8eb0d63056840520a5f49c8c44acde506f798f367cbb5c4579a252c7e230790b

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe
Size

184KB
MD5

0281b185e380dd70147ea31a525fcf93
SHA1

ce06dcdce12d8539514ebc4bb14898127fb4d382
SHA256

8eb0d63056840520a5f49c8c44acde506f798f367cbb5c4579a252c7e230790b
SHA512

0fc918c2b1050ebcac5e5fa07d56cc90c873b4fffae5576fc8020b980246bef2588039dfcc1a5e2a62c1ce4e1dfeb2a7e496fa87df94ae17102785e82610d174
SSDEEP

3072:Am1JomwHcDA8oOj/dTsWI8FbKZe60O3iWDExXMPHsNlPvpFD:AmroE88oIdoWI8UyZpNlPvpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2684	Unicorn-27750.exe
2744	Unicorn-14750.exe
1592	Unicorn-20458.exe
2652	Unicorn-42929.exe
2704	Unicorn-64096.exe
792	Unicorn-26593.exe
2104	Unicorn-25882.exe
1456	Unicorn-63385.exe
2884	Unicorn-1377.exe
1728	Unicorn-38326.exe
2276	Unicorn-30712.exe
1564	Unicorn-8798.exe
1752	Unicorn-50386.exe
2100	Unicorn-49831.exe
2396	Unicorn-23080.exe
2988	Unicorn-42623.exe
1176	Unicorn-6421.exe
1012	Unicorn-36078.exe
3040	Unicorn-41829.exe
2416	Unicorn-5627.exe
1744	Unicorn-50189.exe
1220	Unicorn-54273.exe
1652	Unicorn-18839.exe
1904	Unicorn-2503.exe
2468	Unicorn-51149.exe
1284	Unicorn-10863.exe
2328	Unicorn-18477.exe
2008	Unicorn-14392.exe
3024	Unicorn-47257.exe
2612	Unicorn-27391.exe
2964	Unicorn-241.exe
2404	Unicorn-21622.exe
2608	Unicorn-59125.exe
1928	Unicorn-1201.exe
1588	Unicorn-26452.exe
1572	Unicorn-9561.exe
556	Unicorn-34812.exe
2108	Unicorn-1393.exe
2144	Unicorn-1393.exe
2888	Unicorn-54102.exe
2860	Unicorn-25514.exe
2620	Unicorn-25514.exe
1508	Unicorn-63017.exe
2800	Unicorn-50978.exe
2832	Unicorn-31112.exe
2668	Unicorn-55809.exe
3044	Unicorn-10137.exe
2436	Unicorn-43556.exe
1568	Unicorn-29825.exe
1072	Unicorn-57283.exe
1620	Unicorn-36863.exe
1808	Unicorn-22918.exe
1296	Unicorn-22918.exe
808	Unicorn-22918.exe
1964	Unicorn-22918.exe
2216	Unicorn-22918.exe
1256	Unicorn-42784.exe
2356	Unicorn-22918.exe
1664	Unicorn-42784.exe
2160	Unicorn-42784.exe
2704	Unicorn-22918.exe
1676	Unicorn-42784.exe
1468	Unicorn-22918.exe
972	Unicorn-42784.exe

Loads dropped DLL 64 IoCs

pid	Process
2736	0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe
2736	0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe
2684	Unicorn-27750.exe
2684	Unicorn-27750.exe
2736	0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe
2736	0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe
2744	Unicorn-14750.exe
2744	Unicorn-14750.exe
2684	Unicorn-27750.exe
2684	Unicorn-27750.exe
1592	Unicorn-20458.exe
1592	Unicorn-20458.exe
2652	Unicorn-42929.exe
2652	Unicorn-42929.exe
2744	Unicorn-14750.exe
2744	Unicorn-14750.exe
2704	Unicorn-64096.exe
2704	Unicorn-64096.exe
792	Unicorn-26593.exe
792	Unicorn-26593.exe
1592	Unicorn-20458.exe
1592	Unicorn-20458.exe
2104	Unicorn-25882.exe
2104	Unicorn-25882.exe
2652	Unicorn-42929.exe
2652	Unicorn-42929.exe
1456	Unicorn-63385.exe
1456	Unicorn-63385.exe
2276	Unicorn-30712.exe
2276	Unicorn-30712.exe
1728	Unicorn-38326.exe
1728	Unicorn-38326.exe
792	Unicorn-26593.exe
792	Unicorn-26593.exe
2704	Unicorn-64096.exe
2704	Unicorn-64096.exe
1564	Unicorn-8798.exe
1564	Unicorn-8798.exe
2104	Unicorn-25882.exe
2104	Unicorn-25882.exe
1752	Unicorn-50386.exe
1752	Unicorn-50386.exe
2100	Unicorn-49831.exe
2100	Unicorn-49831.exe
1456	Unicorn-63385.exe
1456	Unicorn-63385.exe
2884	Unicorn-1377.exe
2884	Unicorn-1377.exe
2988	Unicorn-42623.exe
2988	Unicorn-42623.exe
1728	Unicorn-38326.exe
1728	Unicorn-38326.exe
1012	Unicorn-36078.exe
1012	Unicorn-36078.exe
2396	Unicorn-23080.exe
2396	Unicorn-23080.exe
2276	Unicorn-30712.exe
1176	Unicorn-6421.exe
2276	Unicorn-30712.exe
1176	Unicorn-6421.exe
2416	Unicorn-5627.exe
2416	Unicorn-5627.exe
3040	Unicorn-41829.exe
3040	Unicorn-41829.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2376	2964	WerFault.exe	60
2900	920	WerFault.exe	296
2408	808	WerFault.exe	338
1760	2616	WerFault.exe	339
2572	3068	WerFault.exe	337
1876	2356	WerFault.exe	396
1072	1872	WerFault.exe	453

