198bff10f60844afecf995aa96dc8011ccf1e38508f0c0a69a1946e94c9dbfe7

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe
Size

192KB
MD5

643fcf5ea838425dc876121f1aa18cdc
SHA1

df0151d55cafd547ff596920b900de4349d2e246
SHA256

af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f
SHA512

accbc2839222cd195ab92c6b8c0bedffceb470d5e2f3c6ed3e2df9043912ca21bbd696d1ec76696dd03aa7263f2ab65e27d9f4d2148708bb07ce1700eca55f52
SSDEEP

3072:y7h7o7Vyk7wPnOs48GlEjJOLhhg3MtefeDtYJUE/f5lHtpFl:y7BoTcPnQ8WEjJhy0bB5lHtpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2528	Unicorn-7075.exe
2544	Unicorn-45786.exe
3020	Unicorn-11972.exe
2628	Unicorn-36711.exe
2688	Unicorn-48641.exe
2208	Unicorn-13112.exe
656	Unicorn-12920.exe
2436	Unicorn-58592.exe
2660	Unicorn-49397.exe
2136	Unicorn-18443.exe
1732	Unicorn-14420.exe
1032	Unicorn-51499.exe
1612	Unicorn-26653.exe
1808	Unicorn-12153.exe
544	Unicorn-25536.exe
1432	Unicorn-45210.exe
304	Unicorn-53687.exe
1904	Unicorn-656.exe
1696	Unicorn-17746.exe
2328	Unicorn-64870.exe
1456	Unicorn-31512.exe
2352	Unicorn-51378.exe
2512	Unicorn-25717.exe
2448	Unicorn-58773.exe
760	Unicorn-56505.exe
2164	Unicorn-10833.exe
1500	Unicorn-56469.exe
2392	Unicorn-4315.exe
1744	Unicorn-56573.exe
2900	Unicorn-43334.exe
3024	Unicorn-46179.exe
2704	Unicorn-13506.exe
2616	Unicorn-6988.exe
2324	Unicorn-12546.exe
1396	Unicorn-46537.exe
1916	Unicorn-26671.exe
2504	Unicorn-14248.exe
2508	Unicorn-45229.exe
376	Unicorn-65094.exe
2872	Unicorn-58576.exe
756	Unicorn-12904.exe
3000	Unicorn-45769.exe
1544	Unicorn-25903.exe
2240	Unicorn-18414.exe
372	Unicorn-31604.exe
1728	Unicorn-64625.exe
840	Unicorn-45528.exe
944	Unicorn-65393.exe
604	Unicorn-48180.exe
1480	Unicorn-15325.exe
2880	Unicorn-35191.exe
600	Unicorn-48382.exe
2096	Unicorn-32695.exe
524	Unicorn-63867.exe
2488	Unicorn-18196.exe
1648	Unicorn-25098.exe
2520	Unicorn-57962.exe
1272	Unicorn-22602.exe
2408	Unicorn-36560.exe
2136	Unicorn-56426.exe
2712	Unicorn-27210.exe
2844	Unicorn-56820.exe
580	Unicorn-4054.exe
2756	Unicorn-4054.exe

Loads dropped DLL 64 IoCs

pid	Process
1356	af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe
1356	af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe
1356	af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe
1356	af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2544	Unicorn-45786.exe
2544	Unicorn-45786.exe
3020	Unicorn-11972.exe
2544	Unicorn-45786.exe
3020	Unicorn-11972.exe
2544	Unicorn-45786.exe
2628	Unicorn-36711.exe
2628	Unicorn-36711.exe
2688	Unicorn-48641.exe
3020	Unicorn-11972.exe
2688	Unicorn-48641.exe
3020	Unicorn-11972.exe
2628	Unicorn-36711.exe
2628	Unicorn-36711.exe
656	Unicorn-12920.exe
656	Unicorn-12920.exe
2688	Unicorn-48641.exe
2688	Unicorn-48641.exe
2436	Unicorn-58592.exe
2436	Unicorn-58592.exe
2660	Unicorn-49397.exe
2660	Unicorn-49397.exe
2136	Unicorn-18443.exe
2136	Unicorn-18443.exe
656	Unicorn-12920.exe
656	Unicorn-12920.exe
1732	Unicorn-14420.exe
1732	Unicorn-14420.exe
1032	Unicorn-51499.exe
1032	Unicorn-51499.exe
2436	Unicorn-58592.exe
2436	Unicorn-58592.exe
1612	Unicorn-26653.exe
1612	Unicorn-26653.exe
2660	Unicorn-49397.exe
2660	Unicorn-49397.exe
1808	Unicorn-12153.exe
1808	Unicorn-12153.exe
2136	Unicorn-18443.exe
2136	Unicorn-18443.exe
544	Unicorn-25536.exe
544	Unicorn-25536.exe
1432	Unicorn-45210.exe
1432	Unicorn-45210.exe
1732	Unicorn-14420.exe
1732	Unicorn-14420.exe
304	Unicorn-53687.exe
304	Unicorn-53687.exe
1904	Unicorn-656.exe
1904	Unicorn-656.exe
1032	Unicorn-51499.exe
1032	Unicorn-51499.exe
1696	Unicorn-17746.exe

