abab67e66df61473fa51f3793cb3dfb890e203992e187221481b0e516571e816

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21-08-2024 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b48e6e608c103aa106638460ff222338_JaffaCakes118.exe
Size

188KB
MD5

b48e6e608c103aa106638460ff222338
SHA1

c2f802a002d61dee6ca2d02e1783968095c1ebf3
SHA256

abab67e66df61473fa51f3793cb3dfb890e203992e187221481b0e516571e816
SHA512

45573d45d5beeb01c6d7227fbb8408be95416cac8d9afb4e6237d91010e19ac43b11f4082f761ce8d99a9cac4eb2d0db3a7ce7f919571730c2059c1a33a63799
SSDEEP

3072:e6uiomk7ovMoEJOjyq+X/H7mTkqUJUfjzMjxoJm7cxlvJpF3:e6DoUBEJdqw/H72L1vxlvJpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2084	Unicorn-27419.exe
536	Unicorn-63345.exe
1508	Unicorn-47564.exe
2700	Unicorn-24534.exe
2184	Unicorn-8752.exe
2980	Unicorn-59344.exe
2644	Unicorn-20533.exe
2328	Unicorn-35477.exe
1480	Unicorn-32785.exe
3004	Unicorn-63511.exe
2928	Unicorn-21087.exe
2368	Unicorn-60579.exe
2160	Unicorn-18155.exe
860	Unicorn-59764.exe
2180	Unicorn-1072.exe
1600	Unicorn-3765.exe
1856	Unicorn-54357.exe
2148	Unicorn-58441.exe
1704	Unicorn-21768.exe
1720	Unicorn-44881.exe
1656	Unicorn-3293.exe
2060	Unicorn-7953.exe
704	Unicorn-61793.exe
1744	Unicorn-46848.exe
548	Unicorn-55016.exe
3020	Unicorn-12592.exe
1756	Unicorn-20760.exe
884	Unicorn-40626.exe
2400	Unicorn-18800.exe
2172	Unicorn-59318.exe
2900	Unicorn-35136.exe
1028	Unicorn-40843.exe
2796	Unicorn-60709.exe
2760	Unicorn-14222.exe
2612	Unicorn-2525.exe
2332	Unicorn-34643.exe
1732	Unicorn-20253.exe
2788	Unicorn-39281.exe
2996	Unicorn-36589.exe
2956	Unicorn-44757.exe
3000	Unicorn-18115.exe
1760	Unicorn-46080.exe
1364	Unicorn-408.exe
1740	Unicorn-23521.exe
2064	Unicorn-40071.exe
1708	Unicorn-5815.exe
2352	Unicorn-60491.exe
3044	Unicorn-33849.exe
836	Unicorn-15374.exe
620	Unicorn-61046.exe
2260	Unicorn-5068.exe
2032	Unicorn-1539.exe
1784	Unicorn-21405.exe
896	Unicorn-52131.exe
2300	Unicorn-13791.exe
1552	Unicorn-33657.exe
576	Unicorn-38295.exe
2404	Unicorn-32287.exe
1696	Unicorn-63568.exe
2644	Unicorn-21981.exe
2456	Unicorn-42401.exe
2116	Unicorn-42401.exe
2844	Unicorn-42955.exe
2636	Unicorn-62821.exe

Loads dropped DLL 64 IoCs

pid	Process
2464	b48e6e608c103aa106638460ff222338_JaffaCakes118.exe
2464	b48e6e608c103aa106638460ff222338_JaffaCakes118.exe
2084	Unicorn-27419.exe
2084	Unicorn-27419.exe
2464	b48e6e608c103aa106638460ff222338_JaffaCakes118.exe
2464	b48e6e608c103aa106638460ff222338_JaffaCakes118.exe
536	Unicorn-63345.exe
536	Unicorn-63345.exe
2084	Unicorn-27419.exe
2084	Unicorn-27419.exe
1508	Unicorn-47564.exe
1508	Unicorn-47564.exe
2700	Unicorn-24534.exe
2700	Unicorn-24534.exe
536	Unicorn-63345.exe
536	Unicorn-63345.exe
2184	Unicorn-8752.exe
2184	Unicorn-8752.exe
2980	Unicorn-59344.exe
2980	Unicorn-59344.exe
1508	Unicorn-47564.exe
1508	Unicorn-47564.exe
2644	Unicorn-20533.exe
2644	Unicorn-20533.exe
2700	Unicorn-24534.exe
2700	Unicorn-24534.exe
2980	Unicorn-59344.exe
2928	Unicorn-21087.exe
2184	Unicorn-8752.exe
2980	Unicorn-59344.exe
2928	Unicorn-21087.exe
2184	Unicorn-8752.exe
1480	Unicorn-32785.exe
1480	Unicorn-32785.exe
2328	Unicorn-35477.exe
2328	Unicorn-35477.exe
2368	Unicorn-60579.exe
2368	Unicorn-60579.exe
2644	Unicorn-20533.exe
2644	Unicorn-20533.exe
2160	Unicorn-18155.exe
2160	Unicorn-18155.exe
2180	Unicorn-1072.exe
2180	Unicorn-1072.exe
2928	Unicorn-21087.exe
2928	Unicorn-21087.exe
860	Unicorn-59764.exe
860	Unicorn-59764.exe
1856	Unicorn-54357.exe
1856	Unicorn-54357.exe
2328	Unicorn-35477.exe
2328	Unicorn-35477.exe
1480	Unicorn-32785.exe
1600	Unicorn-3765.exe
1480	Unicorn-32785.exe
1600	Unicorn-3765.exe
1704	Unicorn-21768.exe
1704	Unicorn-21768.exe
2368	Unicorn-60579.exe
2368	Unicorn-60579.exe
1656	Unicorn-3293.exe
1656	Unicorn-3293.exe
2160	Unicorn-18155.exe
2160	Unicorn-18155.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2788	1296	WerFault.exe	156
776	2812	WerFault.exe	209
2184	2912	WerFault.exe	275
1276	2892	WerFault.exe	346
1304	2744	WerFault.exe	365
2256	2144	WerFault.exe	506