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9938.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43929.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22918.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5655.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28870.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18137.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-87.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31037.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41562.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20458.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34473.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53538.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29034.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38936.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62542.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26078.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14633.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2736	0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe
2684	Unicorn-27750.exe
2744	Unicorn-14750.exe
1592	Unicorn-20458.exe
2652	Unicorn-42929.exe
792	Unicorn-26593.exe
2704	Unicorn-64096.exe
2104	Unicorn-25882.exe
1456	Unicorn-63385.exe
2884	Unicorn-1377.exe
2276	Unicorn-30712.exe
1728	Unicorn-38326.exe
1564	Unicorn-8798.exe
1752	Unicorn-50386.exe
2100	Unicorn-49831.exe
2396	Unicorn-23080.exe
2988	Unicorn-42623.exe
1012	Unicorn-36078.exe
1176	Unicorn-6421.exe
2416	Unicorn-5627.exe
3040	Unicorn-41829.exe
1744	Unicorn-50189.exe
1220	Unicorn-54273.exe
1652	Unicorn-18839.exe
1904	Unicorn-2503.exe
2468	Unicorn-51149.exe
1284	Unicorn-10863.exe
2328	Unicorn-18477.exe
2008	Unicorn-14392.exe
3024	Unicorn-47257.exe
2612	Unicorn-27391.exe
2964	Unicorn-241.exe
2404	Unicorn-21622.exe
1928	Unicorn-1201.exe
2608	Unicorn-59125.exe
1588	Unicorn-26452.exe
1572	Unicorn-9561.exe
556	Unicorn-34812.exe
2108	Unicorn-1393.exe
2144	Unicorn-1393.exe
2888	Unicorn-54102.exe
2860	Unicorn-25514.exe
2620	Unicorn-25514.exe
2800	Unicorn-50978.exe
1508	Unicorn-63017.exe
2832	Unicorn-31112.exe
2668	Unicorn-55809.exe
2436	Unicorn-43556.exe
3044	Unicorn-10137.exe
1568	Unicorn-29825.exe
1072	Unicorn-57283.exe
1620	Unicorn-36863.exe
1296	Unicorn-22918.exe
1808	Unicorn-22918.exe
2216	Unicorn-22918.exe
1964	Unicorn-22918.exe
808	Unicorn-22918.exe
972	Unicorn-42784.exe
2160	Unicorn-42784.exe
2356	Unicorn-22918.exe
2360	Unicorn-42784.exe
1676	Unicorn-42784.exe
1376	Unicorn-42784.exe
1256	Unicorn-42784.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 2684	2736	0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe	30
PID 2736 wrote to memory of 2684	2736	0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe	30
PID 2736 wrote to memory of 2684	2736	0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe	30
PID 2736 wrote to memory of 2684	2736	0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe	30
PID 2684 wrote to memory of 2744	2684	Unicorn-27750.exe	31
PID 2684 wrote to memory of 2744	2684	Unicorn-27750.exe	31
PID 2684 wrote to memory of 2744	2684	Unicorn-27750.exe	31
PID 2684 wrote to memory of 2744	2684	Unicorn-27750.exe	31
PID 2736 wrote to memory of 1592	2736	0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe	32
PID 2736 wrote to memory of 1592	2736	0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe	32
PID 2736 wrote to memory of 1592	2736	0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe	32
PID 2736 wrote to memory of 1592	2736	0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe	32
PID 2744 wrote to memory of 2652	2744	Unicorn-14750.exe	33
PID 2744 wrote to memory of 2652	2744	Unicorn-14750.exe	33
PID 2744 wrote to memory of 2652	2744	Unicorn-14750.exe	33
PID 2744 wrote to memory of 2652	2744	Unicorn-14750.exe	33
PID 2684 wrote to memory of 2704	2684	Unicorn-27750.exe	34
PID 2684 wrote to memory of 2704	2684	Unicorn-27750.exe	34
PID 2684 wrote to memory of 2704	2684	Unicorn-27750.exe	34
PID 2684 wrote to memory of 2704	2684	Unicorn-27750.exe	34
PID 1592 wrote to memory of 792	1592	Unicorn-20458.exe	35
PID 1592 wrote to memory of 792	1592	Unicorn-20458.exe	35
PID 1592 wrote to memory of 792	1592	Unicorn-20458.exe	35
PID 1592 wrote to memory of 792	1592	Unicorn-20458.exe	35
PID 2652 wrote to memory of 2104	2652	Unicorn-42929.exe	36
PID 2652 wrote to memory of 2104	2652	Unicorn-42929.exe	36
PID 2652 wrote to memory of 2104	2652	Unicorn-42929.exe	36
PID 2652 wrote to memory of 2104	2652	Unicorn-42929.exe	36
PID 2744 wrote to memory of 1456	2744	Unicorn-14750.exe	37
PID 2744 wrote to memory of 1456	2744	Unicorn-14750.exe	37
PID 2744 wrote to memory of 1456	2744	Unicorn-14750.exe	37
PID 2744 wrote to memory of 1456	2744	Unicorn-14750.exe	37
PID 2704 wrote to memory of 2884	2704	Unicorn-64096.exe	38
PID 2704 wrote to memory of 2884	2704	Unicorn-64096.exe	38
PID 2704 wrote to memory of 2884	2704	Unicorn-64096.exe	38
PID 2704 wrote to memory of 2884	2704	Unicorn-64096.exe	38
PID 792 wrote to memory of 1728	792	Unicorn-26593.exe	39
PID 792 wrote to memory of 1728	792	Unicorn-26593.exe	39
PID 792 wrote to memory of 1728	792	Unicorn-26593.exe	39
PID 792 wrote to memory of 1728	792	Unicorn-26593.exe	39
PID 1592 wrote to memory of 2276	1592	Unicorn-20458.exe	40
PID 1592 wrote to memory of 2276	1592	Unicorn-20458.exe	40
PID 1592 wrote to memory of 2276	1592	Unicorn-20458.exe	40
PID 1592 wrote to memory of 2276	1592	Unicorn-20458.exe	40
PID 2104 wrote to memory of 1564	2104	Unicorn-25882.exe	41
PID 2104 wrote to memory of 1564	2104	Unicorn-25882.exe	41
PID 2104 wrote to memory of 1564	2104	Unicorn-25882.exe	41
PID 2104 wrote to memory of 1564	2104	Unicorn-25882.exe	41
PID 2652 wrote to memory of 1752	2652	Unicorn-42929.exe	42
PID 2652 wrote to memory of 1752	2652	Unicorn-42929.exe	42
PID 2652 wrote to memory of 1752	2652	Unicorn-42929.exe	42
PID 2652 wrote to memory of 1752	2652	Unicorn-42929.exe	42
PID 1456 wrote to memory of 2100	1456	Unicorn-63385.exe	43
PID 1456 wrote to memory of 2100	1456	Unicorn-63385.exe	43
PID 1456 wrote to memory of 2100	1456	Unicorn-63385.exe	43
PID 1456 wrote to memory of 2100	1456	Unicorn-63385.exe	43
PID 2276 wrote to memory of 2396	2276	Unicorn-30712.exe	44
PID 2276 wrote to memory of 2396	2276	Unicorn-30712.exe	44
PID 2276 wrote to memory of 2396	2276	Unicorn-30712.exe	44
PID 2276 wrote to memory of 2396	2276	Unicorn-30712.exe	44
PID 1728 wrote to memory of 2988	1728	Unicorn-38326.exe	45
PID 1728 wrote to memory of 2988	1728	Unicorn-38326.exe	45
PID 1728 wrote to memory of 2988	1728	Unicorn-38326.exe	45
PID 1728 wrote to memory of 2988	1728	Unicorn-38326.exe	45

