e76ffddbd3834de23f34b6d5e09780e8565995c2e723bb9cb937d9cc42ea5cce

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 12:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe
Size

184KB
MD5

af2fc8bb053dcf694ebfd5360e34917b
SHA1

626e77c38fe6e28cf57e3142de9fd1233e2b85a9
SHA256

e76ffddbd3834de23f34b6d5e09780e8565995c2e723bb9cb937d9cc42ea5cce
SHA512

cfad1589ec70e071d7dac10c10b4d8cd527e228ecf634fd4e7078c8392b5da243dc0f4bd8bfc1a1583f8d0cb66d5850c2be54669c2a4fbb21f46c2ed3ca26f5a
SSDEEP

3072:I6tYxnAeC+FmgLzyzwAgBCcYgyOWZyulYh5xy5PpmylW32Ft:I6WxMOmgyzxgBCmqryylW32F

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2564	Unicorn-17589.exe
1908	Unicorn-41346.exe
2172	Unicorn-13312.exe
2852	Unicorn-7578.exe
2736	Unicorn-4049.exe
2868	Unicorn-15747.exe
2884	Unicorn-32441.exe
2704	Unicorn-28911.exe
1992	Unicorn-65305.exe
1092	Unicorn-20189.exe
2540	Unicorn-16467.exe
272	Unicorn-7189.exe
2152	Unicorn-19804.exe
1280	Unicorn-60090.exe
2056	Unicorn-31502.exe
2556	Unicorn-33400.exe
1124	Unicorn-4065.exe
2616	Unicorn-45653.exe
2252	Unicorn-2010.exe
1800	Unicorn-39513.exe
1652	Unicorn-22623.exe
2260	Unicorn-64807.exe
1440	Unicorn-4101.exe
2296	Unicorn-44387.exe
1160	Unicorn-40665.exe
880	Unicorn-19499.exe
2272	Unicorn-45264.exe
3016	Unicorn-45264.exe
2016	Unicorn-44558.exe
2904	Unicorn-38056.exe
2412	Unicorn-23343.exe
476	Unicorn-2368.exe
2848	Unicorn-62752.exe
1716	Unicorn-4231.exe
2748	Unicorn-18944.exe
2828	Unicorn-37095.exe
2648	Unicorn-7760.exe
2488	Unicorn-56769.exe
2036	Unicorn-27797.exe
1128	Unicorn-61216.exe
2372	Unicorn-44133.exe
1872	Unicorn-36711.exe
2420	Unicorn-52493.exe
292	Unicorn-7376.exe
2952	Unicorn-44880.exe
748	Unicorn-35773.exe
1404	Unicorn-40603.exe
2276	Unicorn-50630.exe
1796	Unicorn-6260.exe
2312	Unicorn-35638.exe
2852	Unicorn-15025.exe
2736	Unicorn-19472.exe
1668	Unicorn-39338.exe
2868	Unicorn-14833.exe
2356	Unicorn-3136.exe
2520	Unicorn-35062.exe
744	Unicorn-22810.exe
2240	Unicorn-49405.exe
1584	Unicorn-3733.exe
1960	Unicorn-44382.exe
2708	Unicorn-36768.exe
1984	Unicorn-52550.exe
2592	Unicorn-20240.exe
2764	Unicorn-40106.exe

