        18⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
        19⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
        15⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2528.exe
        16⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
        17⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
        18⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        6⤵
        Executes dropped EXE
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27073.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-355.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        10⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31907.exe
        11⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9651.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48829.exe
        13⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22403.exe
        14⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
        15⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
        16⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55088.exe
        17⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12393.exe
        18⤵
        
        PID:1208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        8⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23258.exe
        9⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
        10⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62630.exe
        11⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
        12⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5218.exe
        13⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        14⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
        15⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
        16⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
        17⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        18⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-311.exe
        19⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41723.exe
        13⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22139.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
        15⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65529.exe
        16⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
        17⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe
        18⤵
        
        PID:2616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30069.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64187.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        10⤵
        Program crash
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54587.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        9⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        10⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16015.exe
        11⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
        12⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46157.exe
        13⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57544.exe
        14⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57215.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        16⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26630.exe
        17⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        18⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43807.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48780.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63968.exe
        10⤵
        
        PID:536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 200
        11⤵
        Program crash
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        9⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55365.exe
        10⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        11⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        12⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27498.exe
        13⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
        14⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1279.exe
        16⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
        17⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2880.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10359.exe
        9⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31152.exe
        10⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51391.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        12⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
        13⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
        14⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        15⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        16⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
        17⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        11⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64349.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
        13⤵
        Program crash
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28121.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20936.exe
        11⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
        12⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34617.exe
        14⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
        15⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe
        16⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41439.exe
        17⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52769.exe
        18⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59160.exe
        19⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52741.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53476.exe
        9⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe
        10⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41908.exe
        11⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        12⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2932.exe
        13⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53336.exe
        14⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe
        15⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 244
        16⤵
        Program crash
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
        13⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        15⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38244.exe
        16⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62230.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49764.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39184.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9.exe
        8⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
        9⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
        10⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22772.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
        14⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41011.exe
        15⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31884.exe
        16⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        17⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        18⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63642.exe
        19⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        9⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27152.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37179.exe
        11⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
        12⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53597.exe
        13⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        14⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
        15⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14540.exe
        16⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58902.exe
        17⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3693.exe
        18⤵
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23926.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        7⤵
        
        PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29898.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-795.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
        6⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37666.exe
        7⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        9⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
        10⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        11⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22745.exe
        12⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        14⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20624.exe
        15⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32500.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        17⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
        18⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11232.exe
        10⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
        11⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46624.exe
        12⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        13⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19954.exe
        14⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
        15⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4354.exe
        16⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        17⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43538.exe
        18⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
        20⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64204.exe
        6⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31960.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
        9⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58984.exe
        10⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
        11⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        12⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25214.exe
        13⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29548.exe
        14⤵
        
        PID:2256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        15⤵
        Program crash
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
        14⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-591.exe
        15⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
        16⤵
        
        PID:1420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5983.exe
        5⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5842.exe
        6⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        7⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
        8⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
        10⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        11⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        13⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        14⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32460.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32012.exe
        16⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2351.exe
        18⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15718.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43912.exe
        9⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
        11⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18506.exe
        12⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4002.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2577.exe
        14⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2355.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        16⤵
        
        PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26539.exe

Filesize
188KB

MD5
016b37c08b23e89e643ad7fe853d37a4

SHA1
73c6a5867c52c026f8a8e64db5cf2305931fd69a

SHA256
ffaa3eb1499ebb56e943b03c0515399f20b6f575147d41718200c84f8fc16651

SHA512
b593c12683f237456387647c173089cf998ed45dd5fb0ae6e663cf855b4e4bebc9253f1b37d9435d1802637b15e45af09b6f67bfeae1307601c8df5e8ec7c5aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2953.exe

Filesize
188KB

MD5
4c8c7f529780dc1ba4190aac85b6de0a

SHA1
ebbe15984ff680a6d663c0187a71324fd5abb368

SHA256
1aca160f1f5f53ff797638c98f4033be35885d62e69946abcdda6db72013070d

SHA512
af5022cea4ed49f0032d8d580b8b0b49ced1b46bee4c168654681634e64f7972c57ab6e30172586a1af743bf5229440dc54b686898ccf70ea951a97285c2613c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30835.exe