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32287.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-624.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10852.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24060.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28222.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63345.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12077.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48320.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12160.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2464	b48e6e608c103aa106638460ff222338_JaffaCakes118.exe
2084	Unicorn-27419.exe
536	Unicorn-63345.exe
1508	Unicorn-47564.exe
2700	Unicorn-24534.exe
2184	Unicorn-8752.exe
2980	Unicorn-59344.exe
2644	Unicorn-20533.exe
2328	Unicorn-35477.exe
1480	Unicorn-32785.exe
2928	Unicorn-21087.exe
3004	Unicorn-63511.exe
2368	Unicorn-60579.exe
2160	Unicorn-18155.exe
2180	Unicorn-1072.exe
860	Unicorn-59764.exe
1856	Unicorn-54357.exe
1600	Unicorn-3765.exe
2148	Unicorn-58441.exe
1704	Unicorn-21768.exe
1720	Unicorn-44881.exe
1656	Unicorn-3293.exe
2060	Unicorn-7953.exe
704	Unicorn-61793.exe
1744	Unicorn-46848.exe
3020	Unicorn-12592.exe
548	Unicorn-55016.exe
1756	Unicorn-20760.exe
884	Unicorn-40626.exe
2400	Unicorn-18800.exe
2900	Unicorn-35136.exe
2172	Unicorn-59318.exe
1028	Unicorn-40843.exe
2796	Unicorn-60709.exe
2760	Unicorn-14222.exe
2612	Unicorn-2525.exe
2332	Unicorn-34643.exe
1732	Unicorn-20253.exe
2996	Unicorn-36589.exe
2788	Unicorn-39281.exe
2956	Unicorn-44757.exe
3000	Unicorn-18115.exe
1760	Unicorn-46080.exe
1364	Unicorn-408.exe
1740	Unicorn-23521.exe
2064	Unicorn-40071.exe
1708	Unicorn-5815.exe
2352	Unicorn-60491.exe
3044	Unicorn-33849.exe
620	Unicorn-61046.exe
836	Unicorn-15374.exe
2260	Unicorn-5068.exe
2032	Unicorn-1539.exe
1784	Unicorn-21405.exe
896	Unicorn-52131.exe
2300	Unicorn-13791.exe
1552	Unicorn-33657.exe
576	Unicorn-38295.exe
2404	Unicorn-32287.exe
1696	Unicorn-63568.exe
2644	Unicorn-21981.exe
2116	Unicorn-42401.exe
2456	Unicorn-42401.exe
2904	Unicorn-42955.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 2084	2464	b48e6e608c103aa106638460ff222338_JaffaCakes118.exe	30
PID 2464 wrote to memory of 2084	2464	b48e6e608c103aa106638460ff222338_JaffaCakes118.exe	30
PID 2464 wrote to memory of 2084	2464	b48e6e608c103aa106638460ff222338_JaffaCakes118.exe	30
PID 2464 wrote to memory of 2084	2464	b48e6e608c103aa106638460ff222338_JaffaCakes118.exe	30
PID 2084 wrote to memory of 536	2084	Unicorn-27419.exe	31
PID 2084 wrote to memory of 536	2084	Unicorn-27419.exe	31
PID 2084 wrote to memory of 536	2084	Unicorn-27419.exe	31
PID 2084 wrote to memory of 536	2084	Unicorn-27419.exe	31
PID 2464 wrote to memory of 1508	2464	b48e6e608c103aa106638460ff222338_JaffaCakes118.exe	32
PID 2464 wrote to memory of 1508	2464	b48e6e608c103aa106638460ff222338_JaffaCakes118.exe	32
PID 2464 wrote to memory of 1508	2464	b48e6e608c103aa106638460ff222338_JaffaCakes118.exe	32
PID 2464 wrote to memory of 1508	2464	b48e6e608c103aa106638460ff222338_JaffaCakes118.exe	32
PID 536 wrote to memory of 2700	536	Unicorn-63345.exe	34
PID 536 wrote to memory of 2700	536	Unicorn-63345.exe	34
PID 536 wrote to memory of 2700	536	Unicorn-63345.exe	34
PID 536 wrote to memory of 2700	536	Unicorn-63345.exe	34
PID 2084 wrote to memory of 2184	2084	Unicorn-27419.exe	35
PID 2084 wrote to memory of 2184	2084	Unicorn-27419.exe	35
PID 2084 wrote to memory of 2184	2084	Unicorn-27419.exe	35
PID 2084 wrote to memory of 2184	2084	Unicorn-27419.exe	35
PID 1508 wrote to memory of 2980	1508	Unicorn-47564.exe	36
PID 1508 wrote to memory of 2980	1508	Unicorn-47564.exe	36
PID 1508 wrote to memory of 2980	1508	Unicorn-47564.exe	36
PID 1508 wrote to memory of 2980	1508	Unicorn-47564.exe	36
PID 2700 wrote to memory of 2644	2700	Unicorn-24534.exe	37
PID 2700 wrote to memory of 2644	2700	Unicorn-24534.exe	37
PID 2700 wrote to memory of 2644	2700	Unicorn-24534.exe	37
PID 2700 wrote to memory of 2644	2700	Unicorn-24534.exe	37
PID 536 wrote to memory of 2328	536	Unicorn-63345.exe	38
PID 536 wrote to memory of 2328	536	Unicorn-63345.exe	38
PID 536 wrote to memory of 2328	536	Unicorn-63345.exe	38
PID 536 wrote to memory of 2328	536	Unicorn-63345.exe	38
PID 2184 wrote to memory of 1480	2184	Unicorn-8752.exe	39
PID 2184 wrote to memory of 1480	2184	Unicorn-8752.exe	39
PID 2184 wrote to memory of 1480	2184	Unicorn-8752.exe	39
PID 2184 wrote to memory of 1480	2184	Unicorn-8752.exe	39
PID 2980 wrote to memory of 3004	2980	Unicorn-59344.exe	40
PID 2980 wrote to memory of 3004	2980	Unicorn-59344.exe	40
PID 2980 wrote to memory of 3004	2980	Unicorn-59344.exe	40
PID 2980 wrote to memory of 3004	2980	Unicorn-59344.exe	40
PID 1508 wrote to memory of 2928	1508	Unicorn-47564.exe	41
PID 1508 wrote to memory of 2928	1508	Unicorn-47564.exe	41
PID 1508 wrote to memory of 2928	1508	Unicorn-47564.exe	41
PID 1508 wrote to memory of 2928	1508	Unicorn-47564.exe	41
PID 2644 wrote to memory of 2368	2644	Unicorn-20533.exe	42
PID 2644 wrote to memory of 2368	2644	Unicorn-20533.exe	42
PID 2644 wrote to memory of 2368	2644	Unicorn-20533.exe	42
PID 2644 wrote to memory of 2368	2644	Unicorn-20533.exe	42
PID 2700 wrote to memory of 2160	2700	Unicorn-24534.exe	43
PID 2700 wrote to memory of 2160	2700	Unicorn-24534.exe	43
PID 2700 wrote to memory of 2160	2700	Unicorn-24534.exe	43
PID 2700 wrote to memory of 2160	2700	Unicorn-24534.exe	43
PID 2980 wrote to memory of 860	2980	Unicorn-59344.exe	44
PID 2980 wrote to memory of 860	2980	Unicorn-59344.exe	44
PID 2980 wrote to memory of 860	2980	Unicorn-59344.exe	44
PID 2980 wrote to memory of 860	2980	Unicorn-59344.exe	44
PID 2928 wrote to memory of 2180	2928	Unicorn-21087.exe	45
PID 2928 wrote to memory of 2180	2928	Unicorn-21087.exe	45
PID 2928 wrote to memory of 2180	2928	Unicorn-21087.exe	45
PID 2928 wrote to memory of 2180	2928	Unicorn-21087.exe	45
PID 2184 wrote to memory of 1600	2184	Unicorn-8752.exe	46
PID 2184 wrote to memory of 1600	2184	Unicorn-8752.exe	46
PID 2184 wrote to memory of 1600	2184	Unicorn-8752.exe	46
PID 2184 wrote to memory of 1600	2184	Unicorn-8752.exe	46