Loads dropped DLL 64 IoCs

pid	Process
2592	af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe
2592	af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe
2564	Unicorn-17589.exe
2564	Unicorn-17589.exe
2592	af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe
2592	af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe
1908	Unicorn-41346.exe
1908	Unicorn-41346.exe
2564	Unicorn-17589.exe
2564	Unicorn-17589.exe
2172	Unicorn-13312.exe
2172	Unicorn-13312.exe
2852	Unicorn-7578.exe
2852	Unicorn-7578.exe
1908	Unicorn-41346.exe
1908	Unicorn-41346.exe
2736	Unicorn-4049.exe
2736	Unicorn-4049.exe
2868	Unicorn-15747.exe
2868	Unicorn-15747.exe
2172	Unicorn-13312.exe
2172	Unicorn-13312.exe
2884	Unicorn-32441.exe
2884	Unicorn-32441.exe
2852	Unicorn-7578.exe
2852	Unicorn-7578.exe
2704	Unicorn-28911.exe
2704	Unicorn-28911.exe
2540	Unicorn-16467.exe
2540	Unicorn-16467.exe
1596	WerFault.exe
2736	Unicorn-4049.exe
1596	WerFault.exe
1596	WerFault.exe
1596	WerFault.exe
1596	WerFault.exe
1596	WerFault.exe
2736	Unicorn-4049.exe
1092	Unicorn-20189.exe
1092	Unicorn-20189.exe
2868	Unicorn-15747.exe
2868	Unicorn-15747.exe
1596	WerFault.exe
272	Unicorn-7189.exe
272	Unicorn-7189.exe
2884	Unicorn-32441.exe
2884	Unicorn-32441.exe
2152	Unicorn-19804.exe
2152	Unicorn-19804.exe
1280	Unicorn-60090.exe
1280	Unicorn-60090.exe
2704	Unicorn-28911.exe
2704	Unicorn-28911.exe
1124	Unicorn-4065.exe
1124	Unicorn-4065.exe
1092	Unicorn-20189.exe
1092	Unicorn-20189.exe
2616	Unicorn-45653.exe
2616	Unicorn-45653.exe
2056	Unicorn-31502.exe
2556	Unicorn-33400.exe
2056	Unicorn-31502.exe
2556	Unicorn-33400.exe
2540	Unicorn-16467.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1596	1992	WerFault.exe	39
3048	1680	WerFault.exe	149
1156	1856	WerFault.exe	180
2024	2872	WerFault.exe	402
2412	2920	WerFault.exe	451
1280	2908	WerFault.exe	568

