ff0c1a5f13bc8ce7fae7a5a8dfe1ec0e6396774fd0cae00d361c000b0c24dd88

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe
Size

192KB
MD5

952bc5388d6f5b0d8b383ebdcd760a50
SHA1

58fcaea60aa9877e67fc50270998f40a2532e054
SHA256

eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c
SHA512

c46091bf67401292b41fadd999a46f16cbc48235475b3751bbf1350672bc3fe07e5f0d1cf5ee5787b4ae3319918ea1becb1ba475663bd398675a63ac3dbc0940
SSDEEP

3072:Vs+c6obazLJAWO7AUOBOhu8HVFv6lEXVrsVxc8+WNHlP5p8c:Vs+Vo2mWOzOQhu8bFTeHlP5p8

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2360	Unicorn-33284.exe
2776	Unicorn-54856.exe
2964	Unicorn-180.exe
3060	Unicorn-54747.exe
2780	Unicorn-19937.exe
2588	Unicorn-71.exe
2892	Unicorn-32464.exe
636	Unicorn-10974.exe
1396	Unicorn-56646.exe
2208	Unicorn-9905.exe
2860	Unicorn-55577.exe
2192	Unicorn-45832.exe
2332	Unicorn-3984.exe
772	Unicorn-32018.exe
1776	Unicorn-8068.exe
2180	Unicorn-58660.exe
2392	Unicorn-5375.exe
2404	Unicorn-16236.exe
1636	Unicorn-36102.exe
1104	Unicorn-34239.exe
1692	Unicorn-61436.exe
2012	Unicorn-46491.exe
2988	Unicorn-54659.exe
3012	Unicorn-34793.exe
308	Unicorn-40461.exe
1908	Unicorn-40461.exe
2252	Unicorn-51322.exe
2308	Unicorn-56797.exe
1700	Unicorn-21987.exe
2116	Unicorn-45100.exe
1628	Unicorn-10289.exe
2160	Unicorn-30155.exe
2764	Unicorn-25085.exe
2640	Unicorn-35945.exe
2664	Unicorn-33253.exe
2544	Unicorn-59895.exe
1164	Unicorn-57435.exe
1144	Unicorn-37529.exe
3048	Unicorn-48390.exe
2076	Unicorn-10886.exe
2708	Unicorn-19055.exe
2712	Unicorn-42167.exe
2508	Unicorn-13901.exe
2900	Unicorn-15333.exe
2896	Unicorn-60772.exe
1680	Unicorn-7487.exe
2068	Unicorn-31669.exe
592	Unicorn-3403.exe
712	Unicorn-3403.exe
2744	Unicorn-15656.exe
2344	Unicorn-61327.exe
704	Unicorn-61327.exe
1772	Unicorn-33528.exe
1208	Unicorn-6885.exe
2472	Unicorn-29998.exe
1952	Unicorn-57840.exe
2984	Unicorn-15416.exe
1972	Unicorn-471.exe
556	Unicorn-42058.exe
1872	Unicorn-39366.exe
2212	Unicorn-31752.exe
1592	Unicorn-27668.exe
2500	Unicorn-6693.exe
2808	Unicorn-37420.exe

Loads dropped DLL 64 IoCs

pid	Process
624	eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe
624	eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe
2360	Unicorn-33284.exe
624	eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe
2360	Unicorn-33284.exe
624	eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe
2776	Unicorn-54856.exe
2964	Unicorn-180.exe
2776	Unicorn-54856.exe
2964	Unicorn-180.exe
2360	Unicorn-33284.exe
2360	Unicorn-33284.exe
2780	Unicorn-19937.exe
2964	Unicorn-180.exe
2780	Unicorn-19937.exe
2588	Unicorn-71.exe
2588	Unicorn-71.exe
2964	Unicorn-180.exe
3060	Unicorn-54747.exe
3060	Unicorn-54747.exe
2776	Unicorn-54856.exe
2776	Unicorn-54856.exe
636	Unicorn-10974.exe
636	Unicorn-10974.exe
2588	Unicorn-71.exe
2588	Unicorn-71.exe
2208	Unicorn-9905.exe
2208	Unicorn-9905.exe
3060	Unicorn-54747.exe
3060	Unicorn-54747.exe
2860	Unicorn-55577.exe
2860	Unicorn-55577.exe
1396	Unicorn-56646.exe
1396	Unicorn-56646.exe
2780	Unicorn-19937.exe
2780	Unicorn-19937.exe
2892	Unicorn-32464.exe
2892	Unicorn-32464.exe
2192	Unicorn-45832.exe
2192	Unicorn-45832.exe
636	Unicorn-10974.exe
636	Unicorn-10974.exe
2332	Unicorn-3984.exe
2332	Unicorn-3984.exe
2208	Unicorn-9905.exe
772	Unicorn-32018.exe
2208	Unicorn-9905.exe
772	Unicorn-32018.exe
2180	Unicorn-58660.exe
1776	Unicorn-8068.exe
1776	Unicorn-8068.exe
2180	Unicorn-58660.exe
2860	Unicorn-55577.exe
2860	Unicorn-55577.exe
2404	Unicorn-16236.exe
2404	Unicorn-16236.exe
2392	Unicorn-5375.exe
2392	Unicorn-5375.exe
1396	Unicorn-56646.exe
1396	Unicorn-56646.exe
2892	Unicorn-32464.exe
2892	Unicorn-32464.exe
1636	Unicorn-36102.exe
1636	Unicorn-36102.exe

Program crash 20 IoCs

pid	pid_target	Process	procid_target
2776	2068	WerFault.exe	76
2636	3064	WerFault.exe	185
3476	2716	WerFault.exe	218
1828	3840	WerFault.exe	276
1944	3096	WerFault.exe	312
1168	3792	WerFault.exe	457
3424	3976	WerFault.exe	524
2952	2936	WerFault.exe	408
3772	3808	WerFault.exe	472
3332	1084	WerFault.exe	460
1668	2304	WerFault.exe	652
2392	3144	WerFault.exe	600
3908	2096	WerFault.exe	540
2064	1872	WerFault.exe	720
2860	1900	WerFault.exe	619
896	1072	WerFault.exe	697
3044	3124	WerFault.exe	773
3512	2128	WerFault.exe	920
2748	776	WerFault.exe	847
3496	3260	WerFault.exe	910