C:\Users\Admin\AppData\Local\Temp\b48e6e608c103aa106638460ff222338_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\b48e6e608c103aa106638460ff222338_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40071.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5343.exe
        10⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4487.exe
        11⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19729.exe
        12⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        14⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
        16⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39768.exe
        17⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
        18⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
        19⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        20⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
        11⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        12⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        13⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23593.exe
        14⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64760.exe
        16⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
        17⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5383.exe
        19⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59183.exe
        9⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        10⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43605.exe
        11⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26278.exe
        12⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57095.exe
        13⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16442.exe
        14⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
        15⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47651.exe
        16⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43322.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        18⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5815.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25572.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56594.exe
        10⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        11⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17184.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
        13⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
        15⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
        16⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64366.exe
        17⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34316.exe
        9⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        10⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36916.exe
        11⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51086.exe
        14⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24802.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58154.exe
        16⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
        17⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27371.exe
        18⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
        19⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8228.exe
        8⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
        10⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23097.exe
        11⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        12⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
        13⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13940.exe
        14⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21118.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        16⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        17⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
        18⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60709.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33849.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
        9⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56594.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36676.exe
        11⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36444.exe
        12⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        13⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35160.exe
        14⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        15⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30609.exe
        16⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
        17⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53074.exe
        18⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32924.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        9⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46044.exe
        10⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        11⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        12⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6716.exe
        13⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        14⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
        15⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
        16⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62721.exe
        17⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
        18⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
        19⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61046.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42183.exe
        8⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        9⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        10⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        11⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        12⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        13⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
        14⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51200.exe
        15⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
        17⤵
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18155.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35136.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44705.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
        10⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54918.exe
        11⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        12⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
        13⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        15⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4952.exe
        16⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        17⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
        18⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        19⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12800.exe
        8⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16858.exe
        9⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
        10⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
        11⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        12⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
        13⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        14⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
        15⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36442.exe
        16⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39535.exe
        17⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
        11⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
        12⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
        13⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34937.exe
        14⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63603.exe
        15⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
        16⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46276.exe
        17⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54822.exe
        12⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47381.exe
        13⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
        14⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40526.exe
        15⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        16⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47511.exe
        17⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        18⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        8⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38504.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
        10⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26941.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45144.exe
        12⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19073.exe
        13⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        14⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32467.exe
        15⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
        16⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32348.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
        8⤵
        