Program crash 11 IoCs

pid	pid_target	Process	procid_target
2112	2528	WerFault.exe	30
2656	1456	WerFault.exe	53
2756	2052	WerFault.exe	228
1000	2652	WerFault.exe	281
2364	2948	WerFault.exe	226
1272	2424	WerFault.exe	307
2708	1712	WerFault.exe	309
1472	3008	WerFault.exe	346
1992	2524	WerFault.exe	362
2292	564	WerFault.exe	472
3016	2580	WerFault.exe	496

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37729.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48667.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-442.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4759.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12722.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62422.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6318.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65393.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25098.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49814.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29644.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49875.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50481.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1356	af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe
2528	Unicorn-7075.exe
2544	Unicorn-45786.exe
3020	Unicorn-11972.exe
2628	Unicorn-36711.exe
2688	Unicorn-48641.exe
2208	Unicorn-13112.exe
656	Unicorn-12920.exe
2436	Unicorn-58592.exe
2660	Unicorn-49397.exe
2136	Unicorn-18443.exe
1732	Unicorn-14420.exe
1032	Unicorn-51499.exe
1612	Unicorn-26653.exe
1808	Unicorn-12153.exe
544	Unicorn-25536.exe
1432	Unicorn-45210.exe
304	Unicorn-53687.exe
1904	Unicorn-656.exe
1696	Unicorn-17746.exe
2328	Unicorn-64870.exe
2352	Unicorn-51378.exe
1456	Unicorn-31512.exe
2512	Unicorn-25717.exe
2448	Unicorn-58773.exe
2164	Unicorn-10833.exe
760	Unicorn-56505.exe
1500	Unicorn-56469.exe
2392	Unicorn-4315.exe
1744	Unicorn-56573.exe
2900	Unicorn-43334.exe
3024	Unicorn-46179.exe
2704	Unicorn-13506.exe
2616	Unicorn-6988.exe
2324	Unicorn-12546.exe
1396	Unicorn-46537.exe
1916	Unicorn-26671.exe
2504	Unicorn-14248.exe
2508	Unicorn-45229.exe
376	Unicorn-65094.exe
2872	Unicorn-58576.exe
756	Unicorn-12904.exe
1544	Unicorn-25903.exe
3000	Unicorn-45769.exe
2240	Unicorn-18414.exe
944	Unicorn-65393.exe
372	Unicorn-31604.exe
840	Unicorn-45528.exe
1728	Unicorn-64625.exe
604	Unicorn-48180.exe
1480	Unicorn-15325.exe
2880	Unicorn-35191.exe
2096	Unicorn-32695.exe
600	Unicorn-48382.exe
2488	Unicorn-18196.exe
524	Unicorn-63867.exe
1648	Unicorn-25098.exe
2520	Unicorn-57962.exe
1272	Unicorn-22602.exe
2136	Unicorn-56426.exe
2408	Unicorn-36560.exe
2712	Unicorn-27210.exe
2844	Unicorn-56820.exe
580	Unicorn-4054.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 2528	1356	af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe	30
PID 1356 wrote to memory of 2528	1356	af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe	30
PID 1356 wrote to memory of 2528	1356	af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe	30
PID 1356 wrote to memory of 2528	1356	af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe	30
PID 2528 wrote to memory of 2112	2528	Unicorn-7075.exe	31
PID 2528 wrote to memory of 2112	2528	Unicorn-7075.exe	31
PID 2528 wrote to memory of 2112	2528	Unicorn-7075.exe	31
PID 2528 wrote to memory of 2112	2528	Unicorn-7075.exe	31
PID 1356 wrote to memory of 2544	1356	af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe	32