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4346.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15043.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62028.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4322.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16850.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22828.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51928.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23456.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59070.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49551.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6885.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19325.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23321.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40807.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7155.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41051.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54673.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6392.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44307.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UnicoÍn-4068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45547.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
624	eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe
2360	Unicorn-33284.exe
2776	Unicorn-54856.exe
2964	Unicorn-180.exe
3060	Unicorn-54747.exe
2780	Unicorn-19937.exe
2588	Unicorn-71.exe
636	Unicorn-10974.exe
2892	Unicorn-32464.exe
1396	Unicorn-56646.exe
2860	Unicorn-55577.exe
2208	Unicorn-9905.exe
2192	Unicorn-45832.exe
2332	Unicorn-3984.exe
772	Unicorn-32018.exe
1776	Unicorn-8068.exe
2180	Unicorn-58660.exe
2392	Unicorn-5375.exe
2404	Unicorn-16236.exe
1636	Unicorn-36102.exe
1104	Unicorn-34239.exe
1692	Unicorn-61436.exe
2012	Unicorn-46491.exe
2988	Unicorn-54659.exe
3012	Unicorn-34793.exe
308	Unicorn-40461.exe
2252	Unicorn-51322.exe
1908	Unicorn-40461.exe
2308	Unicorn-56797.exe
1700	Unicorn-21987.exe
2160	Unicorn-30155.exe
2116	Unicorn-45100.exe
1628	Unicorn-10289.exe
2764	Unicorn-25085.exe
2640	Unicorn-35945.exe
2664	Unicorn-33253.exe
2544	Unicorn-59895.exe
1164	Unicorn-57435.exe
1144	Unicorn-37529.exe
3048	Unicorn-48390.exe
2076	Unicorn-10886.exe
2708	Unicorn-19055.exe
2712	Unicorn-42167.exe
2508	Unicorn-13901.exe
2900	Unicorn-15333.exe
2896	Unicorn-60772.exe
2068	Unicorn-31669.exe
1680	Unicorn-7487.exe
2744	Unicorn-15656.exe
592	Unicorn-3403.exe
712	Unicorn-3403.exe
2344	Unicorn-61327.exe
704	Unicorn-61327.exe
1772	Unicorn-33528.exe
1208	Unicorn-6885.exe
2472	Unicorn-29998.exe
1952	Unicorn-57840.exe
1972	Unicorn-471.exe
2984	Unicorn-15416.exe
556	Unicorn-42058.exe
1872	Unicorn-39366.exe
2212	Unicorn-31752.exe
1592	Unicorn-27668.exe
2500	Unicorn-6693.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 2360	624	eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe	30
PID 624 wrote to memory of 2360	624	eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe	30
PID 624 wrote to memory of 2360	624	eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe	30
PID 624 wrote to memory of 2360	624	eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe	30
PID 2360 wrote to memory of 2776	2360	Unicorn-33284.exe	31
PID 2360 wrote to memory of 2776	2360	Unicorn-33284.exe	31
PID 2360 wrote to memory of 2776	2360	Unicorn-33284.exe	31
PID 2360 wrote to memory of 2776	2360	Unicorn-33284.exe	31
PID 624 wrote to memory of 2964	624	eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe	32
PID 624 wrote to memory of 2964	624	eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe	32
PID 624 wrote to memory of 2964	624	eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe	32
PID 624 wrote to memory of 2964	624	eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe	32
PID 2776 wrote to memory of 3060	2776	Unicorn-54856.exe	33
PID 2776 wrote to memory of 3060	2776	Unicorn-54856.exe	33
PID 2776 wrote to memory of 3060	2776	Unicorn-54856.exe	33
PID 2776 wrote to memory of 3060	2776	Unicorn-54856.exe	33
PID 2964 wrote to memory of 2780	2964	Unicorn-180.exe	34
PID 2964 wrote to memory of 2780	2964	Unicorn-180.exe	34
PID 2964 wrote to memory of 2780	2964	Unicorn-180.exe	34
PID 2964 wrote to memory of 2780	2964	Unicorn-180.exe	34
PID 2360 wrote to memory of 2588	2360	Unicorn-33284.exe	35
PID 2360 wrote to memory of 2588	2360	Unicorn-33284.exe	35
PID 2360 wrote to memory of 2588	2360	Unicorn-33284.exe	35
PID 2360 wrote to memory of 2588	2360	Unicorn-33284.exe	35
PID 2780 wrote to memory of 2892	2780	Unicorn-19937.exe	36
PID 2780 wrote to memory of 2892	2780	Unicorn-19937.exe	36
PID 2780 wrote to memory of 2892	2780	Unicorn-19937.exe	36
PID 2780 wrote to memory of 2892	2780	Unicorn-19937.exe	36
PID 2588 wrote to memory of 636	2588	Unicorn-71.exe	38
PID 2588 wrote to memory of 636	2588	Unicorn-71.exe	38
PID 2588 wrote to memory of 636	2588	Unicorn-71.exe	38
PID 2588 wrote to memory of 636	2588	Unicorn-71.exe	38
PID 2964 wrote to memory of 1396	2964	Unicorn-180.exe	37
PID 2964 wrote to memory of 1396	2964	Unicorn-180.exe	37
PID 2964 wrote to memory of 1396	2964	Unicorn-180.exe	37
PID 2964 wrote to memory of 1396	2964	Unicorn-180.exe	37
PID 3060 wrote to memory of 2208	3060	Unicorn-54747.exe	39
PID 3060 wrote to memory of 2208	3060	Unicorn-54747.exe	39
PID 3060 wrote to memory of 2208	3060	Unicorn-54747.exe	39
PID 3060 wrote to memory of 2208	3060	Unicorn-54747.exe	39
PID 2776 wrote to memory of 2860	2776	Unicorn-54856.exe	40
PID 2776 wrote to memory of 2860	2776	Unicorn-54856.exe	40
PID 2776 wrote to memory of 2860	2776	Unicorn-54856.exe	40
PID 2776 wrote to memory of 2860	2776	Unicorn-54856.exe	40
PID 636 wrote to memory of 2192	636	Unicorn-10974.exe	41
PID 636 wrote to memory of 2192	636	Unicorn-10974.exe	41
PID 636 wrote to memory of 2192	636	Unicorn-10974.exe	41
PID 636 wrote to memory of 2192	636	Unicorn-10974.exe	41
PID 2588 wrote to memory of 2332	2588	Unicorn-71.exe	42
PID 2588 wrote to memory of 2332	2588	Unicorn-71.exe	42
PID 2588 wrote to memory of 2332	2588	Unicorn-71.exe	42
PID 2588 wrote to memory of 2332	2588	Unicorn-71.exe	42
PID 2208 wrote to memory of 772	2208	Unicorn-9905.exe	43
PID 2208 wrote to memory of 772	2208	Unicorn-9905.exe	43
PID 2208 wrote to memory of 772	2208	Unicorn-9905.exe	43
PID 2208 wrote to memory of 772	2208	Unicorn-9905.exe	43
PID 3060 wrote to memory of 1776	3060	Unicorn-54747.exe	44
PID 3060 wrote to memory of 1776	3060	Unicorn-54747.exe	44
PID 3060 wrote to memory of 1776	3060	Unicorn-54747.exe	44
PID 3060 wrote to memory of 1776	3060	Unicorn-54747.exe	44
PID 2860 wrote to memory of 2180	2860	Unicorn-55577.exe	45
PID 2860 wrote to memory of 2180	2860	Unicorn-55577.exe	45
PID 2860 wrote to memory of 2180	2860	Unicorn-55577.exe	45
PID 2860 wrote to memory of 2180	2860	Unicorn-55577.exe	45