C:\Users\Admin\AppData\Local\Temp\0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0281b185e380dd70147ea31a525fcf93_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27750.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27750.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14750.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21622.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36863.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        10⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39362.exe
        12⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
        13⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        14⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        15⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23092.exe
        17⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36102.exe
        18⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57669.exe
        19⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
        20⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43020.exe
        21⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe
        11⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12688.exe
        12⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
        13⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18081.exe
        14⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42217.exe
        15⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
        16⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22900.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        18⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        19⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        20⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41562.exe
        22⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
        9⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42185.exe
        10⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
        11⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        13⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe
        14⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
        15⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
        16⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
        17⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5318.exe
        18⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63808.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35485.exe
        20⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
        11⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12870.exe
        12⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48968.exe
        13⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
        14⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
        15⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe
        16⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        17⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
        18⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        19⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
        9⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59125.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
        9⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
        10⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19565.exe
        12⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53405.exe
        13⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21470.exe
        14⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10481.exe
        16⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32013.exe
        17⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19272.exe
        18⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        8⤵
        Program crash
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29825.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21521.exe
        8⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65070.exe
        10⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
        11⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26078.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
        13⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
        15⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33144.exe
        16⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        17⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
        18⤵
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50189.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14862.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        10⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38838.exe
        11⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39793.exe
        12⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
        13⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe
        14⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57894.exe
        15⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
        16⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        18⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
        19⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        7⤵
        Executes dropped EXE
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18044.exe
        8⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29736.exe
        9⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
        10⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        11⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        12⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
        13⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
        14⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        15⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-658.exe
        16⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62355.exe
        17⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        18⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41562.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23159.exe
        17⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8126.exe
        18⤵
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1943.exe
        7⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59808.exe
        8⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43503.exe
        9⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        10⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
        11⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
        12⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35559.exe
        13⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37090.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53538.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32786.exe
        16⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54270.exe
        17⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        18⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        19⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
        20⤵
        
        PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49831.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54273.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        8⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
        9⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
        10⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        11⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57074.exe
        13⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43395.exe
        14⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41679.exe
        15⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        16⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39138.exe
        17⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3829.exe
        18⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41562.exe
        19⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5236.exe
        9⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60161.exe
        10⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52237.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57084.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4749.exe
        13⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        16⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64934.exe
        17⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29801.exe
        16⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27016.exe
        17⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
        18⤵
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55968.exe
        10⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        11⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56913.exe
        12⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
        13⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20072.exe
        15⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        16⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        17⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
        18⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
        19⤵
        
        PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18839.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1393.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        7⤵
        Executes dropped EXE
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23799.exe
        8⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19518.exe
        9⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
        10⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3228.exe
        11⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        12⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53052.exe
        13⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        14⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
        15⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        16⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16995.exe
        17⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        18⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44177.exe
        19⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
        19⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18776.exe
        7⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35335.exe
        8⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11199.exe
        10⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        11⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13493.exe
        12⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60943.exe
        13⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        14⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        15⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
        16⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62542.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        18⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28521.exe
        11⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54194.exe
        12⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
        13⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
        14⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
        15⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
        16⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19092.exe
        17⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41562.exe
        18⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
        17⤵
        
        PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64096.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2503.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1393.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44027.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
        9⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54287.exe
        11⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe
        12⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35004.exe
        13⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30492.exe
        14⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
        15⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
        16⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9584.exe
        17⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34717.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        6⤵
        Executes dropped EXE
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44406.exe
        8⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        9⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        10⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
        11⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        12⤵
        
        PID:808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 220
        13⤵
        Program crash
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22979.exe
        12⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18422.exe
        14⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4742.exe
        15⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
        16⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17426.exe
        17⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53217.exe
        18⤵
        
        PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36078.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10137.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39468.exe
        7⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        8⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
        9⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
        10⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23862.exe
        11⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
        12⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        13⤵
        
        PID:3068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 220
        14⤵
        Program crash
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18257.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
        9⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31262.exe
        10⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        11⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55792.exe
        12⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        13⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
        14⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        15⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
        16⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18718.exe
        17⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        18⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        12⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5655.exe
        13⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27737.exe
        14⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5313.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
        16⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41562.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        6⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12257.exe
        7⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63539.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
        9⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        10⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
        12⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
        13⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        14⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1426.exe
        15⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
        17⤵
        
        PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
        6⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14120.exe
        7⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38340.exe
        10⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
        11⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
        12⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57318.exe
        13⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42033.exe
        14⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        15⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        16⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32154.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
        9⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
        10⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62071.exe
        11⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
        12⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe
        13⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
        14⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38936.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
        13⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        14⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
        15⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        16⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20187.exe
        17⤵
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27119.exe
        6⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35112.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21184.exe
        8⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18832.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        10⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21828.exe
        11⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59080.exe
        12⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26974.exe
        13⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12910.exe
        14⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8323.exe
        15⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29481.exe
        16⤵
        
        PID:1580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20458.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20458.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38326.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42623.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        8⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
        9⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
        10⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50877.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35112.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10446.exe
        10⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
        11⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
        12⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52419.exe
        13⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35559.exe
        14⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
        15⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52033.exe
        16⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59869.exe
        17⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37602.exe
        18⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
        19⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        20⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41562.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
        18⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33591.exe
        19⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        7⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58692.exe
        8⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
        9⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46129.exe
        10⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        11⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        12⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-286.exe
        13⤵
        
        PID:920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 240
        14⤵
        Program crash
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62979.exe
        9⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36477.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
        11⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51516.exe
        12⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36662.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45012.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        16⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
        17⤵
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54102.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
        8⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
        9⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        10⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        11⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        12⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        13⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
        14⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        15⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        16⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11073.exe
        17⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        18⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36523.exe
        19⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        13⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
        15⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        16⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32828.exe
        17⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        18⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        11⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63400.exe
        12⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58797.exe
        13⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29034.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4197.exe
        15⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        17⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60882.exe
        7⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
        8⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
        10⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16628.exe
        11⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        12⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        13⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38136.exe
        14⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
        15⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        16⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37078.exe
        17⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        18⤵
        