PID 1356 wrote to memory of 2544	1356	af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe	32
PID 1356 wrote to memory of 2544	1356	af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe	32
PID 1356 wrote to memory of 2544	1356	af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe	32
PID 2544 wrote to memory of 3020	2544	Unicorn-45786.exe	34
PID 2544 wrote to memory of 3020	2544	Unicorn-45786.exe	34
PID 2544 wrote to memory of 3020	2544	Unicorn-45786.exe	34
PID 2544 wrote to memory of 3020	2544	Unicorn-45786.exe	34
PID 3020 wrote to memory of 2628	3020	Unicorn-11972.exe	35
PID 3020 wrote to memory of 2628	3020	Unicorn-11972.exe	35
PID 3020 wrote to memory of 2628	3020	Unicorn-11972.exe	35
PID 3020 wrote to memory of 2628	3020	Unicorn-11972.exe	35
PID 2544 wrote to memory of 2688	2544	Unicorn-45786.exe	36
PID 2544 wrote to memory of 2688	2544	Unicorn-45786.exe	36
PID 2544 wrote to memory of 2688	2544	Unicorn-45786.exe	36
PID 2544 wrote to memory of 2688	2544	Unicorn-45786.exe	36
PID 2628 wrote to memory of 2208	2628	Unicorn-36711.exe	37
PID 2628 wrote to memory of 2208	2628	Unicorn-36711.exe	37
PID 2628 wrote to memory of 2208	2628	Unicorn-36711.exe	37
PID 2628 wrote to memory of 2208	2628	Unicorn-36711.exe	37
PID 2688 wrote to memory of 656	2688	Unicorn-48641.exe	38
PID 2688 wrote to memory of 656	2688	Unicorn-48641.exe	38
PID 2688 wrote to memory of 656	2688	Unicorn-48641.exe	38
PID 2688 wrote to memory of 656	2688	Unicorn-48641.exe	38
PID 3020 wrote to memory of 2436	3020	Unicorn-11972.exe	39
PID 3020 wrote to memory of 2436	3020	Unicorn-11972.exe	39
PID 3020 wrote to memory of 2436	3020	Unicorn-11972.exe	39
PID 3020 wrote to memory of 2436	3020	Unicorn-11972.exe	39
PID 2628 wrote to memory of 2660	2628	Unicorn-36711.exe	40
PID 2628 wrote to memory of 2660	2628	Unicorn-36711.exe	40
PID 2628 wrote to memory of 2660	2628	Unicorn-36711.exe	40
PID 2628 wrote to memory of 2660	2628	Unicorn-36711.exe	40
PID 656 wrote to memory of 2136	656	Unicorn-12920.exe	41
PID 656 wrote to memory of 2136	656	Unicorn-12920.exe	41
PID 656 wrote to memory of 2136	656	Unicorn-12920.exe	41
PID 656 wrote to memory of 2136	656	Unicorn-12920.exe	41
PID 2688 wrote to memory of 1732	2688	Unicorn-48641.exe	42
PID 2688 wrote to memory of 1732	2688	Unicorn-48641.exe	42
PID 2688 wrote to memory of 1732	2688	Unicorn-48641.exe	42
PID 2688 wrote to memory of 1732	2688	Unicorn-48641.exe	42
PID 2436 wrote to memory of 1032	2436	Unicorn-58592.exe	43
PID 2436 wrote to memory of 1032	2436	Unicorn-58592.exe	43
PID 2436 wrote to memory of 1032	2436	Unicorn-58592.exe	43
PID 2436 wrote to memory of 1032	2436	Unicorn-58592.exe	43
PID 2660 wrote to memory of 1612	2660	Unicorn-49397.exe	44
PID 2660 wrote to memory of 1612	2660	Unicorn-49397.exe	44
PID 2660 wrote to memory of 1612	2660	Unicorn-49397.exe	44
PID 2660 wrote to memory of 1612	2660	Unicorn-49397.exe	44
PID 2136 wrote to memory of 1808	2136	Unicorn-18443.exe	45
PID 2136 wrote to memory of 1808	2136	Unicorn-18443.exe	45
PID 2136 wrote to memory of 1808	2136	Unicorn-18443.exe	45
PID 2136 wrote to memory of 1808	2136	Unicorn-18443.exe	45
PID 656 wrote to memory of 544	656	Unicorn-12920.exe	46
PID 656 wrote to memory of 544	656	Unicorn-12920.exe	46
PID 656 wrote to memory of 544	656	Unicorn-12920.exe	46
PID 656 wrote to memory of 544	656	Unicorn-12920.exe	46