C:\Users\Admin\AppData\Local\Temp\eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe
"C:\Users\Admin\AppData\Local\Temp\eedb4bdf83945b501ffb61ed03c6e8e05e25a52fe81a42d09061ed3e062ce56c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39366.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12998.exe
        10⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
        11⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25547.exe
        12⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
        13⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49335.exe
        14⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12018.exe
        16⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36279.exe
        17⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36082.exe
        18⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31513.exe
        19⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26308.exe
        20⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10459.exe
        21⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7055.exe
        22⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        10⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8634.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        12⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
        13⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
        14⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        15⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48339.exe
        16⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3902.exe
        17⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        18⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        19⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        20⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53926.exe
        21⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe
        9⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13429.exe
        10⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        11⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
        12⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24015.exe
        13⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
        14⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63549.exe
        15⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
        16⤵
        Program crash
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60061.exe
        9⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54462.exe
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6880.exe
        11⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
        12⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10056.exe
        13⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22221.exe
        14⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
        15⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        16⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        17⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5254.exe
        18⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        19⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25426.exe
        20⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7954.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62111.exe
        10⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        11⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39413.exe
        12⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
        13⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe
        14⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58536.exe
        15⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46964.exe
        16⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        18⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21534.exe
        19⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39043.exe
        20⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
        8⤵
        Executes dropped EXE
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62630.exe
        10⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 200
        11⤵
        Program crash
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53175.exe
        10⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        11⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40783.exe
        12⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
        13⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        14⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42221.exe
        16⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18.exe
        17⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        18⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        19⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
        20⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        9⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30207.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46455.exe
        11⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61442.exe
        12⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        13⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
        14⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22512.exe
        15⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20514.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37626.exe
        17⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2919.exe
        18⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
        19⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34793.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
        9⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18474.exe
        10⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
        11⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19237.exe
        12⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
        13⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
        14⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48666.exe
        15⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
        16⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43264.exe
        17⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        18⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        19⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21342.exe
        20⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        9⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
        10⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21266.exe
        11⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21131.exe
        12⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
        13⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24546.exe
        14⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        15⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
        16⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe
        17⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38559.exe
        18⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1928.exe
        19⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44597.exe
        10⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1530.exe
        11⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27545.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57991.exe
        13⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59465.exe
        14⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50560.exe
        15⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11577.exe
        16⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        17⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
        18⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52260.exe
        19⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26791.exe
        20⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61452.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        10⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        11⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42449.exe
        12⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
        13⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        14⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9556.exe
        16⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40807.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
        18⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
        9⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
        11⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-705.exe
        12⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        13⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33202.exe
        14⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        15⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        16⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
        17⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
        18⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        8⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44265.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18474.exe
        10⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        11⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        12⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
        13⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
        14⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
        15⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4229.exe
        16⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10591.exe
        17⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
        18⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56588.exe
        19⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        20⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
        9⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48380.exe
        10⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33710.exe
        11⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
        12⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41821.exe
        13⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41541.exe
        14⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6642.exe
        15⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        16⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        17⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
        18⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4917.exe
        19⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
        7⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
        8⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44924.exe
        9⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        10⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21567.exe
        11⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        13⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
        14⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
        15⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
        16⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24715.exe
        17⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33407.exe
        18⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
        19⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
        20⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
        10⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
        11⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 188
        13⤵
        Program crash
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11239.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49470.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28578.exe
        11⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        12⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61302.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2283.exe
        14⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
        15⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52016.exe
        16⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21586.exe
        17⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19635.exe
        18⤵
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15333.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44026.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9262.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
        9⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
        10⤵
        Program crash
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19600.exe
        9⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        10⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25755.exe
        11⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1006.exe
        12⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44582.exe
        13⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5827.exe
        14⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
        15⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
        16⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45706.exe
        17⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50314.exe
        18⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32375.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37690.exe
        9⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43632.exe
        10⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        11⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        12⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18324.exe
        13⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        14⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        15⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29074.exe
        16⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10895.exe
        17⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        18⤵
        
        PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        8⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
        9⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
        11⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        12⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49190.exe
        13⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63720.exe
        14⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        15⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
        16⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        17⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64927.exe
        18⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
        19⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
        20⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39448.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        10⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        11⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
        12⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
        13⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        14⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50991.exe
        15⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2506.exe
        16⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        17⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
        18⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        19⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
        9⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54794.exe
        10⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
        12⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
        13⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        14⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
        15⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        16⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11175.exe
        17⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        18⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        19⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46719.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33767.exe
        8⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        9⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        10⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7560.exe
        11⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61634.exe
        12⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28334.exe
        13⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14431.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61598.exe
        15⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63876.exe
        16⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        17⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62426.exe
        18⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
        19⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60824.exe
        9⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25734.exe
        10⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-757.exe
        11⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45926.exe
        13⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
        14⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
        15⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
        16⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
        17⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
        18⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42167.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58416.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45500.exe
        9⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        10⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22828.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63964.exe
        12⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2843.exe
        13⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22984.exe
        14⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37478.exe
        15⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31396.exe
        16⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9037.exe
        17⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13417.exe
        18⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        19⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 372
        18⤵
        Program crash
        
        PID:2748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 372
        17⤵
        Program crash
        
        PID:3044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 376
        16⤵
        Program crash
        
        PID:896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 372
        15⤵
        Program crash
        
        PID:2860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 372
        14⤵
        Program crash
        
        PID:3908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 372
        13⤵
        Program crash
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
        8⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25438.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
        10⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10871.exe
        11⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32802.exe
        12⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
        13⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
        14⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        15⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        16⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19640.exe
        17⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
        18⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16039.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        9⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46730.exe
        10⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29730.exe
        11⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
        12⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22792.exe
        13⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63928.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        15⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
        16⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48119.exe
        17⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47045.exe
        18⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51322.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17384.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
        9⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        10⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44400.exe
        11⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
        12⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31624.exe
        13⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-62646.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-62646.exe
        14⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-12096.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-12096.exe
        15⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-4068.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-4068.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-7283.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-7283.exe
        17⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-52888.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-52888.exe
        18⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-15935.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicoÍn-15935.exe
        19⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
        9⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43030.exe
        10⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
        11⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        12⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35079.exe
        13⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36767.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
        15⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58103.exe
        16⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        17⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26900.exe
        18⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41416.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29906.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56268.exe
        10⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32060.exe
        11⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        12⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2755.exe
        13⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
        14⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
        15⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
        16⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        17⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
        18⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5878.exe
        6⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15869.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14062.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
        10⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53995.exe
        11⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45547.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1712.exe
        13⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16435.exe
        14⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
        15⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
        16⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        17⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29318.exe
        18⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        19⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2879.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16990.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62018.exe
        10⤵
        
        PID:3792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 188
        11⤵
        Program crash
        
        PID:1168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-71.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33611.exe
        9⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3808.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        11⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        13⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        14⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61665.exe
        15⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9527.exe
        16⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63492.exe
        17⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe
        18⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
        19⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27564.exe
        20⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        10⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11177.exe
        11⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46813.exe
        12⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2978.exe
        13⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
        14⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        15⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13056.exe
        16⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26770.exe
        17⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46837.exe
        18⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        19⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59188.exe
        20⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57648.exe
        9⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48022.exe
        10⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28692.exe
        11⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5401.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
        13⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55381.exe
        14⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46476.exe
        15⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7493.exe
        16⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2924.exe
        17⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22572.exe
        18⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        19⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9661.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3315.exe
        9⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21188.exe
        10⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        11⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
        12⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        13⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        14⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
        15⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4504.exe
        16⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65521.exe
        17⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7091.exe
        18⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        19⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        20⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
        9⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
        10⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21925.exe
        11⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38173.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        13⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
        14⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
        15⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1964.exe
        16⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2488.exe
        17⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53246.exe
        18⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        19⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        8⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4384.exe
        9⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26485.exe
        10⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15344.exe
        11⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        12⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
        13⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        14⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
        15⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
        16⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        17⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe
        18⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60236.exe
        19⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        9⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44727.exe
        10⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
        11⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47659.exe
        13⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4701.exe
        14⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
        15⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        16⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
        17⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12047.exe
        18⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe
        19⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51250.exe
        10⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1805.exe
        11⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
        12⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50337.exe
        13⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        15⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10241.exe
        16⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        17⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe
        18⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1243.exe
        19⤵
        
        PID:184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35945.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33528.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        8⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
        9⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
        10⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51826.exe
        11⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18526.exe
        12⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        13⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38085.exe
        14⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
        15⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48251.exe
        16⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
        17⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        18⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49655.exe
        19⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65.exe
        20⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
        9⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45495.exe
        10⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
        11⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62075.exe
        12⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35153.exe
        13⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11774.exe
        14⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21692.exe
        15⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        16⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64325.exe
        17⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4429.exe
        18⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        19⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
        7⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24229.exe
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
        9⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65448.exe
        10⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16196.exe
        11⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
        12⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62049.exe
        13⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
        14⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
        15⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14325.exe
        16⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
        17⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44995.exe
        18⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        19⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25826.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
        10⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        11⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17530.exe
        13⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50991.exe
        14⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        15⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53168.exe
        16⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5332.exe
        17⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
        18⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33253.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19029.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        10⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2708.exe
        11⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20939.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4322.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14732.exe
        14⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
        15⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46580.exe
        16⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29759.exe
        17⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39484.exe
        18⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        19⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31769.exe
        9⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13014.exe
        10⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
        11⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
        12⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
        13⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22273.exe
        14⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
        15⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        17⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        18⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        19⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29889.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1369.exe
        8⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19325.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23321.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2272.exe
        11⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
        12⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        13⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
        14⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        15⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45135.exe
        16⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        17⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49546.exe
        18⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15416.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-554.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
        8⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2713.exe
        9⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59802.exe
        10⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26393.exe
        11⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        12⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
        13⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48339.exe
        14⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
        15⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
        16⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49551.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
        18⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe
        19⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34561.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5308.exe
        11⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        12⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60015.exe
        13⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
        14⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24824.exe
        15⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
        16⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        17⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
        18⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
        7⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41027.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36699.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        11⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
        12⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32579.exe
        13⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
        14⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        15⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4289.exe
        16⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        17⤵
        
        PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46491.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59895.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-471.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23113.exe
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
        9⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        10⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28692.exe
        11⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43414.exe
        12⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3227.exe
        14⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
        15⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13165.exe
        16⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10098.exe
        17⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31788.exe
        18⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
        19⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
        20⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38697.exe
        10⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28723.exe
        11⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44779.exe
        12⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44307.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19367.exe
        14⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31723.exe
        15⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8295.exe
        16⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
        17⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4346.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
        19⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22152.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        9⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22553.exe
        10⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        11⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11530.exe
        12⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1520.exe
        13⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        14⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48059.exe
        15⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        16⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        17⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26028.exe
        18⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8617.exe
        19⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15499.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1369.exe
        8⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
        9⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32667.exe
        10⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65297.exe
        8⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
        9⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20171.exe
        10⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44203.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11826.exe
        12⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
        13⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46497.exe
        14⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54673.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6572.exe
        16⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22520.exe
        17⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51893.exe
        7⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28012.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37799.exe
        9⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        10⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20363.exe
        11⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
        12⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19803.exe
        13⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31811.exe
        14⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
        15⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        16⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        17⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30688.exe
        18⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
        19⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28374.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        8⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        9⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
        10⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46725.exe
        11⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43574.exe
        12⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
        13⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32958.exe
        14⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64268.exe
        15⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51928.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45353.exe
        17⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3232.exe
        7⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26066.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23793.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37903.exe
        10⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        11⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45163.exe
        12⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8266.exe
        14⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
        15⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        16⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63604.exe
        17⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
        18⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        19⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
        7⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59241.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
        10⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
        11⤵
        Program crash
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34513.exe
        6⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23985.exe
        8⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
        10⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        11⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14156.exe
        12⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
        13⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48334.exe
        14⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
        15⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42644.exe
        16⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8321.exe
        17⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
        18⤵
        
        PID:2788
- C:\Users\Admin\AppData\Local\Temp\Unicorn-180.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-180.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19937.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36102.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30155.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65240.exe
        8⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34234.exe
        9⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63263.exe
        10⤵
        
        PID:3840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
        11⤵
        Program crash
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60985.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51094.exe
        10⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44400.exe
        11⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
        12⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
        13⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2755.exe
        14⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22211.exe
        15⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe
        16⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
        17⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21285.exe
        18⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
        19⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35744.exe
        9⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
        10⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-949.exe
        11⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16850.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        13⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20950.exe
        14⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe
        15⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        16⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13993.exe
        17⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        18⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49288.exe
        7⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16336.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
        9⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
        10⤵
        Program crash
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15656.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        7⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2521.exe
        9⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54602.exe
        10⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50238.exe
        11⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
        12⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        13⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        14⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
        15⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49377.exe
        16⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
        17⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6396.exe
        19⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2884.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        10⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
        11⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
        12⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61961.exe
        13⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        14⤵
        
        PID:1872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 188
        15⤵
        Program crash
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
        7⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28588.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14939.exe
        9⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38453.exe
        10⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
        11⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
        12⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44831.exe
        13⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34629.exe
        14⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35213.exe
        15⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39821.exe
        16⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        17⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2395.exe
        18⤵
        
        PID:272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
        6⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        7⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55230.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40591.exe
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27867.exe
        11⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
        12⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
        13⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12070.exe
        14⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
        15⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
        16⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26412.exe
        17⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63656.exe
        18⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51701.exe
        7⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21842.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52864.exe
        10⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23840.exe
        11⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
        12⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51375.exe
        13⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-560.exe
        14⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
        15⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7854.exe
        16⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30216.exe
        17⤵
        
        PID:1324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe
        8⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4358.exe
        9⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32475.exe
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
        11⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3938.exe
        12⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        13⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
        14⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49621.exe
        15⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21173.exe
        16⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40039.exe
        17⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13884.exe
        18⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        19⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63777.exe
        9⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13756.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe
        11⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        12⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32662.exe
        13⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
        14⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
        15⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        16⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
        17⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        7⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32131.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12822.exe
        9⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
        10⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49247.exe
        11⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22133.exe
        12⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36087.exe
        13⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48251.exe
        14⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17040.exe
        15⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26609.exe
        16⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31373.exe
        17⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10371.exe
        18⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13299.exe
        6⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60985.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
        8⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17654.exe
        9⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32401.exe
        10⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50617.exe
        11⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
        12⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
        13⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
        14⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28716.exe
        15⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28171.exe
        16⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20491.exe
        17⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30600.exe
        18⤵
        
        PID:3328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 212
        11⤵
        Program crash
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49288.exe
        6⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33606.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        9⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
        10⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-129.exe
        11⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64016.exe
        12⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4613.exe
        13⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46855.exe
        14⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27320.exe
        15⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe
        16⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23672.exe
        17⤵
        
        PID:928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 372
        17⤵
        Program crash
        
        PID:3496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5375.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21987.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7487.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3185.exe
        7⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30259.exe
        8⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
        9⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        10⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
        11⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
        12⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17338.exe
        14⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        15⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe
        16⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13588.exe
        17⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        18⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62504.exe
        19⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1130.exe
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19792.exe
        9⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27680.exe
        10⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38282.exe
        11⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46590.exe
        12⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        13⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57405.exe
        14⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37701.exe
        15⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
        16⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
        17⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        18⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18561.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47638.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55178.exe
        9⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        10⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
        11⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64680.exe
        12⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28713.exe
        13⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
        14⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15142.exe
        15⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
        16⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
        17⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
        18⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        7⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7155.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14659.exe
        10⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3829.exe
        12⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        13⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61105.exe
        14⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49185.exe
        15⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
        16⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
        17⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 200
        18⤵
        Program crash
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58115.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56548.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2983.exe
        9⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52480.exe
        10⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11203.exe
        11⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
        12⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
        13⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
        14⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        15⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
        16⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
        17⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31669.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 220
        6⤵
        Program crash
        
        PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3403.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
        6⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        7⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41669.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42781.exe
        9⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52843.exe
        10⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
        11⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
        12⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
        13⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 180
        14⤵
        Program crash
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-554.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26315.exe
        8⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56761.exe
        9⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        10⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24250.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41.exe
        12⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56974.exe
        13⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16622.exe
        14⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10407.exe
        15⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12649.exe
        16⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
        17⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26729.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24888.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59610.exe
        8⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
        9⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24084.exe
        10⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56211.exe
        11⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
        12⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60119.exe
        13⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63718.exe
        14⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55005.exe
        15⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28659.exe
        16⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
        17⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5878.exe
        5⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64436.exe
        9⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48396.exe
        10⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        11⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        12⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        13⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
        14⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
        15⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13692.exe
        16⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
        17⤵
        
        PID:3468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-24452.exe

Filesize
192KB

MD5
9a91d3d0c77eeca5a167197e3fe57469

SHA1
08c93d2fddb87c08c00cf6ff3b4a7bf978ca8753

SHA256
bb693dcecf41587a28b20a4f5620a0e5596545f184ebe4878048bc1e036f3d81

SHA512
131b0d31321c53ff6be97826146015cee6603dff6c76c9c457e615a61996c6baa7a5c6bf6d5a2a60e0e524e858ec2059b42c49012103b3da1b80153e9a181052

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe

Filesize
192KB

MD5
5a995b8aa5e0fa105f8e0b065dc69cd7

SHA1
46a5d0c8fe3c6b703d0ed9aaca320699da9cbd69

SHA256
6cd3d19654cd536ef51b92418733d9f3f280bff6d75eacffd714a8e3444d472e

SHA512
0f3738f4a1f8bf430579f2aa2980e4c7eab8d36bf3efb18e58c1c27886d05174753cb2be48fbc5bd02d5a72fdaa16a78451bb80bb347b05f93f6adbd58048222

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe

Filesize
192KB

MD5
8de025f66c5320f9f7c4ca4ed9a8e1d4

SHA1
0fe422869447d195a4c8f112ca6d28b90b8709e5

SHA256
ec136b057a609163b28957982dab5593d769d6bfc4966023b98ab09f6460f015

SHA512
df4b6a0b0e960a24b3c3536f639c0f4d439669a80a0102ee84f6284dc7aab158bb71008e9c095213a90718c7f25c1f46ca57a24c5831e8879f14b92e1ebd42e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe

Filesize
192KB

MD5
694bcf40b902a63e2b1aed3da796e095

SHA1
76b348f8f5fcbee7c63d918e9b45966eb88ea411

SHA256
77aab5ce2dc027dac4af872f8ed52ecbd73403fa0f594d295d75189e6abfa23e

SHA512
bce4ee681d781402e1d44fdbb14a19778799a26c26dd7ffea7fae88cb28c8233fd9ef12732dbb93874647ab7adda29050d08741fea3162638410d08a8886e58c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe

Filesize
192KB

MD5
db3c4bfd5bc7808373aa40258cf18c53

SHA1
87d95794833b34ecaa9819b37e77bca1a0908ef4

SHA256
4a8c1d0e8b38f3f25d0dad047d33ed6cc3efe326784b82e64f3d0613aa9b89f8

SHA512
7931a9813020c84edc0e018065c8d5cf31c11df08714634f1b8e21d261c047e52db74d63c54e46b345d4bf2ed7b273427785341719a77e8616eed0327a49b6bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40195.exe

Filesize
192KB

MD5
5ea25b3fc4bd6a1049f880d4970058f0

SHA1
404fcd65c6d30fabb0f1d4b1a0451a7911336f83

SHA256
076f7bb5ea8cc8e8c49f7b2134f6f6873ce324bed995daf4539c3fe58b93c1a4

SHA512
50d6fbdec194ffd3776d612a97827ca2d71d7132ff415854e38370e36ab217227ed6b35658393311f49a60bf8bfcd1ac74ec03cee4a7b289bb2cbef41c1b2f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41017.exe

Filesize
192KB

MD5
9ac053a8d18aeeafa3a80d20ea7bdf90

SHA1
f4a4f6630ae7cee33edce42015f6ae5868045930

SHA256
0f406ee6904ca5d841c96fbf889256c12714929dc9ebd305affd337f625133d6

SHA512
afba61a20bae12db3f6a99445a184110038fda3652c8fae376ab0c226b48548b5afb4ad6d59cd3a23491a6fc8a684939a5c23b90bd865c5d13fb6afea14e2d23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41051.exe

Filesize
192KB

MD5
3e1a5bbcfdbd9a05788a91bd7d2195d3

SHA1
4624549ff3fb2302f79dcf62061b0ae98e3afaf0

SHA256
00ac7e7fb9b1d199cd6a62348cc48ad846eb29a1d6e5d4a2a1953bbee39a4296

SHA512
a83bb56487f1fda27df128008d640f0ec3d8d30be3b5f8b83dece88f15afbfd05dc5c34120386e9c196637b346ba6e4575f8d6e178bef76f8632c06f76377aae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41430.exe

Filesize
192KB

MD5
ffe94075ee984ae7d5d8c76167974e28

SHA1
9f29771506b9555a96e16a94bcc991fd8e0d56e1

SHA256
89adb0c140900f07db55527f0f1f543b9cb0748c82c1b305e140cbfe76ced042

SHA512
dabcbf8b07c19680d217338b92f121ed43d7c77be32c52d598cca539e56341663c8ac7522a00d4b8f2faf66c638d5a20b31e1750b6cea62b08716390cfa509f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41541.exe