Filesize
188KB

MD5
13cf69380d358e57f3b2b3a2c917f9b8

SHA1
090182350a7d47f45d084bbdca5136b2aff134ee

SHA256
a6078a659b7103849c6d5a813dfed4f3daa2e9dfe2436574ea1f44fa5f6dc8d9

SHA512
c5d128ac74448fbe1ab85b9f64ba164b33165fc0ca2562c29d37451fcb7523891112bedaba11760f5f422fd54cce992b2755573fbc24fa5861e811bc7303f1f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39779.exe

Filesize
188KB

MD5
96558d7232ffdd45ffa4bdd7c5cb62bf

SHA1
f05af9b07f95fe5fa4ef99b73e83530d158446cb

SHA256
2a0277fae8533b0d314d8b5416f11bf1f97ee88e19f9dbc2d617ab516674045f

SHA512
7134e3f7041404f04c2e16508d03bde8b21e09d2c35874ce10fb9c2085a6e5bd8765f080a6ce318e650394f2de9b78ec96867c6cba9bd3575c914a207f58a839

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe

Filesize
188KB

MD5
d53cc150a4f20c7c7ddb2371bb80eebd

SHA1
e99f4c2227b7fb6918e0ff1509a5fa496a602211

SHA256
711b42c0cdfd9aa1d803c2af5bc477f06bd8f3d2747c40042c91b934cdd67e2c

SHA512
44ed8ed637962c5c468097dd54d42cc05afc8f0c23b4d6c60b413f6ba6d80ad017a63bb62b8f12d2dc70067aa0bd0f2823efce19dbff9a918cb59c442421abbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe

Filesize
188KB

MD5
d873e77dca9e36c06e0881f5d4d0c8e8

SHA1
7fcdf8bdf44411588e72c376019c63b56df25ba7

SHA256
9097f60fb794421f4ccfc0c57b5c337dbdee1bcfd8b0318b4d1bafcf6c838f1e

SHA512
7ed3d000171bcdcc6a06a0e47b9d778a3cbb13294b37b51f416a2eefa2a452d15f89945df47c4ef9dc953f9df090978f03741b1880c8e615b2fabbbc83898f7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe

Filesize
188KB

MD5
df9d42e0362e5165a6e6eadefe01f07a

SHA1
0b2afaf74929d8a4b527c7a0a789eaba158d8596

SHA256
95be1e4727a3a1881bb57275dcafc0fe07fefd16d3026a00ea9fc8998f49ab41

SHA512
152a1d9cd70b32f169aff9bb4461bfe7273afd3a33adde3f631e5ae13529252705b0778af71537393452f7699d8069e8b1ee3fbe9cec9e681352f88e43472da2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5842.exe

Filesize
188KB

MD5
65f4c990e7f0b3e877a124f60991cfd0

SHA1
128a5354a283df929551070c9ada140fd2412ff0

SHA256
6716d51f26f0a6a150f6391ad2ec78e36852d90e4ab851e36d10cc68619b5809

SHA512
d71f08230c001339797b27cd147763c6a1163930cb31a5cd504e8c76abea2824b56bb763794e433e5a30b678ee9be9dd300f12f9fe0bfe05475b0766ec7ff007

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5855.exe

Filesize
188KB

MD5
ff0b8f78a63ba0cd4c07dcc51894dd7c

SHA1
ce3866bff91da48e5916e9af2486d8d89894c833

SHA256
e08d15d208f45ad50e17e66081c666a2df735481096b9c6b286e7de456a6a24c

SHA512
8a3d7f6845e533a646753332ef3270b9b1bb495b5a68e866847ff11d10442d33bdd55f2a11336af62b7625ea59b5e45e129bf35f551a5fc0f0fa1e4523b64250

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6011.exe

Filesize
188KB

MD5
a9c00dd75241ce8b35a812de93b77a34

SHA1
988835d860d2564f9cf002c2f8f7747a7f7683db

SHA256
cb6a0a1a8ecfeff383b009c3b3e916c3d34283497c884d7349e580ed3d09d1c3

SHA512
eca297053ad8be76a7414a60e17ec7e2401ffc4d2797ac9fbf7ca1dc6b7bbb9bb59fc9c9c15db34646aee188fcd197dab294688f77b76551ce5cb330987f7e21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe

Filesize
188KB

MD5
af9dc9ead0eb7a57f69351ca7171187b

SHA1
4577dfeda7b59cf7dc341cff67d3264ce212f49a

SHA256
26e442af73dbcf8ccda20fb96604443f1ff78807446e01a3737f62a23b8d1348

SHA512
d2c94e06db054d90ebc5273c7fb5231a32f16871b1e619683b08312d81576925d9e37f747b64089d3d9e2d73f07b5a949f1361a5268f9945a8107e2dbf2a10d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe

Filesize
188KB

MD5
3db7815e2a1005ec9304a7d76d17f023

SHA1
213916ddd882bc1a4505ba74fbf1ec5223c3a6a3

SHA256
a286f4a4559c4743f51b728f2fa8303c2391c3c7ea7cccbc736aa31d79398828

SHA512
90e0d578fc3840f3d813d53321b91c8649ebe022bdc10c91e21cb6481b8153fd8930f0020dc9f429c6272532e37de0acfabc064c83a2db641dbe4be2e2fcbcda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe

Filesize
188KB

MD5
e11ec32bf0968e4bdce2f2a6d691af3a

SHA1
933eafc5408daa95dc20241bde230c139d5e6817

SHA256
24c9fd1d64e159a4310e6c2120ff28a26084820a6e407ba639a661112bd7cfe8

SHA512
58c69d2a2040d01c60263b5db98b04672f0bf6dfc2e6c9a20c5669f2e020cefec80a8e17750625d47301d059da1ff08361d980c1e8f416d639f67c0fc0dd1e14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe

Filesize
188KB

MD5
bac5cac14f25cf0e3af1b9c187f1988d

SHA1
ba77a2969f445cb18b52b2c362a21abe1d373f2e

SHA256
2bc681e70269178c199a3cc378f05fbb6baf920273b00b4ced8cc4576740bc09

SHA512
aa1341a2329444ac1bdb8b8f2859d8db50d961bf1b4eda9d8c9fc07eed1bb856e0c3eeed4fe8d772884f32ffa781ab11ae5e063e246c1a943f94c1a0e4f7a6d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16642.exe

Filesize
188KB

MD5
5dd7c82527fce62fb90695bbe95155a1

SHA1
aea9401e890c0502979c4540e94d092c68f8e8b2

SHA256
6ac7015c646a66961ac0be01c12d9c0e0a04c715fbd66cfe6e340fecebd444d8

SHA512
2dc7f3adea78042d6d9fa3558611a44764f69eeee3d2287f2a343d75b9ff8186b57e8fd6dc794a7a75b5b32394064e4b72e1aaf0e182bb4d5bdbf3f72321bd16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18195.exe

Filesize
188KB

MD5
b97e06acc1ff480a8c9e9ed422cf9e8b

SHA1
01959c047d5c449e7e7c43ae40f36f68cfbc3143

SHA256
117e1593615694f51375f6be91dc81765b8531e6c204c80939380abbfd6fa3c2

SHA512
6bcfca5852447ded32ef93a05c903c07b944c8d317a2dde1dd1afac2293354594d72548df045d3b4949034736e07fc4f7b8f17d0764fd2913b06ffc8f20bf03d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe

Filesize
188KB

MD5
b45e77dbd749c486d61c5b5c950b059d

SHA1
b11ea4c5a8e266fcc6286d7b08622e1cab96f7da

SHA256
50881073e0af1a3c1cf608924b2da0a04d006fbbcbeadb160c5450607afad661

SHA512
215841776f1cf7cf5301eafaa15f558cb1fefcb33a22925cbf5c80d011a96d24d7c6de2ee392e03afb6d5f33485d1d0ea7b6646148cc76bcc76d151078a68062

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23464.exe

Filesize
188KB

MD5
f3533cdee7a4cc983d3ec30f41a93a36

SHA1
b4a56c5430d453c9ebaafb4d2f0e6074e6874d40

SHA256
5f1ff1e15ffcdc86e33f551e0226111eba26aefd3a9c32113ea1e87c1be67306

SHA512
ee5c55ae28e7d442673c80732402580f1f3090b7bbc3e06f782d8602334f009f60e5697501cc566855b6fa7f838d8617564ba0142b407aa9c15493dd57d049f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26403.exe