        PID:1296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
        9⤵
        Program crash
        
        PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35477.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44757.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        7⤵
        Executes dropped EXE
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8332.exe
        8⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41571.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38538.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        12⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62373.exe
        13⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65419.exe
        14⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
        15⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        17⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        6⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        9⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12087.exe
        11⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20360.exe
        12⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28092.exe
        13⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9804.exe
        14⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51408.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54553.exe
        16⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29696.exe
        17⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5907.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
        16⤵
        
        PID:704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8752.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18115.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32287.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1451.exe
        9⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        10⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
        11⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23097.exe
        13⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        14⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        15⤵
        Program crash
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        12⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39908.exe
        13⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        14⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12845.exe
        15⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
        16⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        17⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        18⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        9⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
        10⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        11⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        12⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45035.exe
        13⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        14⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62819.exe
        15⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3909.exe
        16⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-588.exe
        17⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
        18⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
        19⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
        9⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
        10⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
        11⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36016.exe
        12⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23593.exe
        13⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30075.exe
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39931.exe
        9⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        10⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        11⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        12⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
        13⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12845.exe
        14⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
        15⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        16⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        17⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42571.exe
        18⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46080.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62821.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63200.exe
        9⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60242.exe
        10⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
        11⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        12⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe
        13⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
        14⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        15⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51984.exe
        16⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        17⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        7⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        9⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        10⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39244.exe
        11⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
        12⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
        13⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        16⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
        17⤵
        
        PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20760.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36589.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        8⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
        9⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55691.exe
        10⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60154.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31605.exe
        13⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11096.exe
        14⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12845.exe
        15⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
        16⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        18⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10558.exe
        7⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7201.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
        9⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34555.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8517.exe
        12⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        13⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        15⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        17⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
        18⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        6⤵
        Executes dropped EXE
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60870.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42344.exe
        9⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9941.exe
        10⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
        11⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
        12⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        13⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31211.exe
        14⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        15⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23334.exe
        16⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        17⤵
        
        PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3765.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26702.exe
        7⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45935.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
        10⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        11⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
        12⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14879.exe
        13⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
        14⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        15⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
        16⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26934.exe
        17⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        7⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50263.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46231.exe
        10⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
        11⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        12⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        13⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17402.exe
        14⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        15⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        16⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        17⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        18⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30208.exe
        13⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
        14⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exe
        15⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27750.exe
        17⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
        11⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        12⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53411.exe
        13⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13971.exe
        14⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        15⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30324.exe
        16⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39919.exe
        17⤵
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23521.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64767.exe
        6⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11565.exe
        7⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
        8⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
        10⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 244
        11⤵
        Program crash
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31457.exe
        10⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56353.exe
        11⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        12⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16032.exe
        13⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        14⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21943.exe
        15⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        16⤵
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
        6⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54975.exe
        9⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
        10⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        11⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        12⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
        13⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        14⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        15⤵
        
        PID:1508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59764.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7865.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
        9⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17264.exe
        10⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        11⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19680.exe
        12⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49742.exe
        13⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
        14⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42647.exe
        15⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
        16⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57822.exe
        17⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
        18⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23839.exe
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        9⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe
        10⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26086.exe
        11⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
        12⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42377.exe
        13⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12077.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31258.exe
        17⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        9⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35357.exe
        10⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24060.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 376
        12⤵
        Program crash
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        9⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
        10⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13750.exe
        11⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe
        12⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50489.exe
        13⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3634.exe
        14⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        15⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
        16⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64319.exe
        17⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
        18⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
        16⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        17⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        11⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        12⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-977.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19639.exe
        15⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16593.exe
        16⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34585.exe
        9⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
        11⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35060.exe
        12⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54817.exe
        13⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        14⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
        15⤵
        
        PID:620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21981.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4357.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5914.exe
        8⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
        9⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11887.exe
        10⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58595.exe
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42726.exe
        12⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
        13⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45627.exe
        14⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15279.exe
        15⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe
        16⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9794.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
        11⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        12⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56312.exe
        13⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
        14⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        15⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        6⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56677.exe
        7⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10852.exe
        9⤵
        
        PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21087.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14222.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21405.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49941.exe
        9⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55691.exe
        10⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        11⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57907.exe
        12⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        13⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40868.exe
        14⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        15⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        16⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32363.exe
        17⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7085.exe
        18⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 244
        19⤵
        Program crash
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9463.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
        9⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        10⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23572.exe
        12⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63421.exe
        13⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 200
        14⤵
        Program crash
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9941.exe
        10⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        11⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27760.exe
        12⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-572.exe
        13⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61060.exe
        14⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        16⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37588.exe
        17⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        9⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        10⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23053.exe
        11⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51745.exe
        12⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30609.exe
        14⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24190.exe
        15⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        16⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
        17⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13791.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8332.exe
        7⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26527.exe
        8⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15364.exe
        9⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
        10⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12751.exe
        11⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
        12⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
        13⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
        14⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        15⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        16⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
        17⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
        15⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46276.exe
        16⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38248.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60468.exe
        12⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        14⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
        15⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        16⤵
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41581.exe
        8⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32614.exe
        10⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        11⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35160.exe
        12⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24802.exe
        13⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
        14⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48969.exe
        16⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
        17⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38051.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16299.exe
        9⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
        10⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
        11⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
        12⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9145.exe
        13⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12456.exe
        14⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55108.exe
        15⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24486.exe
        16⤵
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-444.exe
        6⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33076.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55691.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        9⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47142.exe
        10⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49311.exe
        11⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        12⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29291.exe
        13⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        14⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52311.exe
        15⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12160.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38295.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1150.exe
        6⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
        7⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21348.exe
        8⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        9⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        10⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        11⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        12⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        13⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22872.exe
        14⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46193.exe
        15⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
        16⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        8⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21434.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38725.exe
        11⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60811.exe
        12⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20438.exe
        13⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15362.exe
        14⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        15⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57454.exe
        16⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35382.exe
        12⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51844.exe
        13⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53546.exe
        14⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
        15⤵
        
        PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1072.exe

Filesize
188KB

MD5
4ab29b15a341a5a11aea23b43592a967

SHA1
d067ec15b32b3405560f7567a82b5470f58c52f7

SHA256
48d793cfa80efef38285ff271a7bf5dc46487d63d50ba24ca9ac4e007744859f

SHA512
9c53bbf9f1700886838aaf22d51e47e526bc5b344b82a83e6ff6908a8f7232a612b28f37bd3a10bee644dc7169901e281aeccdcef3faf469f0037cd210fd1a3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21087.exe

Filesize
188KB

MD5
62022b29df0cd4be5027c06f1ab5ae3f

SHA1
9a1d1f96c6ccdb39223d547eac865dea6ea22669

SHA256
d24760008d15c5c8abafea0a76cd6efb015bf821ebb43f4ffd36cbe442f7a1b1

SHA512
0862456372c155a273d027f5ca5cfb23980436bdbe338ead73eadd7165cbb6ad8859770e95124447738bf566c1fee6ba8c2a00179f8715f6b9d7aaa50e374c45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32785.exe