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60765.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49564.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45641.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25462.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3710.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46233.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22279.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57563.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54296.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41999.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9493.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4278.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48594.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44747.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51618.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38179.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2948.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2592	af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe
2564	Unicorn-17589.exe
1908	Unicorn-41346.exe
2172	Unicorn-13312.exe
2852	Unicorn-7578.exe
2736	Unicorn-4049.exe
2868	Unicorn-15747.exe
2884	Unicorn-32441.exe
2704	Unicorn-28911.exe
1092	Unicorn-20189.exe
1992	Unicorn-65305.exe
2540	Unicorn-16467.exe
272	Unicorn-7189.exe
2152	Unicorn-19804.exe
1280	Unicorn-60090.exe
2556	Unicorn-33400.exe
2056	Unicorn-31502.exe
1124	Unicorn-4065.exe
2616	Unicorn-45653.exe
2252	Unicorn-2010.exe
1800	Unicorn-39513.exe
1652	Unicorn-22623.exe
2260	Unicorn-64807.exe
1440	Unicorn-4101.exe
2296	Unicorn-44387.exe
1160	Unicorn-40665.exe
880	Unicorn-19499.exe
2272	Unicorn-45264.exe
3016	Unicorn-45264.exe
2016	Unicorn-44558.exe
2904	Unicorn-38056.exe
2412	Unicorn-23343.exe
476	Unicorn-2368.exe
2848	Unicorn-62752.exe
1716	Unicorn-4231.exe
2748	Unicorn-18944.exe
2828	Unicorn-37095.exe
2648	Unicorn-7760.exe
2488	Unicorn-56769.exe
2036	Unicorn-27797.exe
1128	Unicorn-61216.exe
2420	Unicorn-52493.exe
1872	Unicorn-36711.exe
2372	Unicorn-44133.exe
292	Unicorn-7376.exe
2952	Unicorn-44880.exe
1404	Unicorn-40603.exe
748	Unicorn-35773.exe
2276	Unicorn-50630.exe
1796	Unicorn-6260.exe
2312	Unicorn-35638.exe
2852	Unicorn-15025.exe
2736	Unicorn-19472.exe
1668	Unicorn-39338.exe
2868	Unicorn-14833.exe
2356	Unicorn-3136.exe
2520	Unicorn-35062.exe
744	Unicorn-22810.exe
1584	Unicorn-3733.exe
1960	Unicorn-44382.exe
2240	Unicorn-49405.exe
2708	Unicorn-36768.exe
1984	Unicorn-52550.exe
2764	Unicorn-40106.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2592 wrote to memory of 2564	2592	af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe	30
PID 2592 wrote to memory of 2564	2592	af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe	30
PID 2592 wrote to memory of 2564	2592	af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe	30
PID 2592 wrote to memory of 2564	2592	af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe	30
PID 2564 wrote to memory of 1908	2564	Unicorn-17589.exe	32
PID 2564 wrote to memory of 1908	2564	Unicorn-17589.exe	32
PID 2564 wrote to memory of 1908	2564	Unicorn-17589.exe	32
PID 2564 wrote to memory of 1908	2564	Unicorn-17589.exe	32
PID 2592 wrote to memory of 2172	2592	af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe	33
PID 2592 wrote to memory of 2172	2592	af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe	33
PID 2592 wrote to memory of 2172	2592	af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe	33
PID 2592 wrote to memory of 2172	2592	af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe	33
PID 1908 wrote to memory of 2852	1908	Unicorn-41346.exe	34
PID 1908 wrote to memory of 2852	1908	Unicorn-41346.exe	34
PID 1908 wrote to memory of 2852	1908	Unicorn-41346.exe	34
PID 1908 wrote to memory of 2852	1908	Unicorn-41346.exe	34
PID 2564 wrote to memory of 2736	2564	Unicorn-17589.exe	35
PID 2564 wrote to memory of 2736	2564	Unicorn-17589.exe	35
PID 2564 wrote to memory of 2736	2564	Unicorn-17589.exe	35
PID 2564 wrote to memory of 2736	2564	Unicorn-17589.exe	35
PID 2172 wrote to memory of 2868	2172	Unicorn-13312.exe	36
PID 2172 wrote to memory of 2868	2172	Unicorn-13312.exe	36
PID 2172 wrote to memory of 2868	2172	Unicorn-13312.exe	36
PID 2172 wrote to memory of 2868	2172	Unicorn-13312.exe	36
PID 2852 wrote to memory of 2884	2852	Unicorn-7578.exe	37
PID 2852 wrote to memory of 2884	2852	Unicorn-7578.exe	37
PID 2852 wrote to memory of 2884	2852	Unicorn-7578.exe	37
PID 2852 wrote to memory of 2884	2852	Unicorn-7578.exe	37
PID 1908 wrote to memory of 2704	1908	Unicorn-41346.exe	38
PID 1908 wrote to memory of 2704	1908	Unicorn-41346.exe	38
PID 1908 wrote to memory of 2704	1908	Unicorn-41346.exe	38
PID 1908 wrote to memory of 2704	1908	Unicorn-41346.exe	38
PID 2736 wrote to memory of 1992	2736	Unicorn-4049.exe	39
PID 2736 wrote to memory of 1992	2736	Unicorn-4049.exe	39
PID 2736 wrote to memory of 1992	2736	Unicorn-4049.exe	39
PID 2736 wrote to memory of 1992	2736	Unicorn-4049.exe	39
PID 2868 wrote to memory of 1092	2868	Unicorn-15747.exe	40
PID 2868 wrote to memory of 1092	2868	Unicorn-15747.exe	40
PID 2868 wrote to memory of 1092	2868	Unicorn-15747.exe	40
PID 2868 wrote to memory of 1092	2868	Unicorn-15747.exe	40
PID 2172 wrote to memory of 2540	2172	Unicorn-13312.exe	41
PID 2172 wrote to memory of 2540	2172	Unicorn-13312.exe	41
PID 2172 wrote to memory of 2540	2172	Unicorn-13312.exe	41
PID 2172 wrote to memory of 2540	2172	Unicorn-13312.exe	41
PID 2884 wrote to memory of 272	2884	Unicorn-32441.exe	42
PID 2884 wrote to memory of 272	2884	Unicorn-32441.exe	42
PID 2884 wrote to memory of 272	2884	Unicorn-32441.exe	42
PID 2884 wrote to memory of 272	2884	Unicorn-32441.exe	42
PID 2852 wrote to memory of 2152	2852	Unicorn-7578.exe	43
PID 2852 wrote to memory of 2152	2852	Unicorn-7578.exe	43
PID 2852 wrote to memory of 2152	2852	Unicorn-7578.exe	43
PID 2852 wrote to memory of 2152	2852	Unicorn-7578.exe	43
PID 2704 wrote to memory of 1280	2704	Unicorn-28911.exe	44
PID 2704 wrote to memory of 1280	2704	Unicorn-28911.exe	44
PID 2704 wrote to memory of 1280	2704	Unicorn-28911.exe	44
PID 2704 wrote to memory of 1280	2704	Unicorn-28911.exe	44
PID 1992 wrote to memory of 1596	1992	Unicorn-65305.exe	45
PID 1992 wrote to memory of 1596	1992	Unicorn-65305.exe	45
PID 1992 wrote to memory of 1596	1992	Unicorn-65305.exe	45
PID 1992 wrote to memory of 1596	1992	Unicorn-65305.exe	45
PID 2540 wrote to memory of 2056	2540	Unicorn-16467.exe	46
PID 2540 wrote to memory of 2056	2540	Unicorn-16467.exe	46
PID 2540 wrote to memory of 2056	2540	Unicorn-16467.exe	46
PID 2540 wrote to memory of 2056	2540	Unicorn-16467.exe	46