Filesize
192KB

MD5
b6b9ba637a38d46c2ec3594d6a01b112

SHA1
3532a1a753ac1e2bde7e6330ef0af35262cc7500

SHA256
252a728f76e05048137e05abae3b8cfced9313f633c9d36e3231ba1e78d9ad91

SHA512
3f2e4effcdd2191993db06c91cbda4f4a395bfd7117382f3dab0adaa64eddd9348948049c9b225ba058d76ca4611ef78742ebd97fb4c450d7a24e33078e74c79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5375.exe

Filesize
192KB

MD5
022d8b540710758b3a7d001f488b57f3

SHA1
f7d2fdda6b5aa4cde28d91410c7fc81836a679e7

SHA256
e653582a24ff80b0124114d1c9065c8f274d38ee79276a0b0155fbd64d88fb2c

SHA512
6edc80f6192f7f8ee581b788cef3ab2218243f15e1b6b36f74241ac3578731f0cd3231966b4a89c9ef0559193abce40bc95d60c3cc8ceb703800249186eab497

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5453.exe

Filesize
192KB

MD5
c9dc6ae5faec3894e2473d7e00fff5a0

SHA1
5c0e69443bd047e9346a4a7192ef522d787252bd

SHA256
e0f1fa438a417d4ddbd861f390033e5f300e954b2a663e2bfbc47eef3d1c2062

SHA512
f3450eebca9c02881de9415e7432148561f9fcc338a353e1e1b5e1eaec409f0c6adbce1fdd239854cd84c26fa399dedbdf981367b8c033a9a903fa46e0b1b86a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe

Filesize
192KB

MD5
108e4fa315ae1a018eb67ec334080e1b

SHA1
5e62e4572f2a6fdd2596de44db5b751d25b3a7f6

SHA256
2d3a197b96b2bc26daecb0a83c1da3088195926e20ea8d6be39a1ff1548ee69e

SHA512
4433734f3d5ce340b4d59b3ba6b8b02c818e3dfd5d23e3f7dd79e4180ca8d68d7f11664e8551fe47478093dba3d74fd6010eb8ec9e3bc50f46c891f9a8ab0fa8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe

Filesize
192KB

MD5
e8baceec49336e7b07bf0c990eb66728

SHA1
cfeaeb306b6969b0cc8ca7bd8ea1676fc1d50c4b

SHA256
8f904c4db3eddafd051dcc4d7cdecd237503772059f989b8ab109e85c8983f22

SHA512
3e0a33a815dcb026d9e6c399eebe2b569eab49c64e9dcc427821bd46a2ea0559ec8a0498622e4525124a07c0da826d83ac19dc1233c18fde63506b4682f8869d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe

Filesize
192KB

MD5
976e992c885e27ea2b5cc36b9fa06363

SHA1
a376e506812e1519c6c56f474c6603284f2282b6

SHA256
fd2f1e5c7be56bd037aa553d7ba543e5d8e763867f94da009521621f24010516

SHA512
aa8e5be24d04cb03b5eea83ca6cd80337000beca0381bb1be510afab49edccbda818c8487f0fc0a100890dfd38cb9aedfd95c737e8fec1954a58f21abec22473

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe

Filesize
192KB

MD5
5374b587e67f67e178a3bf9d478830e6

SHA1
07006435d9aa48d77f645848cbdf6b54c4b1022a

SHA256
742c241bfcc0f7264107ca277bfa24fed693e2370bebf0ac09f708e80af2bd30

SHA512
2449f97bb22d6b4cbf808e3f00754f433143ec004fc73b04aa4aff478906db0c0c845d673faac56a1d15393e2ede840d458d87f592a91903b11e7d71c4bc6f55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe

Filesize
192KB

MD5
5da9049ff52c5bcc2a5fc6a0c573cdc0

SHA1
85433c94d61419d5d5e8a809ed11917859daa6ce

SHA256
35ba62de5613be32008d4741c5ad057d81797423ec1ca29c0171cfff509beb68

SHA512
89c060f612d7544dbf61e20bcee1f102c0a5263a8e8b45a8a66bd9320b6ae7849ec7cb0eeffb5148a4416f33b396e76372073c168d570f319d730dcc49050a69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6572.exe

Filesize
192KB

MD5
25ab2b9be6a7c54ce9c95b006acfac28

SHA1
ce2722ce7d30e88e65efc865990298e574f72488

SHA256
b727aa47a829c703be26101f02f0461d495628b6760f46e9fdfb52f781c96717

SHA512
e12685438a85cfeda82bc168521da757b749a8e0953990026422faa052f66b31926d7e5f600f3846a0e76d6d7c61c589d3094a5d8528fa0583a4b38a8253712c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe

Filesize
192KB

MD5
d478941e0134f5ef3dec2b51aac02213

SHA1
9e144abd78dc1e7438b2547e96031db6a60fb31c

SHA256
4b0a9dc98c592a1175af739cde0d9e9a22a4cbffe5beac88ec117102a16e7db7

SHA512
6b15e085a13a783c6dc2c683353569b03147a93acff277f756ef1125970d2ff7e08d7502b343ef12479f387f370268736e055d17e9250d3218ba95e2645011a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe

Filesize
192KB

MD5
0ef09714ac5264901ee08614a84cebb5

SHA1
cb746392654fd3efd377c567566b8b0bbbb81e05

SHA256
81d40a7024efd27b0b2a2ea3b279d1ee0daffead4d6def8239f8c59ba9c28ac9

SHA512
9af81938e3ef5870854b082bb2e638347875ea9999c6ca50a39924284a116803b3222ae2ea2bafa94ac84adb83ddeb0c06f89ef503aba798d9cb3fdbedc9d9bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe

Filesize
192KB

MD5
2923942fc8fa54a4421213f4faa9711a

SHA1
1f065416153d07566864fd4db17d3c8c9b92a860

SHA256
d30ee3331f123758bda439afd62f3e0767bcbc9d40e93e629b7dea7886d35e9a

SHA512
794e4d0d8b0bd4de1885e25f99ad82f2557a0e3debd5ba6bf1c9f57ffee06980e04dc8a33f077b53025a83b4101bbf5043b08b232cc75a6296f7b3ba7f47b16a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16236.exe