Filesize
188KB

MD5
efa88eae962faa5c7f8fee3293fcfff2

SHA1
4a891548d3992f3498a2d17145d5f777baaed3eb

SHA256
8a3b5c92bbc6f74d936c0439e24042cb39d0ccdce692fb80c0e5d987ad362342

SHA512
fac7a08a1edb32beac7aeb1ee8646494839167ca2843c41b5f2775ad901f7892a4984e42b2a591ee3619356781d36ed91a06679d7d4c88000e1757a128491c3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3765.exe

Filesize
188KB

MD5
55adb6f322f413ebad161669c750e0f8

SHA1
2548a605cdeaf0a3dcd4b0daa90a9e8d0508bad4

SHA256
d9029804a61d438e640eba7129a231b29e1cb38084463176c76a878bbead4387

SHA512
8f61a268f4ca07da8d8b914da96454c53f0b5169510577d43d8f84f7a7ed672ea74e553814c5f3ad03103da1ca562187b2d638eab417db6a8aee4177d8ec8913

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe

Filesize
188KB

MD5
b9daa715259dfda8753d34b1bad00fb5

SHA1
ba8b3930e6dd69615e5f5c13fbfb39bae6b4ab51

SHA256
9c2d979db81fcf2acf08007d8e4ae3b72bc5420872ab7f741e36dc0d716fce5e

SHA512
d986f0a9895c5e83c5b94d135fd28525727cd2585b123c590873195575c510407db712571bf4279d39875d5f6216af656e409950ee8601a4c32c1a8ee7a788ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe

Filesize
188KB

MD5
ded81ed359195b618b1b87c4aa951096

SHA1
68d5d0817fb1ad21e7869f5626ef34b455383fcd

SHA256
6253a56a1e4f0fa9052c1e8c8a341a462ccd42722c9b4bac5f0bf1543f0f5a49

SHA512
26f5a78418f71967c3267195468c68018e74c7b3cfb5443dba4ad7d3620253428d4f5b39dc41d486fb8a9155a123fe8279cd30b28e1e500822f024f0ca391476

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe

Filesize
188KB

MD5
0027b0d76c40d11b7b16357be1f65f43

SHA1
b34ba72a18ede89f9472197d0b6e590a5ec47d0d

SHA256
46309dcd812763765e90348f7626f0a47f4943a237122403a892d0433dd2b2b3

SHA512
a701cd3244cdd2635bce5fc9c88f5d637e24c7936b57c01a66a8980bfddcb07b6e20dbafe2ddbb7ab6e398b423bb6fb85361001dab9e4c25d1ae0d54db0e08d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5606.exe

Filesize
188KB

MD5
c80b29ea415704c23ef98d373625b775

SHA1
a921979ce55c7e5b423a6cd5af2f0265d452d02b

SHA256
0030c6f0539e36fc5e2aa8ad0c0a09180522959c53b3cce29df98d8094bd58b4

SHA512
19f0a2bc3874c71d6c1cdaa60266e57f47b9e4c34b48987530d4721a6ea146bfdfc4a3e2e7ce27b2566b2f2a4d65453c414b76c9497fa83ce3664bf7c92be29b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe

Filesize
188KB

MD5
8319601f679cd72a1ca5053288638eba

SHA1
fe29b7e4dce413d86d551e9631012c56bbc098f5

SHA256
9b6d86a09b358e7542ea3e43689e573a2551799bf1add779698c05f289254dd2

SHA512
bedff147f28bfaa2fd59308ab3e1d594814872ee50baf13924a08d529cf2f548210930e327bf57c251c396fe7c563653f3a94ba6ad4e41b66e308e72c6b1ba91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe

Filesize
188KB

MD5
f5d9b4e6950c04258f4ad72a09313f6a

SHA1
14d2f8dab2848b94d0f5e1aca3ad85aec34b586c

SHA256
48e93febb41ce719d4906267c590d9281b9540d9985b51b9b8c25899bb69f113

SHA512
440e5be404ceb3bec6d9ded4351aec475ddebf3e0389cd1a2882033928968abed47c450fd2df72a34617fcf8fae37237dae21d04c6fa75c58af9c546252c74f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59764.exe

Filesize
188KB

MD5
8cfcb9115e5f5f5e3ee1b637b41ca795

SHA1
b52b778e716f8fd18cadce33256193dea8c927a1

SHA256
0f39c593e2d476a3edf556dcaa1bc56c1fb97a59d2b732087ab0da4460a4aa62

SHA512
c051e88b69c6470281063126e5b1d66397098a684cde081c0a3757704938b6024b57b1657f9394b4e7db10d1b199c29266f024e738cae82964e09da9d5cad488