Filesize
188KB

MD5
e64ddd8e8536c995b52fbb0f3dcd1efa

SHA1
1b77d49a0d4d3bd7ca7de6e5e8e78438c38dfd1f

SHA256
ff4ca26f02b4484c48af97a4a811a01c6084503f5cc95191aac05a71e409229b

SHA512
620b6a9f20b9f7f41fe5b5bcb7a068eaf8c960e13356a151d15d15c517f397594f7a832a52923e2771d3dd6614f5ff95d020e97411d866a10c3dc04da32f509d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe

Filesize
188KB

MD5
a865d3601f56d77d15064e4b482aa995

SHA1
c6ea5bf46e94306e3bc443fbf11c58e7a35f2d4f

SHA256
9594e570c638668d32291a8e0327a26cfbcbeebde1e79d25d516db3a4356429f

SHA512
aa186fcaf590530fe3be2f4e12d8c8dda8614cb020fa9913bbde5dcf4f827da7de5e0e411b0070d3d75d1d7ba243a76f59419430eb7480bfd0250ada5f852718

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe

Filesize
188KB

MD5
ad2bd87a4954bae0e65ad1e71cd01001

SHA1
a414b7660cce5bcfcaa3388693fa54bd04758edc

SHA256
4572425bec81b7570ff832761a73444129a6de7565587056c7189924109fdaed

SHA512
3b8ed8029f0e3ecefeec25df17c49d1cf34511c1075bcbfa946806b093d09c2aa9e2dab800c98274fb425113dc41620656a6d5e2efd439670843101f05fe223f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59834.exe

Filesize
188KB

MD5
bdfb41166d51c42f226c69579547ef4c

SHA1
5f06ffa65e43381a872b6316beccda601fc20ae3

SHA256
576a15da04c0ead0c627413cadefdb70d925e3f1dc64c573ee5ead2e120ea9e5

SHA512
b9b3d36293c7d8532968cc556d25b619111ac8fd4d1124d3a8d77d4e42b98d6122b316e6fd5314bfc416a675e9bb22b9bc627ddf5d7f08d6e727fe8ac187b3cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe

Filesize
188KB

MD5
ef3c2369194808a5b29a3d3d3e218da7

SHA1
c9f7f657b7390200944f7bfb9f9f3fa6b28a3c1b

SHA256
7cd409dac324db7a2ddc1a54409298cd010c75ee8fe76ba80dc63d9af5d2424d

SHA512
670f9d34488cc98cf92d7cefdb59edb471dcc82f7e1fe0a796b934a9e7116107633ab3c886242c7ff538e9726496decb316f0c3ba4fd6e7d236116e85eaf2cd0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe

Filesize
188KB

MD5
b9ac92883cd4332a8e618878f3e4daa5

SHA1
57e0489f7e4629f09167c1648cf79a13fd408eee

SHA256
52f41f98bea1c97ee7b059a4b6ab546d7e6619ec8944bee022e1ef210f63b6bb

SHA512
dfc90e4e2551013f393bd8af21319f5f76603c16a97eecc5d5cdf61ec89f1f968f0820e05946afb0793e46866856b3c4496c4bdc386b02011c42d4d3bbb56076

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe

Filesize
188KB

MD5
d3f24b34130261c4cc3a58c4e2924ebb

SHA1
814231556930515bff0b1374368c39453109d306

SHA256
bb131dfc16c8d574f66b36c87f94d7e7927f4f63a6cee363f48386505694ab81

SHA512
70048ca25f7386b3c495849df4cfffbee217089ca4f339dd5b08b72f8a8fb13c59f5bb7a2265b2adff426f70b076bd448c5d374a6be718231b3d61671c7b9d15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7651.exe

Filesize
188KB

MD5
cdfedd1cb56eabbfe80dbd45e568166d

SHA1
d1722176ef5b3bb713b8b09613922b98e4bc50bc

SHA256
2b544385e44dc2d198fb621ef2a0ebebffd76606b5b7bfbfa8d58d11aad618e1

SHA512
9b242feef879c88a2ee204b5b25793af7c1459cd612ef71becaa3a34be43dde9f1613cd9420be3a8919a786710333935c7aeb5ea8bb3655ec9ffb2ff18bd1e5b

Download Submit