C:\Users\Admin\AppData\Local\Temp\af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\af2fc8bb053dcf694ebfd5360e34917b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32441.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        10⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37063.exe
        12⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        13⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57530.exe
        14⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45517.exe
        15⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
        16⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51122.exe
        17⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46579.exe
        19⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30259.exe
        20⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        21⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        9⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53116.exe
        10⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
        11⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        12⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42896.exe
        13⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        14⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59596.exe
        15⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        16⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        17⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        18⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
        19⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
        10⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54354.exe
        11⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47120.exe
        12⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46788.exe
        13⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52206.exe
        14⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13986.exe
        15⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        17⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38297.exe
        18⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
        19⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3710.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
        12⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        13⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
        14⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
        15⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44747.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50850.exe
        17⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
        18⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54296.exe
        19⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46055.exe
        17⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49252.exe
        18⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54216.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        10⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6904.exe
        11⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 216
        12⤵
        Program crash
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        10⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
        11⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51775.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        13⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22871.exe
        14⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
        15⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65302.exe
        16⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
        17⤵
        Program crash
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23343.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35638.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60905.exe
        9⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
        10⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
        12⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
        13⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
        14⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
        15⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        16⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        17⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        18⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        19⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2368.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44382.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        10⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
        11⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
        12⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
        13⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22850.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63379.exe
        15⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        16⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63133.exe
        17⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        18⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        19⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18699.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15521.exe
        10⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12221.exe
        11⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28600.exe
        13⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57240.exe
        14⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
        15⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        16⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        17⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3886.exe
        18⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29359.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49886.exe
        10⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48459.exe
        11⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        12⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        14⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51436.exe
        15⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe
        16⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        17⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe
        18⤵
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62752.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        9⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        10⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
        11⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23576.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        14⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31257.exe
        15⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56750.exe
        16⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
        17⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
        18⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        19⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42710.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe
        9⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42107.exe
        10⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28179.exe
        11⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        12⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38994.exe
        13⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11879.exe
        14⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
        15⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        16⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
        17⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
        18⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
        13⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
        14⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
        15⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51618.exe
        16⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41468.exe
        17⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49405.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27081.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        9⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
        10⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52875.exe
        11⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29300.exe
        12⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6897.exe
        13⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23058.exe
        14⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
        15⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        16⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62552.exe
        17⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9319.exe
        18⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        19⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1865.exe
        8⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
        9⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47893.exe
        10⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
        12⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        13⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
        14⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
        15⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
        16⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
        17⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21358.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23077.exe
        19⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9129.exe
        14⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        15⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12261.exe
        16⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        17⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22854.exe
        18⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19667.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41002.exe
        10⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
        11⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        12⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
        13⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        14⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
        15⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43092.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
        17⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
        18⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27460.exe
        9⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        10⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
        11⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        12⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
        13⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36057.exe
        14⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        15⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13719.exe
        16⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44737.exe
        17⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        18⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54296.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21330.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41056.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10176.exe
        9⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39165.exe
        10⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27458.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16903.exe
        12⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7271.exe
        13⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        14⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
        15⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
        16⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54275.exe
        17⤵
        
        PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28911.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64807.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18944.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36380.exe
        9⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43028.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        12⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2071.exe
        14⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        15⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        16⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        17⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48463.exe
        18⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21764.exe
        19⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26035.exe
        20⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65020.exe
        10⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17193.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22279.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        14⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
        15⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        16⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        17⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe
        18⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40826.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
        9⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        10⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        11⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29684.exe
        12⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2237.exe
        13⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
        14⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
        15⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10782.exe
        16⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46652.exe
        17⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19472.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
        8⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57563.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56004.exe
        10⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        11⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51604.exe
        12⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        13⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        14⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        15⤵
        Program crash
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37095.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61076.exe
        8⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
        9⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
        10⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        11⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
        12⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        13⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
        14⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6171.exe
        15⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
        16⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21328.exe
        17⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51997.exe
        18⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47317.exe
        10⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
        11⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2948.exe
        12⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54832.exe
        13⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
        14⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59028.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51618.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe
        17⤵
        
        PID:492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4101.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7760.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14833.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19359.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12446.exe
        9⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
        10⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        12⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
        13⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
        14⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30510.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3906.exe
        16⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24151.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62604.exe
        18⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
        19⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        8⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        9⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7950.exe
        10⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
        11⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        12⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3379.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34877.exe
        14⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-201.exe
        15⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        16⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52189.exe
        17⤵
        
        PID:748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        8⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45781.exe
        9⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        10⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
        11⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24386.exe
        12⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41928.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58312.exe
        15⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12853.exe
        16⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        17⤵
        
        PID:1708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4049.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35773.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        9⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7742.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37089.exe
        10⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
        11⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        12⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        13⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29742.exe
        14⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
        15⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-580.exe
        16⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3014.exe
        17⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        18⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20240.exe
        6⤵
        Executes dropped EXE
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36209.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54242.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        9⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33218.exe
        10⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28221.exe
        11⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
        12⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46633.exe
        13⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30959.exe
        14⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3014.exe
        16⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
        17⤵
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40603.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49919.exe
        6⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17193.exe
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        9⤵
        
        PID:1656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15747.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4065.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27797.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        9⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        10⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2963.exe
        11⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        12⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
        13⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        16⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        17⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53149.exe
        18⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
        7⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43858.exe
        8⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        10⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
        11⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        12⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28465.exe
        13⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64399.exe
        15⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
        16⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        17⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3175.exe
        18⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3733.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33412.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54761.exe
        9⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49564.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        11⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27266.exe
        12⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16903.exe
        13⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3379.exe
        14⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        15⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        16⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58717.exe
        17⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48510.exe
        18⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17246.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51637.exe
        8⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        9⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        10⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54188.exe
        11⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39570.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45507.exe
        13⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        14⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
        15⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
        16⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48681.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50303.exe
        7⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25462.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15028.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
        11⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42128.exe
        12⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30826.exe
        13⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
        14⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
        15⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        16⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
        17⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        9⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58106.exe
        10⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41760.exe
        11⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        12⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        13⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
        14⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        15⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
        16⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46211.exe
        17⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20856.exe
        18⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        16⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4654.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe
        11⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
        12⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60224.exe
        13⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        14⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        15⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7591.exe
        16⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56652.exe
        17⤵
        
        PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45653.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13546.exe
        7⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
        10⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        11⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
        12⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44059.exe
        13⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-385.exe
        14⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5979.exe
        15⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44877.exe
        16⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
        17⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        18⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
        19⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        14⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
        15⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        16⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
        17⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
        6⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21518.exe
        7⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        8⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53586.exe
        9⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
        11⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
        12⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
        13⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36517.exe
        14⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41940.exe
        15⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        16⤵
        
        PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52304.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        11⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
        12⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64832.exe
        13⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
        14⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        15⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        16⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24177.exe
        17⤵
        
        PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
        9⤵
        Program crash
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        6⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38565.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
        8⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        9⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10934.exe
        11⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35870.exe
        12⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59596.exe
        13⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41928.exe
        14⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60715.exe
        15⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32288.exe
        16⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
        17⤵
        
        PID:272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52732.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
        9⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23514.exe
        10⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
        11⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57935.exe
        12⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29306.exe
        6⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
        9⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1490.exe
        11⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41999.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31636.exe
        13⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        14⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        15⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59610.exe
        16⤵
        
        PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15601.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21705.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
        9⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        10⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
        12⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
        13⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        14⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26564.exe
        15⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62547.exe
        16⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41084.exe
        17⤵
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7407.exe
        6⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        7⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38179.exe
        9⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16213.exe
        11⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
        12⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29563.exe
        13⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        14⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58520.exe
        15⤵
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33369.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40101.exe
        6⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34590.exe
        8⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2190.exe
        10⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
        11⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
        12⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        11⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
        12⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46820.exe
        13⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7928.exe
        14⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        15⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        16⤵
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9493.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64691.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
        8⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        9⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
        11⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14178.exe
        12⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8937.exe
        13⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56807.exe
        14⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
        15⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38998.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
        10⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
        11⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
        12⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11135.exe
        13⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
        14⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65401.exe
        15⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
        16⤵
        Program crash
        
        PID:1280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13312.exe

Filesize
184KB

MD5
8c9aee8f277236f88d0b19cf7b5dd905

SHA1
ed36bb980f1943446a905e33c56130f1c8db83a2

SHA256
6ab299284ca1fad2ccb9873c81eaec82a0ebb18870a9b6e0d41ccd5aacacffec

SHA512
6001d37b920e0d5a3304e4d150e34735b78fda122b0a2cd19fdf463ae5e1b6cba429a93f6ccc3515d961029bbe265441fb26ae653d9a22841b060be567ad36f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe

Filesize
184KB

MD5
aec3070f1741f8be55cc03e1e0da7419

SHA1
9e1950cd801508e3f53e9c82eed43c3db51dfc0f

SHA256
154ae1d8b77f7a0adea82198dd4b82bae57b2b4ee48add33c3779f6efef10c98

SHA512
73a2d913b4053b672ebe667553ad7251824be5f41a2440c5a3192b67f4d3e7be0b3cc05c3c5d6b55986462b0f7639b80057acc3973ccb61a7e04b32803382d4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40603.exe

Filesize
184KB

MD5
459ae6d58df1eeca198eb8318227cc86

SHA1
fb0e8921f04d5aaada3725769190c7c46cc2f433

SHA256
64532fa2168c05d0f325e0e76b774092c37f4c111e731ccb7c0eaa9afe1d7503

SHA512
3bb719729cc8471c213f3722ec4a82c8f9e06d83d9939b85c76fa9632798cdaf4dd58cf41a2321d942cba83f7c5911f64fbc061bce707afd10b58694f1a25413

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe

Filesize
184KB

MD5
50932621a8d63269af552629ca575a11

SHA1
0795f3e306e0ba154750ba2467706343621c0677

SHA256
2ef770779f71be24f8abf8cbce5782d9696358f4037588d22df0b7e728c903fb

SHA512
3ce7cd21f057ad2722d0b9dfbe10dee423aa281e33f6ba514171fb96dc6a1b65a7bd2b875c2d48054996df144ad772c495e5d7d2630ef1935bceff7653b850dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe

Filesize
184KB

MD5
42bbb48a6268e6be0806775dc4ccd6df

SHA1
c445e8b1110f6706440e093c54fae60c7dbfd724

SHA256
e74ec0e323fced2fc21424ed59bfb585018da4b2e51c15bffbbfed6d508d9344

SHA512
1f8cb61baeb3e219a01dd64f5505cb92307b36fbb19621cb29d0ed321810e3fd3289649e302747deef69aa1be1cbdfeab48a88196b35b3e4fa8a77f1c8fa5d9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe

Filesize
184KB

MD5
946366401ea7f8e2148ec913212382dc

SHA1
bc756f63ad909794970610f3916f93410539ba32

SHA256
1610e3cf9c1e3b56637494bf2034547a30000a317b349cf72ffc83ae3935f8b9

SHA512
acb343c42497cc0030583133803e8b5fd1d0efd263a1736d2616c472ba1cd5111f94c496ca8341e9967acfdd430ebeb5f3330d24a2fe0faa0a078cdac2eabcd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7578.exe

Filesize
184KB

MD5
dbdcc5de52909535ceeff508799b5546

SHA1
4f4db5544be8f0a528f2de26149bec51bacc6819

SHA256
073bead2381aa6c330cda26714067d2d76ca333de205c8688a0e17bf011d6b09

SHA512
438003c705b238968ead680103028c3dd4544d89c733682dafba5da74fd23036d67de3d3586f07915bf86b91c66520415e3c5e47826f4f58bb63f812f34c016c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15747.exe

Filesize
184KB

MD5
135d3f8e61577822c2a4a04b59a40b8c

SHA1
0115c6c5b9e35ffee7bc2fe1e6066178ad2530f4

SHA256
2394182e865eb81ec6a5b5ff84594f41b55128948f6fc89b07cdddc8ecfec9c8

SHA512
884789bb34171e0e93e2c4d1ac11165cb6af66e027044be453f29d64d931178cba30344a88e7a2d33eeaf1e1979a26ca2cca4fd872d89f6bcb394e7cda6fd76e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe

Filesize
184KB

MD5
cb389365e091ed1a904d871cb4fa5c37

SHA1
07465f87c6a57bc8e4ce1bc75fe824b5799ebc36

SHA256
197b30c41c99915147c39c250cd8eeb68691a8730c745712385a5c7e755004e6

SHA512
c0a71c26f485736dbb4339a402d0b299d5b6759913a3e690cf6d8783ab58bc8876f01e0cdcf6c13969ad8059497a5a80d453e6740474dcfee8cc4d7cdc8900a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe

Filesize
184KB

MD5
b050eb21a3d9480e7b3942bbe6fb1bce

SHA1
6fb3ec560a173160399b186c73f5ea0dc6152756

SHA256
f27a1a6df3b32b351aa6dd255e71c81c1d8ab6d75defc3057c033c17f66215c6

SHA512
eb9e2255bfc9e5c42f5a358c33178418f263598d70377f7ad4b038c40e3e8b28ccbc47aba0b8e580119583b45b07b94a134d6d9398fc211ddbc1990a74ee0773

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe

Filesize
184KB

MD5
a0f91e5019c08ac89c7c40b4d1865871

SHA1
66146ba7aac1fa96af8213ac9603660e600f1ea1

SHA256
ec52732841c933c8af8f598faef740e6b17d812b104d3ada65d499133255ba80

SHA512
92cde3e8ded8a4082bbf1ff8a6a3a3f5920dc648f389498c276708afa2ce277f8fda5a30a3d3efae3c70db44aca6cffc1a2da464dc13872b85842887ed098f17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe

Filesize
184KB

MD5
9ae8b769411b72f779f0783d75ecaab8

SHA1
5df2bac48b0c1e27cf599e6ab5aa326d74340b6b

SHA256
c55e6aea05d0077101a23a521ae5a5f4306d7b516afd85fd85b9d9de128b3ac2

SHA512
559caba24c0fb0abf36cd579df54ce726d72072b27222cd39f01e522d4784ee48ead93b7ac8000cdbf59191190f1d36172c9d1dfb73dc384d404b0615f48da3d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28911.exe