C:\Users\Admin\AppData\Local\Temp\af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe
"C:\Users\Admin\AppData\Local\Temp\af83b173aeb58c0f57090e8ffbea30614e86e68455c28fad529aa6aa2803186f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7075.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7075.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56573.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18414.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45752.exe
        10⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        11⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        12⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29957.exe
        13⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10370.exe
        14⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        15⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
        16⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
        17⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        18⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
        19⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        20⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5366.exe
        21⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
        14⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62013.exe
        15⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        16⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
        17⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe
        18⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
        19⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
        20⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
        9⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7950.exe
        10⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
        11⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        12⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37729.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        14⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
        15⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29670.exe
        16⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        17⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
        18⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
        19⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        20⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31604.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62581.exe
        9⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3913.exe
        10⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61643.exe
        12⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62579.exe
        13⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13201.exe
        14⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34363.exe
        15⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15857.exe
        17⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
        18⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56990.exe
        19⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55024.exe
        20⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        17⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43334.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65393.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22514.exe
        9⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26742.exe
        10⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61172.exe
        11⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
        12⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63531.exe
        13⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7835.exe
        14⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58517.exe
        15⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
        16⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32878.exe
        17⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49177.exe
        18⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44988.exe
        19⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
        9⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
        11⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63108.exe
        12⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        13⤵
        Program crash
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64870.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24242.exe
        9⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        10⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
        11⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28280.exe
        12⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        13⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
        14⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe
        15⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
        17⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
        18⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
        19⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe
        20⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18131.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        14⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58517.exe
        15⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52715.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        17⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
        18⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        19⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51567.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44000.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
        11⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57334.exe
        12⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1457.exe
        16⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
        17⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2792.exe
        18⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22557.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        11⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        13⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43671.exe
        14⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2671.exe
        15⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48379.exe
        16⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
        17⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        18⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        8⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26296.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61336.exe
        10⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59638.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        12⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        13⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        15⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        17⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26892.exe
        18⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30843.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37017.exe
        9⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        10⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        11⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25668.exe
        12⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26845.exe
        13⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        14⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
        15⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
        16⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51028.exe
        17⤵
        
        PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10833.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27210.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19113.exe
        10⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61068.exe
        11⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
        12⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10370.exe
        13⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8748.exe
        14⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        15⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        16⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
        17⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49218.exe
        18⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
        19⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31526.exe
        9⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24760.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
        11⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
        12⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56881.exe
        13⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
        14⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        15⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        16⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28111.exe
        17⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61574.exe
        18⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        19⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19959.exe
        12⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
        13⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        14⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
        15⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-928.exe
        16⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        17⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46802.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58576.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        10⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        11⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16987.exe
        12⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24672.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        14⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14879.exe
        15⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        16⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        17⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49123.exe
        18⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
        19⤵
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4315.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46537.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44574.exe
        9⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57767.exe
        10⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
        11⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
        12⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe
        13⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53044.exe
        14⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
        15⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20794.exe
        16⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
        17⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39627.exe
        18⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40935.exe
        8⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe
        9⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        10⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
        11⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        12⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58112.exe
        13⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        14⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
        15⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        16⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
        17⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
        18⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        19⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63867.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
        8⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        10⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57464.exe
        11⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64666.exe
        12⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60454.exe
        13⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        14⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
        15⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        16⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4823.exe
        17⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
        18⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
        10⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52696.exe
        11⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
        12⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        13⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
        14⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35387.exe
        15⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7420.exe
        16⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29457.exe
        17⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
        18⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4054.exe
        7⤵
        Executes dropped EXE
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30758.exe
        8⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26221.exe
        10⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
        11⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47903.exe
        12⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
        13⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2533.exe
        14⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
        15⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        16⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
        17⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-409.exe
        18⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25098.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7231.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        9⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
        10⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
        11⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
        12⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10959.exe
        13⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        14⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
        16⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        17⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        18⤵
        
        PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13506.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        10⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        11⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        12⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
        13⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe
        14⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        15⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
        9⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        10⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        11⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
        12⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe
        13⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
        14⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37988.exe
        15⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3152.exe
        16⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42310.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34177.exe
        18⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        19⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10893.exe
        20⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        15⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38442.exe
        16⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62291.exe
        17⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 200
        18⤵
        Program crash
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15325.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe
        9⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
        10⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40311.exe
        11⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35414.exe
        12⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        13⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        15⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53502.exe
        10⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44010.exe
        11⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
        12⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37950.exe
        13⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58517.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53675.exe
        15⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        16⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        17⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        18⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18196.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17377.exe
        9⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10452.exe
        10⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
        11⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        12⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20447.exe
        13⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        14⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        15⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        16⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15278.exe
        17⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        18⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
        19⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        20⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
        18⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 212
        15⤵
        Program crash
        
        PID:1272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 232
        14⤵
        Program crash
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49814.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18644.exe
        14⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        15⤵
        Program crash
        
        PID:1992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 232
        14⤵
        Program crash
        