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe

Filesize
188KB

MD5
947e05693981e81cebcb83797c32b28a

SHA1
555e11a8229068f74d4938c3f848b1acfe1a1db5

SHA256
cace4f031ffdd86a175b3033fae3a08c07ad05d524db33afbf08eeed91f11054

SHA512
6327888915f39bf44cb722779d6ec63a4f059bf319dc573eb85660af1952feb1d56b800637b36b107f0ccafe73f0454f1dc7160a5e6d402d413de325f4499278

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe

Filesize
188KB

MD5
ae21e9c8ebf3da90353d89d98d97303c

SHA1
e3d7ec311b0995f4f0eff1f965e35b009b4894b3

SHA256
d50c186d4b32557879bd3e07d089d9f53455d21774992c7b87f2025e02201deb

SHA512
739a73a253ea3a9d327a1658af18bda189ca14721be47828fb37902df35cd1c66d1e6f697421b9ad39ed4235ac75572457e79ad14060cee7574de0152fc489c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe

Filesize
188KB

MD5
a935ba0bcbd96ca95eae491c9e0d3942

SHA1
47341826e43aa1dcab34cb0ff51ce4917cff6bb7

SHA256
9a08f2490faaeaf3e516cd3ccf90164d492a6c3c665d8cebaa5ed1092e73d305

SHA512
3378ffc6b3fd8790725082bec674d133da690584c5c3cda518c2996a151b6e9329ead4e8bd300d333fb8b40e84c71a2ccbdbd3c0d1c19bc4c483236697a7c100

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe

Filesize
188KB

MD5
3e6cd34c339113eb834e0d9e5e162f27

SHA1
bf4dd8e552ee69c66cbefb820540ff86ebddde8d

SHA256
7c3a214fcb4b77f9f13aa566a07f0c8a8ed6f73b49a84ccb87469c9b67a0af60

SHA512
8078aa1f59c5879a5dbce3a4522c2e4c655da07b1bb4af8a7a5d6c384fcd8055bd9d68baba177a315bfb805071e7eb1d50a339405be947e49900aba5d0df41c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18155.exe

Filesize
188KB

MD5
893b8fda50a2b0557b648c428bf118b7

SHA1
cd736bbaa479ddd5f20d7f8b4fb9d19ef622dd73

SHA256
c2af9ea59c201bf2e56e8550dcd3f1c0329be975ee7a85986ae4f80bafef3719

SHA512
f19ca41f5bac9e71f0af1f8e1ce13f159bfe586d4736cab6c07f29b3c731377524df473ad3daf4761ea29453109f798c6936f2d2eba6cf3146876cc4b93939f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe

Filesize
188KB

MD5
422c3cab868e0a96b3f6582b8d9e1ed9

SHA1
0fc426adf3d26ec7983f30231d92991e876ce030

SHA256
bffeaeec2310a7385bb3fb744e6f491f1c5431ee14f12b18aa88c65ab8093884

SHA512
9f4eb7b93d1bd023a705f5626b95cf36876838253b7a60ed1b709fe42df0dc5cd12039b3f36ea393267c1322642c2d5fe1e46d7efc1e6a5fe76f4cca07481f2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe

Filesize
188KB

MD5
207b80d60b674820ad3050fbf6b29b6c

SHA1
ad1046ba126dd5fb42df4bbed9ffbf7dafa670cb

SHA256
3f2399877a050b359c46135a20dbd6a12c0a2324283072423e4f659e78062fda

SHA512
7e1f34b44f2183debf514c2f180670bad399b970d667a2a17a2c6f5656b79f63e9854210eb2a7b2298e7860fa1c87bbb481a8eae36b01f544c3c2fe0cd492b7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe

Filesize
188KB

MD5
88a4e464beff3bbcdfb2d3d696e7eade

SHA1
42b2a3ebc04a11bd831313113521188a05f23efc

SHA256
4f1adbbcdc54fd4cc2fa0d80d5d9defaf9f3245bdcb82f34adbefa972fab3fe5

SHA512
81adcba4538d19dfeb4064aaf4f1e4183826b393858d29f5c1d5c52631afe8469a9ac850b40cfad8d1624823cae739e79f6e4b2ab227f5030529fd0af1e5cba1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35477.exe

Filesize
188KB

MD5
f9325f6e14255edc3c7bce73d69aec9b

SHA1
365f9794611c220ef429c1bca890574d8bc54505

SHA256
155bd7120d596a70cefe51c813841fc9b465e1d64dbb97e0e73027cdcf6cac81

SHA512
bdcf785f042344f6c20a31d11e6acc8d40b7b6bd44cddb2c12dc3bdcfd3926721d3d019fa0ec9e41622234a5c78aeec692d1ca8aaa49c8936f1c6aae2d4e7cc6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47564.exe