Filesize
192KB

MD5
e7b9c14e7db35d3d287552c272e33553

SHA1
8df736b43249b4487d7100df696476a8e66a7b96

SHA256
856d3583754f2cf259a585d8052e1d764996469f9a15820b5bf2a7f68684dfb0

SHA512
bb2ee000a304be2ce3785e36f0b25c38cdba9d91f268059839150ea1a534a536b2887391aa1186cd704cb126c37365612ecba2228dcba7222ce1c7b7822d0b2d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-180.exe

Filesize
192KB

MD5
15b38215e2ce57cad9b98ba8f91a0152

SHA1
440550319dcfa13b02c20aa46a5eac2fc40f018b

SHA256
3370d914cb4d3fe643d78b0d55231961dfbdc933db6a29e641cea5dab820ead1

SHA512
48631841742d12d756ee678d41b2fc1d1902522d6056972c64bb4a611fde07400d8f8e0bcdb01e3025b924f9bb0c0ab89d90e2a51328584959b69163e25472f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19937.exe

Filesize
192KB

MD5
d5ccef901a2c0d0face75db4bb9990b2

SHA1
4ce137771ddd42616cfe7acc2748d03dddd18b66

SHA256
2f2accb88ca1f772cb005d35d2e9149a13b3fbd0512a41dc024a2a33b39f0324

SHA512
0c2e25981782f29f7fbb1ae4ce994b1c28e0fcac8522bdc759f327cbc6ca2f9dc9334f25d7da283753322bc4ab9e899a8bc98975a262649af4b134cdda050f78

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32464.exe

Filesize
192KB

MD5
bbed3dc296e5af1406a2869cb8702a00

SHA1
6007bb4409dcf35df813eebfa1bf6bbc568d7345

SHA256
ca96a7602af7d9d9feb98a60a59b5c4118abac10eace61887601a2baca841f58

SHA512
d191bfa2c237934fa53c0cd614d10d53770bc31ae67f837894097e508ca19f9f42a005afb1e8478bdb4f8006afeece8c60b79be16b5c31abc6b0a15d7588adaf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe

Filesize
192KB

MD5
5a5cc71203ad857fbb339adf1c14017b

SHA1
a0d1e82fdf7f5ca74ca34b81a6483040fcd6a136

SHA256
6b77c2dac8c85c0337bca8390a82175b0e108308bb05c2e86f9df854b3dbb2d9

SHA512
2c54c4c1fada2446e4be8c65edcd1ade0e3277fb62e3e083536215b50f0dfe1e31eb218546ca1c3e894d6bf2220cd7578121152a44b7e73a2534cf6b6b12e08b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe

Filesize
192KB

MD5
27a749413a7b9b52fcb68f6551faaf4d

SHA1
958bfdc72377708ef9ac000cfd80fd6d89cfabe7

SHA256
ab4ba72f77354187302b9de4e9062692d0822c5d6e866ce30c1a1943ffddf676

SHA512
7e0c008b8efdef1c53d75761b359c507f96469846fb017b54a90ddfa754bfff296d288227d47910c047cc11c489fa3ea0033039d157f33e8c6b660f878a289da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45832.exe

Filesize
192KB

MD5
ff3d6ac13c0fb9dcfc27667ceb61c33e

SHA1
1f4ed600ec81f9196e81eece1000ea0b0154ecbd

SHA256
be7dfd4780bba6f61b5febc3de7dcae502509dff9395725b13f938964ee697be

SHA512
c8e2854ed44f0c35eea00c1a818a7305ea984076af51ef16441e541714ef2957e5b89f72d57c4d1c9a9cbd58e23741e9ce64e28f8cad7b6e04f686928d4d7b5b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54856.exe

Filesize
192KB

MD5
7f29fd40fac9f746178073ea565ff793

SHA1
4a8899db8017dc3341fd37a4706cd933bc614e04

SHA256
9b8c78e2dc0a77a28687af4fdfc17c5ec8bcfffd1f4881d8b77d77cea170e228

SHA512
7f1360ed680abff10966221708c0dbff8ecff60f026e95fb0c2dc0068a11397d08ac2842eb43a5b42983efc0864dee4ed27ef88c4c3f1232ba9dbd93a4f8520c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe

Filesize
192KB

MD5
aa84a1d54518eb4989cda8e2819e64f1

SHA1
1404fbed84fa9227f707054bbfcea8ea265e6825

SHA256
141200a6447aafb45d5de6bd5bdb4d296a417777a6c46860b320524d25c518c9

SHA512
7826c3e495f9ee8d14f420d8774200fb03f0a3a460c361f31e82ad9b0d97604e616a1e965e91e6a973f234389c8b234a6bd2708652d190f334db40ee45f0fbe1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-71.exe

Filesize
192KB

MD5
5a13323ded64bed5545e700fe46a584e

SHA1
2d008f99d2b5566be79adcf74e9fc2879395b429

SHA256
2d0255f710fbb385d91f045404f3088ada06030c79cb3d647dffd381714399d7

SHA512
654190d1423942feb7ecb6aede6c566604eb4c3597a9fdaf5cecabfc77abce3653151d0783bf5567e6a087b4eafbcf3ac94f3f5443950ed1371c802b6c674eda

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8068.exe

Filesize
192KB

MD5
cad166b875eed26b7e9fb67cb553caf3

SHA1
a8d0416f57808e87cb283ef5db9e3549c4e156a8

SHA256
67f0f4d873339cdd1b0976e224522a162779cfbb9b7451c288f948678fd441f2

SHA512
7c5b2cda7f422a21198ee1deca594397518410e2bfa6dd11f675d252f6647d81b888665622ae89ce54cad9b819d064b13310f7688d2945eda473ac8e3955690d

Download Submit