        PID:2708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
        13⤵
        Program crash
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29644.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        12⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20072.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25136.exe
        14⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4190.exe
        15⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
        16⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19331.exe
        18⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
        10⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52977.exe
        11⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        12⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        13⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11231.exe
        14⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56658.exe
        15⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
        16⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60740.exe
        17⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63259.exe
        18⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        11⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
        12⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41357.exe
        14⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25729.exe
        15⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62650.exe
        16⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe
        17⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16939.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49693.exe
        19⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19761.exe
        17⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
        7⤵
        Program crash
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57962.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        9⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64635.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
        11⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50481.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        13⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
        14⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1010.exe
        15⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        16⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
        18⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10246.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23472.exe
        20⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55425.exe
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe
        9⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55469.exe
        10⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        11⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        12⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3848.exe
        13⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        14⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42679.exe
        15⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61715.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
        17⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        18⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29714.exe
        17⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43687.exe
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
        9⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
        10⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31900.exe
        11⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32748.exe
        12⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        13⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8084.exe
        14⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21493.exe
        15⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53339.exe
        16⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7150.exe
        17⤵
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45229.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23920.exe
        7⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe
        10⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        11⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        12⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43047.exe
        13⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
        14⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47625.exe
        15⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe
        16⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31602.exe
        17⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe
        18⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37125.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13453.exe
        10⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48403.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        12⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        13⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
        14⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46454.exe
        15⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        16⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        17⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
        18⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47115.exe
        19⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
        11⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
        12⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8748.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        14⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31957.exe
        15⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
        16⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
        17⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46802.exe
        18⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12697.exe
        12⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2224.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe
        14⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        15⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23661.exe
        16⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
        17⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
        18⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        14⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14735.exe
        15⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48601.exe
        16⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        17⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
        9⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1205.exe
        10⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
        11⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7854.exe
        12⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42526.exe
        13⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1457.exe
        14⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        15⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        16⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52903.exe
        7⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        9⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        11⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
        12⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30289.exe
        13⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
        14⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10625.exe
        15⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
        16⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-442.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12546.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35191.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26427.exe
        9⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25528.exe
        10⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
        11⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
        12⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61941.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        14⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55914.exe
        15⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        16⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        17⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1802.exe
        18⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
        19⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        9⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
        10⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8454.exe
        11⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
        12⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43095.exe
        13⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        14⤵
        
        PID:564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 236
        15⤵
        Program crash
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        9⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43362.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44311.exe
        11⤵
        
        PID:2052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 200
        12⤵
        Program crash
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
        9⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        10⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        11⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        12⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        13⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
        14⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43874.exe
        15⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55688.exe
        17⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11370.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
        9⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10370.exe
        11⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20072.exe
        12⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4154.exe
        13⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
        14⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15739.exe
        15⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44938.exe
        16⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
        17⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31309.exe
        18⤵
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33177.exe
        8⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        9⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49875.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18201.exe
        11⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21215.exe
        12⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37609.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50501.exe
        14⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47085.exe
        15⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
        16⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5888.exe
        17⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        18⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
        19⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33996.exe
        12⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        13⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        14⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
        15⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        16⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
        16⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51655.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62263.exe
        18⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        9⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        10⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44095.exe
        11⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
        12⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        13⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21302.exe
        14⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-328.exe
        15⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60945.exe
        16⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43373.exe
        17⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        8⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30507.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
        10⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1270.exe
        11⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36791.exe
        12⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36792.exe
        13⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40235.exe
        14⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4781.exe
        15⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34033.exe
        16⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56820.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60801.exe
        7⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11946.exe
        8⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        9⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46314.exe
        10⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
        13⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
        14⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56356.exe
        15⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        16⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32348.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
        18⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45397.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23175.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        9⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40479.exe
        10⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60348.exe
        11⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        12⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48950.exe
        13⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
        14⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
        15⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        16⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31388.exe
        17⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62777.exe
        18⤵
        
        PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18443.exe

Filesize
192KB

MD5
33ed3bd7c7e92b064fbbc6d3c29c718c

SHA1
07b2dc01ef19cd236f72629a0d8a44272988c2ab

SHA256
82ee7f814e21414cae3da8e3287cc167e26f7ba8877020129829b7ed7f1fcfdc

SHA512
2e31983404e86ef094534861687f3c1e2f52b122044c2548fba0495b57f3adfa96ece8831cfc681a042cc97e77286d86eb54b8c9b7a64e3c1106c5de4ee9f947

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe

Filesize
192KB

MD5
e4f007b5d5d2aa84aaf19255dd1ade99

SHA1
d5d638799636dbb24f17b46740a3d66bc593da59

SHA256
a80977f14006e4efbf794609a1068e952dbba26b6a4feb0bec5e3cdf4b80c9ba

SHA512
0fd1604e279044fc17e74389b3f18903cd4729ddd0b28b5d39a6ab5f3e57af3197d8e50852bdf97533572813a9b6528f75310172b1ad846b6b1e4879a0139a5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe

Filesize
192KB

MD5
b315c9b7ac3168f3b34b2aecedc91697

SHA1
fd42436a33ae03a8986f08391425b907aa30e0e7

SHA256
85a718ad13dffddb159bba2118eb6e992ee21963781513a2ac170b5ad6c75aac

SHA512
bdd1ecc5f0b8439a3bdfc59011aaeca6798e9bd4cf3dbe2669556d0ddce4885aa88f598c950fffe4cb3c3789f6a1428637a6ab60e0038bea6cfaad234a3d7c56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40235.exe

Filesize
192KB

MD5
47ee5e48b310eb28973635406a03b508

SHA1
ee1a37f7ba1864770841839c3814c9f6a13e4307

SHA256
c70fa41c5633f564c02357da8ee5b5ad7e311191169fd5e197633acca06901cc

SHA512
7785d591a7dd3c88fa4debc8dbf17b1e2d12cf6a53189ecc6391d6876217525d12acff0e31c7c6f41bbf198530e241fff723875ddfaddd0f48e300755a1e1159

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40935.exe

Filesize
192KB

MD5
6a1aefc13a4d2c93a591d8b6adc7fafc

SHA1
181e60e0951a0716e24c6c95bf2c65cf2e1d96dd

SHA256
53f29c33e5161297d5d9e592b2770bb56ef7a16de8ba819e14c366b32c5254b8

SHA512
2f9cb943cf84de75ffa1096bf8e5578d8a51b82f7fab4272f2742f5676548ca0094d230f06e314b188bc800921c0ce439fd8a99d8d64378e894460e25d6f3cf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe

Filesize
192KB

MD5
218042d6b4e09d439576119d803dcfb3

SHA1
f78708a56ea0fc0852d8cac4c629353de485535f

SHA256
dcd0e6a96794ba8041589d06668d16b3a6bf476b513c3d69935e5c6a9784db67

SHA512
7cfdd5aa0d7deb5dc52ed4879ce5044d44f15d956a1a6f5a6cd5c0a6290aa1a33cea2bed209e386523cf878700b0ac8e8a921e2183683e85fe473583ba51b16d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe

Filesize
192KB

MD5
6f049808bec3ada6c983e7824ccf458a

SHA1
14dcd8c58cc6e70701e5c2c91ff17daa646bddee

SHA256
d3094d9c339e69e31cc9b8400df5052d9d7c7c47a485a01657578e718f84013f

SHA512
a572eefe54643176d1eb8439492735ca4944946d477e5f57920761b678d227d65508afa87a7fac40759172a354ee8d2ae6eadf94bac62f79c48f391991bc4d4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5461.exe

Filesize
192KB

MD5
217e671edd0104e3f7c87f539510062f

SHA1
66eb049e60e8d364320299b6730d645c6324e4d9

SHA256
cad39a4534002352519b781f7a7bca0989b8dddbfcfef099a83488b58db09ec6

SHA512
4ae059848eacb8224b60d1eca04b39650c0eb158ca26519c125ff0d3329f048faf1149fb9d13b79413f891a2e35f6a069d7bfae24461cb230c04161c04858656

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe

Filesize
192KB

MD5
3c52c35483a1cdfb1255be6fcd6f0221

SHA1
3ab2b21927a7a2f4da129e2bcea12a1916c79e26

SHA256
d3e1be443f56ba93e0aa2f00ea9976474d11d7dc3ad7d956c2f081c954c08fa9

SHA512
792e5ed6ce0a1db3eea413015343719d7d16ba993e37dd38529d74b0882afbb42d45adab1d323048dfa3d488f563f70765dce78948ca2f33bc9bc5bd95f9813c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56991.exe

Filesize
192KB

MD5
a467945af6404b9d3ba29c42855062fb

SHA1
4fc1eb6067ae53d7f6a9c27f3e57ae6f27c0b8ca

SHA256
ea03828c9aa564e2e7254978ca02f3fefd579cd4ac72b65453b88aba6511cd9d

SHA512
e29c0fa05862710ab5cd31e5667164d3bec9a05941f387e933fdc4a9129b168ac7e3fa617eb0fcfe28e188385396c6dff3318d2658a242f80947abaa03ced870

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe

Filesize
192KB

MD5
478a7412aa35ccf123365fbf9ceaa1ea

SHA1
be639664869090aacfe05bfaabc11da42b16c4b1

SHA256
3cb77bb30bc101cf9b79c3d08d55dc64eb22bbf07459bdd5aee20d6709db64c2

SHA512
537d57cb87213ecb64bad2b3ddc98f67daf36d6b16beca7f82fb0528dd9ea9b6b8f268ff15e7badbf9db728e483c3614452cb29112f8a9d007b49121b9df691b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5888.exe