        PID:1764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42784.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1541.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-249.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27188.exe
        10⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
        11⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
        12⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53955.exe
        13⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
        14⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15089.exe
        16⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        17⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exe
        18⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        19⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        20⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
        8⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18823.exe
        9⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
        10⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8454.exe
        11⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16997.exe
        13⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        14⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
        15⤵
        Program crash
        
        PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23708.exe
        6⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21962.exe
        7⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50732.exe
        9⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55553.exe
        10⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
        11⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        12⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
        13⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39781.exe
        14⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        15⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        16⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        17⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36029.exe
        6⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4333.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
        9⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41127.exe
        10⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        11⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19820.exe
        12⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
        13⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        14⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48764.exe
        15⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        16⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40280.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14392.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38892.exe
        7⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
        8⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57426.exe
        9⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
        10⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11199.exe
        11⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44254.exe
        14⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36870.exe
        15⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
        16⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20938.exe
        17⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58837.exe
        18⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
        6⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26404.exe
        7⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50732.exe
        8⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56705.exe
        9⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
        10⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60255.exe
        11⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        12⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40549.exe
        13⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49117.exe
        14⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe
        15⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35485.exe
        17⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55809.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
        6⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24702.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15106.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55195.exe
        9⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61552.exe
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55086.exe
        11⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe
        12⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31971.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        14⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44073.exe
        15⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
        16⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
        17⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20788.exe
        6⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41090.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5973.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
        9⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        10⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        11⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        12⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
        13⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29427.exe
        13⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13299.exe
        14⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        15⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        16⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25542.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32632.exe
        10⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53815.exe
        11⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
        12⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
        13⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58930.exe
        14⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        15⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65282.exe
        16⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        17⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        16⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
        14⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        15⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60674.exe
        16⤵
        
        PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
        6⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        8⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38008.exe
        11⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
        12⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
        13⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57793.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        15⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        16⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32802.exe
        17⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62491.exe
        10⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-997.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13685.exe
        12⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        13⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19173.exe
        14⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
        16⤵
        Program crash
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24262.exe
        5⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3705.exe
        6⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12501.exe
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32917.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe
        10⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        11⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        12⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 220
        13⤵
        Program crash
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
        9⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
        10⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33006.exe
        11⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61898.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
        13⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16611.exe
        14⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32828.exe
        15⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57493.exe
        16⤵
        
        PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe

Filesize
184KB

MD5
1d894bcd11196063799446ec26a645d1

SHA1
70930555a3bed636d16fe5f7a4dedb96a6f9a771

SHA256
e9ef31055e0ffc34697dedbbe8dbd86579b2a732c4db82684558d91b28d71c14

SHA512
457a38f4f44808aa9f7beb2b319221f90c05d8ee753b7b2aa3486cb6745b273bf9fd392930191fd7e815e302ccb827453182dd48e6968b00db44b2dee21b60fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe

Filesize
184KB

MD5
a062ed84514d7e41e33885be49aa3e60

SHA1
b04a83a9e704fdca4739fd08300983da98c46196

SHA256
0a6404efb56393fc23704646f0cab1ce6fd9e0881371ded4099a48de0058bf5d

SHA512
6223aec40a4b776db4254c19a4cf8157b775484890ce0e8a7a8f1d3891933b0e2d9bb7f2a2ba5f13559fda596adeed334604283eba9c33cd6dafe46ee91de4cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34426.exe

Filesize
184KB

MD5
c6fd7d52c1cd8d03c5f18daf50d0659a

SHA1
c24e62d7f1316827c81c7cfbb669e22711e3e164

SHA256
b215c82c1883e12ebb2e426e9f91c97074f9baa5910ae1f9f7c5fd05a0e8887b

SHA512
34086e492423e1f9d4fad0e66de7de48f0c4c84119677638635aea8a4fa7123eb8b1c1de27e1fd0dbb66207cc8a4cc59aca2b8891c14cdc63b3b2d5fb1bba39e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38326.exe

Filesize
184KB

MD5
9192adb7f4e02830b0a847b40485f6b2

SHA1
a519fb34ccdc9bf8b0edf3a66dd194a0acf1d63d

SHA256
42dc4d1f2dddd1867c7170ca85671936531b67b8571616e34ae2a9255d54d1cb

SHA512
832661d86343d3f4223badf3651cd38ca916eb73db75ed59e246081a2ea743dfb56b99e528a3299225ecd713f74480c5fcbfc6558e1211e1f0b900d4224b8aed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42185.exe