Filesize
184KB

MD5
67d446c355ada2211a1825476aac23de

SHA1
84b4448df4dc2e5f7b419edffa8718213b3222f1

SHA256
b0b3b643661347e0464c9fa53558f3f2c5dc61b67ed24324340648753edeecea

SHA512
b2917fff7a6d945b31bf82d6c8959c02e8d31501664dd6c0236cd66bacab5c85397d796a480484f85a6dfb05537d4966a9bac5127b76f05c1c93c136bb95a48a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe

Filesize
184KB

MD5
35cf5b8b0fa45b76c3880d71919f7fc0

SHA1
e4b9c432ef11cce8187c73c4a333fe509743ad52

SHA256
048a6e9a1b7869e0f80fec1caab53bcf88af6cace48e489411de35184eed41d5

SHA512
6921904d99519910487e66deb5ba85b4b8e81359667a232787d19f1bd78468b3e6c511a15a265366f5f9277b0be83aa9525a25af658b4dde48e813bc1a263f35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32441.exe

Filesize
184KB

MD5
34ee10dc0f0fa99600728b26ab5ba4c0

SHA1
15fbcef17ccdb67d1e23cf76f2863e606f81ca56

SHA256
42efb933b9c93976d4489109f24b36fed288da46553706786f1c840810f8faea

SHA512
bb5b809b5e0d9b93d13e171364d07206203272516cccb84ba9c41079cb8ac04c248821d990e29ad8c621de98a6b77939893d560d0f8efd83d458c5a47f148dda

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33400.exe

Filesize
184KB

MD5
1ab2e1f459870a6c443b3bf457e36f53

SHA1
c4deb72b7a97595a90cc0c32572703f69c659b54

SHA256
7e31eb966e3b9a5555c6fc4d396be03b97519890a494ee8803df052c3fe34f03

SHA512
bae2c38b42cc7f3107141cff5e8d74203127e7fe37060b60d881d62b5cd433375b83a079a3791a55381a4a258dd649f5c4aa32b922f25b4eb9176ff4bd47da05

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4049.exe

Filesize
184KB

MD5
6fe8aeab68d8818514bcf424723a40b5

SHA1
faba5896ee9a7de7eaddee386eee356574065e90

SHA256
73ccc298592ee8278af2cd53c4a309d8172979df2ab88505cfc8fbebe190b35d

SHA512
60ca8a1d018d53c1eaf7db20a2fdab6e4a26d8e1c344db6fa4e1450859d78e8c0217f3016840166a36d2b9c70e39d8f0f6bdea17a10f5e051914d83776965d0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe

Filesize
184KB

MD5
29171d756e07918385abd96d8f84fc02

SHA1
c16e9682360851ee118e3a764397b0df1a65186d

SHA256
eb388f2e618d8474d602406a740f3b97a83e897c0c85b99f437c4a4cdb01fdc0

SHA512
8223683ed08f0627d5b1e3a6136f7f1ba99a1399b76eefc0f5fa14e3277d379691ff8fc260db982c53579dc5cd55ddeda088b0e92b562056c70425a7db77f988

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe

Filesize
184KB

MD5
194e3b3725759e75ae28090527ea6cbe

SHA1
18f28a751583e0f13b5be3e068eefeade03ec236

SHA256
63987f223546b6e5bc409a5387d52a77d03aee9097cc4517572a7a2d1ed6afc8

SHA512
129d72e9677969ccfa91ba0e3867dea9cc5b09109891d3af50f5628ccad67313218619b760312ea3ac440ca4edf24d375267cb6091b5c8ee45af44971e96e5cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe

Filesize
184KB

MD5
7f11e103016a3f707b78dda9f84ccf17

SHA1
bbc45e70d3791c9428804973d90664c4f5d9d1bc

SHA256
bfea9b8b09d8ce4a6b26edd06cafb57bcd132e5ff3011b893d85cfbe646b8a1a

SHA512
4cdb9e8a3403ef9d9d244e88d387711d453ec10f3791cf42c86489a3cf0e3ec9e7025eec204cbfbabc03780fcf37eaa4ff4415f1e4eb7fbaceb510b15c335bc4

Download Submit