Filesize
192KB

MD5
b953fdda46672516cb682dae445a1e3b

SHA1
17a6607fc862d89500e09f2b5ab97a04c71753fe

SHA256
8cbfa01e89bd7788b9b80781a7791a2cedee502235e254f7e3be4a189eafbf4c

SHA512
35bc8a615b94594844e2c52a9107698b0bc1f8ba690e3efad9985aa07b287fb15290e4531010e5be16eedbccc17ad5bd262e4414589b08dd08190d29aba2edf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5895.exe

Filesize
192KB

MD5
3b1934b913a2f77edc2e72be81251b14

SHA1
ce33afe88e13a35dfd96a9c4f99d7b355e0b0936

SHA256
c6113f25bba395d0f15229bf3c1a1a81554e998ec178920c87af822b9ccb6eb0

SHA512
8802ae2f0dd9fe797082a5b39d14770d599dce19a5e8fd6935f552c3d44b96a7027bc187ee3aa25e1b6ba6d214ec0a2c09859e441464ee4935eb33ebe5f86166

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe

Filesize
192KB

MD5
5532126bbfbe67c2e7dc4310bb9c26a4

SHA1
17c2083e5085dc49c0adc7eac342bce9cb5b9879

SHA256
a811a8d2028e9637f14d159810d86bc0c7fd648499e38c031aba9946717a6acf

SHA512
8d0e2bd3107215842b6967ff61f1d324ece8ed5c75062d9e96444cc25b3ba7804636b113d62b29832fe1f17f9ce6641fb949e8c2c0a752d32773eeb401fbf004

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe

Filesize
192KB

MD5
0401b7d688858a135b0706afde88306b

SHA1
053519cac15c78fd56631db09858419b9e91b1cf

SHA256
e21625ad308ab90460264be4f89f39cfccd5b72bb5eb7d4107a448128adee80a

SHA512
20064a9c5c49a169f9a23c11df73c384ecf75a1c727a398f242886cfbb9e6317f2610dea1627a5a64f7cceadca9af926f0ccd71d4b630a899c2312ab4ec694ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7075.exe

Filesize
192KB

MD5
e8f144ba9965f5b3b72b1b55dabe9e65

SHA1
88d444b1ee6c323bd6376b36f82ba9f0aa3177ec

SHA256
fd844a696b819c732db9c9fa431f5d1b5d4cddbf568fd1ecb0eb6baa2d5ad5c9

SHA512
5d2a9538f76f620b177760b475970b68da98ff32cfa5533ceb824a0a2bd9490c6b056037011c767768d836b163d83e3ee3cd88915896914483b9f7273293ea4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe

Filesize
192KB

MD5
8ea76ddbc0cd887f088663d60f9695fa

SHA1
940f9707a986ea52fd61eaa1bbfd92bb186405e5

SHA256
cdabba67c011771af8703df8b9a639d7daeac294c271006f68f0f699ced4fa3b

SHA512
059aba739e7dbdabab53de3af08395ab1e71dd148dc2ad963d4d4f00485325b8812632532c7dab3c1ffbcd88bcaed30a47184b32d5969e4cb66be02b27f8a45f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe

Filesize
192KB

MD5
23846d0db8c0d5a6cac31b00dc2a817e

SHA1
111b85df5b44cbd908d8f890dbd6298c12e415a5

SHA256
97629ed457787dc60af57731c07480c6f67b76c62fd1b41aea7d30a177fb5364

SHA512
d1dc35e76848d6e18d9f29aef88e4d4f7c284cbd1a765b5dcb437e542b37e14f0f2d68163c75400438e204506b8ffa62c8c777584ed6dcd3fa81e05220ea317f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12153.exe

Filesize
192KB

MD5
4861145e6c25a47dfdd612fa98f914ba

SHA1
47e04f12bf55b899a5138b911f8b2fe753307bd4

SHA256
e4472bc8b411029029aa8024467c63aa452fbef85a997c3ca8bc962b70314c5e

SHA512
095c745112b483622ddddcd33b1dc362ecca1aa6929989692242cb14410736f72278237681f3772058ba37f730074f3727b5f1174cbe7ec1339c4d1375fc1119

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe

Filesize
192KB

MD5
65f5b39d26cfc87c34169563dfdb8b2b

SHA1
7ff0bdb86eee439228c99ccbd291ee625d6f3191

SHA256
8aa91f391771da917bd2b21294c022f8b063ec38f790f800606b9a528a4b48aa

SHA512
1466586d23e4af38434aafa234aee2d5ddb8a6594b7a2bb2907d3612758af972d3af6ea171466b4ce414104683a7b2423e7aef7d92050e1195a42a6c4955904a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe

Filesize
192KB

MD5
cb32e9690cf3c071177f4a92b97d74a1

SHA1
89d5520c7ac4f42b3ef1125fafc5120262418d09

SHA256
fc06cebff9146a25dd0ed3b4222217870f31eaa3f39e705692f40a9dd15de7f5

SHA512
3ae76a04e7a9645f00ea6ba852bccddae42993b360ab03d6915affb70d0d1497874713e614b027ddec5cf2b4a542ea045327ecd0d72d749e7a71990fb8ac5a1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe

Filesize
192KB

MD5
5623b66e280e4a95ee01d75ac3a248d2

SHA1
4eafe287dcf2e73f49114a8f71a8a633c15e0681

SHA256
4bf655f2cb336866ce83fb2357228b2db6503a02bd74528d7511edafa0fc1bc5

SHA512
4e8b0d80490903cdc0a560894158a4701efe6379445ada1eb014a6098061c2168d191de3f2c685669703ddda52091eb546460bcd50445185ca9ae281c6df3c84

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25536.exe

Filesize
192KB

MD5
90e861078404f9cc3462af1e5a3ce56e

SHA1
44df74f05cb78cc5ef7a37ed42708f68b4e15fad

SHA256
b2c16af1538d03a2a1710e55f666d96d89f2c8fc99b2630143cfa29a56640a36

SHA512
19a320251f31913a919c4287a95c9fc3ec46b583211f06815d371906e1f3a2b7f43c7f1d834b630ee75d90e915ffeea7b456eebaf9255cdf8b309895bfbc21db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe

Filesize
192KB

MD5
ed7f79f4ad2c2ad29104e32c4ba53760

SHA1
f850b755acc73fa14200f3fa27efb0655635281d

SHA256
a7834a877dafef9395ee1936f06217b34617c8a6e0963b2550a597a7055e84cf

SHA512
225b03a0ce763f50a2e52077b65b7dc132a3b09f079db7ff459978ef6b2dd4c536dfd38375b5e9bd7875dd937c04c49e6d16ab422cd4a9171b783c5f0ff5c014

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36711.exe

Filesize
192KB

MD5
ae36630d3a054c806e25eeae93780e6c

SHA1
352572b49ac0d26aec199535682a1df61066ebdc

SHA256
8e37dbe49c4cf86ba8561d8219054832504c2360687e0b630c46e5cea757835c

SHA512
a17eb5b640d9417e8b2f5e1971461cf8d3f3051b044d3b6a3d8d928cd3e1b73aa8d2e2c9d576f5d037d8bacc6e41933e09512b52dc52ae04022dde4098969a9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45210.exe

Filesize
192KB

MD5
a9c2e228adaa0d7ede3c951e2a05c82f

SHA1
69635c274eca6cbe5268551eb7633e2deb285792

SHA256
ccf6e5e1c4539432bdb6b52b9f75da02edacb905eae45c97eeddde0c2c693c0b

SHA512
b2a2f1d5c01ddad56a530b3dba9792fca812b807c3b1accd82d45d4a2a459b7b337b56945bac2253dc702e98c94e17fbd974f5f5966b263dac0bbb15be24e27d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe

Filesize
192KB

MD5
6e4bf27fe28173c9127ec4dff99c3d41

SHA1
cfe055234007ab373f6072a210fca3a193337a3f

SHA256
5167bcfd4e78969ff96e1cb50910eae02e74c5831900e49579431e6882ca69e0

SHA512
f818a48e2f471e77f7e9955ae000d309c9e6b6f8d4c03b774be3e02b145d856faecb1b7eff880562d497f99cd003e0c0b040c9a5fcfa10cac82bdf594879fc79

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49397.exe

Filesize
192KB

MD5
9768de65349960152bcf637bb24a3841

SHA1
f0ce5ae8f2dcd1965524978c0da897d680127a81

SHA256
4f50d2f4db9f4c8b6f569651f3ca28ea6581d55fec4caea7dad5975e5b45c9f9

SHA512
0bd15b9861096213604fc90659b8b36981791901932ebda534f5c522c8a2747240b235b66af990f3e8b982e18e1aeaad47287b8da9aac06382c2b5d023daeacd

Download Submit
memory/1576-1161-0x0000000076F20000-0x000000007703F000-memory.dmp

Filesize
1.1MB

Download
memory/1576-1162-0x0000000077040000-0x000000007713A000-memory.dmp

Filesize
1000KB

Download
memory/1576-1164-0x0000000002EB0000-0x000000000300C000-memory.dmp

Filesize
1.4MB

Download
memory/1576-1165-0x00000000026F0000-0x0000000002800000-memory.dmp

Filesize
1.1MB

Download
memory/1576-1066-0x0000000002AB0000-0x0000000002C0C000-memory.dmp

Filesize
1.4MB

Download