Filesize
184KB

MD5
413785de7872e0aea1f935595e405613

SHA1
2fa6b1dd49813ac2d006a14d0f5f079d7b0c8575

SHA256
d1695fde3b6be6e9778caf992466d91187bf0b96eddf8d29481e0ecc5c0ac70e

SHA512
e2e845c354563caa76425f6bdfe2b29a8e843f508726c23d0deff449af5d3bf3e719dca90f2ba9437b2257579588a9a1cf9f903fee7496f339f3552c89245ddf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42623.exe

Filesize
184KB

MD5
28cbe449884e3a7d906a0c899bb41914

SHA1
695f46ae18ddc439e3f38a31df19006c14deec1f

SHA256
50c3867eb5c042891220a9b396c8f2eb6014522e75898d09da77a44cf4dfa81a

SHA512
3c48a9b6208dc9f01e6dab5d4dc52ef5928550c8ac303c62887ca84a57dd8da537e8e46c0a5599e5e9a4f51d997ec8f79d15a68ae8ae8406cd4e0186557e80f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53955.exe

Filesize
184KB

MD5
e4a9266baef7c7f21c68d1085323e7d4

SHA1
c012896a355090919653936920b816c227ca4e6f

SHA256
3d84b4b7afcb443c5dd4b524d1199b67902dd1d90ecdc7c6947995267a7bd83a

SHA512
9fbcf0a209fa4487da4d1eb1f64b6bc41c609bf98e45834236528f43318cc417b48604d2c3c452cd10c2c8cc64f8be8536999ca80d8dcd6ba3e9cee44fa54401

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe

Filesize
184KB

MD5
1a9d8d0ecae88a476a559866cd439a75

SHA1
3f8531e83cc26a5ee921ae596ccddfafce055273

SHA256
d72d71b8c02da9ef811440c7d3d126556312051026ddc2923996204983307082

SHA512
b860cea9445838aadd992be86578e6326451913d85f5115735cbac0ecf2c90da16713116e5960be8ceb80cfbba9a22fa81127572d6951307dd7bfd019cb3a084

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5652.exe

Filesize
184KB

MD5
0ee9cd419dad472d561895c4c870916f

SHA1
67657d393ec3425addc109ff87e1a7e744fe5cfb

SHA256
74afb08b130c6f09330a49d667ae54bb257b94c02995f930652b84c7eccff1b8

SHA512
686db6ba5d0d2bd6952c9741fe843a57d9fbcd16d47628954f9bbbaf4b078458ce616c0c7e1e573c62f5b3bd50f45f436bf8af5a881d30682f6085ce96ccb725

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe

Filesize
184KB

MD5
21fb1908f49d9a8b05f0d2ac3326afc7

SHA1
9de6edc77f48c209e6133ae2dfe9b861b1d76709

SHA256
ab6bf69611cf7e1f642e13bb10702c0de3cbc123e5b11bc2c3766d82dc310146

SHA512
7109ee16959b5b63e563b4fcc8ee1f485fb24dec0ec0f60c8af20d1f37282b6c39e0065ed1d8e280958bf50b4757068b9ec6a17b8b89470d06416cf397dee127

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5973.exe

Filesize
184KB

MD5
23b8cb109fb83df72e2123318590a850

SHA1
f2aad59404f2c1e3e881d405f8874fca5b75999f

SHA256
8410ca40afaaac3722c412b49dc8edf0100f06433adf99a6116e76eca71b90cd

SHA512
ab58d33c2a89ae64b1964ed85639269a7f15f9d978996cfa21bf1e0a13f3cd8836dc83c5af0243f47f955d37445a1ee8e7b382fc7471ceccf2dab2b598620a2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6036.exe

Filesize
184KB

MD5
27783df7eb653b64b2841dac8f2f37cc

SHA1
3739d03ce220ed89875b5f9f1b50f033cacf098e

SHA256
9419c29f4a572f1062de3b29454324dbf06080c12fb85ffdcaf9a4749fc4e2e5

SHA512
870cada53c35b5b024ac23d42b998e9884046f073c6c113d670872ad204b5f763258b4f0fb7dbbb73ed13ed3eca48dfc9e8fbbc5ad642aed566afbba8c6fc91e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6285.exe

Filesize
184KB

MD5
f1f37f2bdf64e122b53f07a3c2075e49

SHA1
b40745b799543a62557757bd27ea958f11f3b83c

SHA256
f1baddc87ca5718d9fc1e520c316e2d08ffcef0439cb77e0301615c6036b7c6e

SHA512
0acc5f8074d3a8d70994a89dfdb3d0e6003d0219773401c3a033038ff6921c6d5405b23690c84951b7ef63cd796b64d5c188a8b2ef6905d9730a9edac1085d1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe

Filesize
184KB

MD5
7f301c2eebc7ee619651e1e78421cc66

SHA1
b8bd265d1347386c602d886822c15348fd1a23f8

SHA256
ac700cd7ccfd78a646be7d2f4a8700f879d1653ef7f8e4a12b8b73a1555d0862

SHA512
8076420f87c8276ad424797cfbd1be4739fd784868a6bd767ffcad781a7da85804126731a07c96d5606e21ade509f5c59888fb00c7d3ee1474a5e72019076c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63539.exe

Filesize
184KB

MD5
cba1d17934e56d195b3b8b2a2d0be4bf

SHA1
8c5f3ec24853e2c4950e6bf9aa2eb731a53b6368

SHA256
77990fc57bca23c481c7c887be81120c34778abe915c9cdf194bf92afe28d161

SHA512
ac5955ad1c3bd2dce2e224ba0d06b7a389525d82a8e0efca2e4f361790c91aa023ed1a94e18afc5db595a877d6d4b5a27288278319203f2b602ee50751e467cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64096.exe

Filesize
184KB

MD5
d3075eebe78ea5cfc174fb02377720e7

SHA1
8f824af04bdcb651d389193b17212a8c535e2178

SHA256
d89bd10d78395b114efb2b5af07f6f423c74629f65acd81408ce13094da98171

SHA512
359bf07c2c1adf2f815ed6a794ccdd8aaac51e5f6b226f95a96343b2747c02a7a3a508cdbcd2289b417d9ef865962aade4666fcc1afac42f8656ca15d66ee601

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe

Filesize
184KB

MD5
8596f997d761c49d06d944d06ab16b7a

SHA1
d1fc743aca9b616fc022f5b9edc84da3146c2e9b

SHA256
ac5157e654a151fa3fec2b14784b41942886c4434759f90c1039f4436f86501a

SHA512
473d8213b5f5d94871f4ffc7143d16952490b34e4a6b27c1ffda7fc317a6e5e8cdb166bc0040e38eada16bed9952a3fc69ccd91e5ff03bc628eb5e278bbc5722

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe

Filesize
184KB

MD5
457f107e07c11e912912714622cdc357

SHA1
eae63382e2db4afc7d8716dc36c20368f8ca214c

SHA256
5c54c28b2aec03f28d61b1681991051e300446e1621b38129850a2b8f6e1790e

SHA512
e01bce3dfe7572f99e42cb4dec162a5e50dab0705fe8f6433a08ead0f8d727f3d57ff77ba5c72779fd9fe4d2c1368f509a6c813dee32b82afd05fc1b5e601b1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe

Filesize
184KB

MD5
1f03e687a31f660d9912dc548e680b87

SHA1
ef5fb121af1aebeca60e935c26d8d6102c13d3e5

SHA256
749297923415facbcb4bb759fefb447eb988773924d68a752829b2831e48bbe5

SHA512
5edb1828203ebb8ccde038fb62be54840e02426aa2ef49dbea84c4d4051f2df84fd62a19722e78bf4fa2f14a7dc618d2dcb896a57a890c31eeb17e8de803b3b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe

Filesize
184KB

MD5
7d0cf0e268813f253663f252e29e0daa

SHA1
066526df77fa6d68cfe9cb551f48516deec891e0

SHA256
a3ceb28e52c0accac4128d4718a58ff9f39ace3f837fe7b414f603707deae6b8

SHA512
46e1914d6212e1c99735d1b38d9d99f49c9d6f82bef58b899916c184fce782c03ad6e3deee5cdee8caff8b43ec474bcc8b052fe6e420d37137aad5bf69df979f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1377.exe

Filesize
184KB

MD5
790855a25a4944a13f75a95ba895423d

SHA1
1422c92defbb38220d2b4bacd10f8a437f7fa7a5

SHA256
a66d4ed55091cb8ad0ac6aa08ae94bd2159f3f872e8ef0450e670589b71889d3

SHA512
3ee8fe0828523ba06284610abb23eb0629796b5123022b23479c31026f786c3cf31d891e22f8343b25ff873bc119592fc950852e29fab59db0529a68abdc6c32

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14750.exe

Filesize
184KB

MD5
38b44c0b6d4b09945331d16f7ea3e07e

SHA1
a9641ead1f6b81c812758d242e61e7e638779348

SHA256
50980466097a2436f090404c4deb5bf57e6751f7cf8218e114853f660c9ba423

SHA512
f1ba4da4293647d023461d06eb1fe249b6806a5fa4d486b9463ae94f277c89632bcc6dfc52c8b6528977e08a259b8641a970a71845e3342d58bf67047a7b169e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20458.exe

Filesize
184KB

MD5
044d9c9782615532e0f27d4ebd55a2f8

SHA1
b68dbd819a198ba4d9079fefec28dbd21e162173

SHA256
fa9b399ca87d5795460c250c04d9f505a122bbac068e6384ae98c6ecf5c13689

SHA512
18b98a2e015b2b9386b55ba432be029eabb241e768b8d839223aec601b8ebcfcb04851af1759a79495989ce969df1f1b229f43dd9dbc74776ca028fcf49cf216