Filesize
188KB

MD5
aa15c72c1ca113d335bb1fede46693a2

SHA1
85c8d55817e37bd1f2ffbaecc96270d7f517f8bb

SHA256
d45670485366d11cebb2bf72e463ccca86906061b18cd7858efd1374f90a7fa4

SHA512
04b73cbe11b1105f4a1206cbd6cc192f51810a36c24572ad0f992e9ff8a7b1d3737c383fc20ab8d61e155dc8b58432c8c40b208a291bc1fbfd8ded5de3b112f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe

Filesize
188KB

MD5
1fa89fd7bd5bfe045bec1a06b302d767

SHA1
83bd6506348221f5e91c846e45dccf9985763e3b

SHA256
bbe7f788b8f5c1d9fa12424fcb6b7584e5d140ec0ed17b5e6acf4e7b45ae9305

SHA512
ac487d9cbb5d8c0c07c5620b553634ed4cb3297c438deb9dcd9848010f01e82cee827625f096312b296d26b7b1305eedec891eea546e975c9e1abcd52d528fc1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe

Filesize
188KB

MD5
b29f0e54d1c0030b83f0da08f197affc

SHA1
053892e02d94f9f3984e9c0e975461b46a01a9e4

SHA256
947415dce5b2cb2d002bc18f966d5e15f1706bdd04c4cbac00845ca8949f9b62

SHA512
09f57d33f677d9394e3c7633a613481e63bda3932ad4eecfa89b5aa467746bf78280c317cbd8aa3e18ba97da965788b9f1b3b2ece4ef33c9bf3f0182ed9914ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe

Filesize
188KB

MD5
a759f299dd2b0324f817056c0f7d8944

SHA1
61af7bc63a802c55bcd9f9fa1663651d755115d3

SHA256
f9b1f9d5dda09d4d8c49810829040a8d920ccdd11f6a293299978c0c1d93d79a

SHA512
18b3f3ed9d492f84cd49a3d7047feb5506c73fdb69f23b81e946e3ddcf719b060b913bfdbde2c15a08a1dc7ad495d0e7149521d8a3ffe36f5ecef85ef8f26a4f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe

Filesize
188KB

MD5
0a3f396e4e259a57b296a78371a7cf85

SHA1
4abfc7764ae6c344e71ef44c4b765d0d555bc0e3

SHA256
3a7144e7de0de1993c5c747c75450c12addeb6f304ad503fa6ec94d1689720b9

SHA512
24972ced8cb56473c60fe3076a4e1f93e92996d3adf6479b54fe46d9c3504dbd8acd28740123b8149528e8c662fca2ce775dc43c7ddaa3cc933d15bb5e113b66

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe

Filesize
188KB

MD5
c37a338f674333bcd59ce530a7a3d58f

SHA1
af89bbe76086f799aacd7d59f911ba181dced0a0

SHA256
fc064515fdbe32b3de7bc4028496e3da88cd785232d4ab975d4b6d227b6a2cc4

SHA512
e17aa72fe5631ccd8f53ca9f654218729779f51c67434af1c6069ef733c6d14b68d77dbc4954b2ef685c39f0f1cc69f2d6ee5ae551064e1531cd5bd70ec833e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63511.exe

Filesize
188KB

MD5
33b0ecf798e347201642206fccba3d40

SHA1
6f12fd2e7f1b08b039baa52368a7a9921272c2c8

SHA256
71bc2b45c8c693b243f606ad2b994819da7742a5cc45a3ef77a858160ea7e023

SHA512
001c87ca6a372cebeb5475b4e3356cb094c08b1704f81fa170b528d552c5bfc65467985ad3379e34a8ebf7055d21f982eb32b76466048881bc9851813de7aa39

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8752.exe

Filesize
188KB

MD5
9e04aa69a4a03a11bb64b63ff41f02e7

SHA1
44751a4366962123b23b1ae6db40e49bcd22e006

SHA256
d3baa8762f8a7a72109c5df87467ee11abd3c2cd26eed68974b5dc2144ff5cf1

SHA512
3ce7d6e52976f7729bd62419f1a3d63506fd6c21e1d81a3eb18a48dac631ffbfa35d9d76e2c9ff1c4a57835b5cef5ff666826adb55d4a2b6f7668ad0b4dcb521

Download Submit
memory/992-1643-0x00000000026E0000-0x00000000027F0000-memory.dmp

Filesize
1.1MB

Download
memory/992-1642-0x00000000026E0000-0x000000000283C000-memory.dmp

Filesize
1.4MB

Download
memory/992-1641-0x0000000077140000-0x000000007723A000-memory.dmp

Filesize
1000KB

Download
memory/992-1640-0x0000000077240000-0x000000007735F000-memory.dmp

Filesize
1.1MB

Download
memory/992-2779-0x0000000002810000-0x0000000002920000-memory.dmp

Filesize
1.1MB

Download