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe

Filesize
184KB

MD5
bbd0bf7bdce48b90da738880691cde6f

SHA1
aaf72fbb2caaf28631ff9ca15d96ab606f457a60

SHA256
cef64a397ffd95b933fd7530cc3470988099a0f86d735022c40c7bea64166d63

SHA512
42e21c7f56c87245c9087a73d74b28ba6a5b4668d7aedbe538721e1c231b8acae4e88310fc7b751a1fef05d802c2fbbebbe74ab75d3ac9f80684110d6befbd2a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe

Filesize
184KB

MD5
411a8346a7ad43f53a81684c9d5d8461

SHA1
14d7b9023965c09195f10a948f20ceb4b24da8be

SHA256
5d8c0b080fdd22e9e6245afe5a1b396e7201f30778cebfa64a37012f6a704506

SHA512
8e85ac88f1aa7f9547afb96017fa49e4501c57c6cc0e4ad83b3d6b200dbead722b10d3eca741e9ea450d16016547cd34f7dd989ab356afb651d2b61c7ee0cbe0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27750.exe

Filesize
184KB

MD5
cdc4d4452343359cf15be399bcbd9bbe

SHA1
c6e432f731df5299541faad61221abe505e43254

SHA256
ac3f5a2b19b9cadd1cee88a2ce58836dcca64e7229e28b158407fb4943cb7bee

SHA512
4cfee3eaf9030b13900e6f98ca2ccb8553d233643a0ba693102e6d02266c3b03b89637945257460001a107b1816ea4a1b0f1c3de32d87c5a3ea2d0b5f72494f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36078.exe

Filesize
184KB

MD5
0cc2ebe9160d068324a3404a0342db15

SHA1
9ae3f7a9948faaf288024fbf088da328358d0b34

SHA256
285e0d360ae064d267dcfea54070ecf666b7ebb93484e78739f40d5a31b44cc4

SHA512
d72ff4a02822c1b7b18e3f1a67cbb7347b079f36f80e4ff7f01c213a09947cd5ae2eecc427aab1b4cd6f6941840f047fea1266134ae12efad6fe5d61bd860e27

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe

Filesize
184KB

MD5
7df4ff7fc6209c2484b9f82f78aa7dca

SHA1
1fc7151e13fe07cd86b3bb58dcdb4a63ea023031

SHA256
40cb54a9fe408f787ea828d31382d12970a33e4c6c024c3aad2044799a4eafd9

SHA512
d2dd82704ade2448213f4ca2eb05d4de874f7f02412a429297eeef73cfe2324ec6f2afd0c83ab1b65c5ae8872fa2cfd89fcae4d701bb44f9fb504b57d2adb313

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49831.exe

Filesize
184KB

MD5
b4174208ebf5fcfc3dc583367b39c7f9

SHA1
d228b42ebf8a9ad0119aa8c34cc753559261e2ee

SHA256
f8395d2abcb8bcae314325d9e004e1d8171cfc47e0f44c1290805be981fec144

SHA512
a91dbec8bbd0f3cc1668d751b3466d901b4bb3f2a96864bef5f2bad4574e14430fdf34d6fc98c588c0f4f382aed07fd993f394abf8021728aeb6b1866edb2a65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe

Filesize
184KB

MD5
b0a724a4b851cedf44331d5203dd4675

SHA1
47a58961102f3cb9b72b1472a452b5b9b14627e1

SHA256
efb1c36eb0b9cc51daad93d4c3f1e41dca00a3b5242947479277cea33cf30272

SHA512
7be074c0e4753d11a92ef5cca47161052f0336f174ecc299486ef2cb8fcf40bd3a2352ed445374e74e62d970ef2357daf1c13670b0b6c7356b7052a452e1bc61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe

Filesize
184KB

MD5
2d625badc47bed035f3d547dd7af2546

SHA1
8771b036a76af3fec3f1abd572d486b681b9aa1f

SHA256
c19e5f1136071509f344340a3762de01eca39dbe7af91dab324cf7043d62d725

SHA512
7c2905908c629fb9e16c6727852ea5ee9cefcc06be461db82b1a4c0b3a26d33e206478a7a773b1780b4143c4afeb540f9ecbf1fc15310df595c1ef8cd27b031f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe

Filesize
184KB

MD5
909b73665ac0fdc3d4905f7ea79c87a2

SHA1
2beb6a2361a4c0b646346951fd81527c6cd4e7d0

SHA256
c65e8c8a4dc13f984dce968feb3d3c129e6ed3531f5c616bb7198879107fcf07

SHA512
fcb039e71af726954c8de4eea41fa4632f5664d1914c47fca517db251df8c84729c2eecf79bded97513bc81ad0e0e3fcdf9b94df08f8106e9462835eb2a3d8e1

Download Submit