5b1718c232628a98818d2f0def0df20884df7ace4977572f3dda0635f01c02b2

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 23:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe
Size

188KB
MD5

1562a1d07d18f651c7f79ca5841303bf
SHA1

e0bc26cb56c840050689f27188ebfb93b458974e
SHA256

5b1718c232628a98818d2f0def0df20884df7ace4977572f3dda0635f01c02b2
SHA512

a9be5aa130a3c1539c95798c8c287db5b5ee791ec9096ddcdf0bcbc3c2043e5e1c2ef436249c9f5b7a14b53fa8a00a59a3683e2133425aadbabb9af9cd7e156e
SSDEEP

3072:cz5do0gt9lbwHkOjNq8STJZWGsCaJlWp2oux4moDhrlvJpFv:czfof8HkqqvTJZEuXxrlvJpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2052	Unicorn-6227.exe
2664	Unicorn-20701.exe
2572	Unicorn-3658.exe
2452	Unicorn-46165.exe
2412	Unicorn-48858.exe
2328	Unicorn-27691.exe
660	Unicorn-56554.exe
2784	Unicorn-26382.exe
2224	Unicorn-7353.exe
1904	Unicorn-7353.exe
544	Unicorn-42910.exe
2164	Unicorn-61754.exe
552	Unicorn-20914.exe
2824	Unicorn-13300.exe
2828	Unicorn-15267.exe
2332	Unicorn-34296.exe
2132	Unicorn-54162.exe
2716	Unicorn-8723.exe
2076	Unicorn-28589.exe
1536	Unicorn-57945.exe
768	Unicorn-19605.exe
1212	Unicorn-64551.exe
2948	Unicorn-30295.exe
2344	Unicorn-50161.exe
3032	Unicorn-52299.exe
1960	Unicorn-44131.exe
1264	Unicorn-25465.exe
2356	Unicorn-5599.exe
2192	Unicorn-15158.exe
1724	Unicorn-56746.exe
2348	Unicorn-11074.exe
1704	Unicorn-50716.exe
2636	Unicorn-35470.exe
2680	Unicorn-38162.exe
2532	Unicorn-52382.exe
2904	Unicorn-52937.exe
2096	Unicorn-50436.exe
2484	Unicorn-46352.exe
2400	Unicorn-42822.exe
2864	Unicorn-21464.exe
1440	Unicorn-13850.exe
584	Unicorn-37800.exe
1592	Unicorn-34462.exe
1892	Unicorn-62496.exe
2572	Unicorn-63627.exe
2384	Unicorn-17956.exe
564	Unicorn-3565.exe
2176	Unicorn-33284.exe
2992	Unicorn-53150.exe
1036	Unicorn-53150.exe
2324	Unicorn-53150.exe
2144	Unicorn-59756.exe
2328	Unicorn-14447.exe
2752	Unicorn-20670.exe
380	Unicorn-25823.exe
1764	Unicorn-19601.exe
1884	Unicorn-16647.exe
2128	Unicorn-2257.exe
1608	Unicorn-45065.exe
2036	Unicorn-55371.exe
1740	Unicorn-16839.exe
2564	Unicorn-5978.exe
2808	Unicorn-40789.exe
2720	Unicorn-2449.exe

Loads dropped DLL 64 IoCs

pid	Process
2796	1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe
2796	1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe
2052	Unicorn-6227.exe
2052	Unicorn-6227.exe
2796	1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe
2796	1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe
2664	Unicorn-20701.exe
2664	Unicorn-20701.exe
2052	Unicorn-6227.exe
2052	Unicorn-6227.exe
2572	Unicorn-3658.exe
2572	Unicorn-3658.exe
2452	Unicorn-46165.exe
2452	Unicorn-46165.exe
2664	Unicorn-20701.exe
2664	Unicorn-20701.exe
2328	Unicorn-27691.exe
2328	Unicorn-27691.exe
2412	Unicorn-48858.exe
2412	Unicorn-48858.exe
2572	Unicorn-3658.exe
2572	Unicorn-3658.exe
660	Unicorn-56554.exe
660	Unicorn-56554.exe
2784	Unicorn-26382.exe
2784	Unicorn-26382.exe
2452	Unicorn-46165.exe
2452	Unicorn-46165.exe
1904	Unicorn-7353.exe
1904	Unicorn-7353.exe
2412	Unicorn-48858.exe
2224	Unicorn-7353.exe
2412	Unicorn-48858.exe
2224	Unicorn-7353.exe
2328	Unicorn-27691.exe
544	Unicorn-42910.exe
2328	Unicorn-27691.exe
544	Unicorn-42910.exe
2164	Unicorn-61754.exe
2164	Unicorn-61754.exe
660	Unicorn-56554.exe
660	Unicorn-56554.exe
552	Unicorn-20914.exe
552	Unicorn-20914.exe
2784	Unicorn-26382.exe
2784	Unicorn-26382.exe
2824	Unicorn-13300.exe
2824	Unicorn-13300.exe
2716	Unicorn-8723.exe
2716	Unicorn-8723.exe
2076	Unicorn-28589.exe
2076	Unicorn-28589.exe
2332	Unicorn-34296.exe
2332	Unicorn-34296.exe
544	Unicorn-42910.exe
544	Unicorn-42910.exe
2828	Unicorn-15267.exe
2828	Unicorn-15267.exe
1904	Unicorn-7353.exe
1904	Unicorn-7353.exe
2132	Unicorn-54162.exe
2132	Unicorn-54162.exe
2224	Unicorn-7353.exe
2224	Unicorn-7353.exe

Program crash 12 IoCs

pid	pid_target	Process	procid_target
2428	1212	WerFault.exe	50
1492	2176	WerFault.exe	78
2668	2204	WerFault.exe	118
2236	448	WerFault.exe	135
2436	1944	WerFault.exe	246
1052	1808	WerFault.exe	269
2884	1036	WerFault.exe	264
408	2356	WerFault.exe	280
2096	928	WerFault.exe	281
2084	908	WerFault.exe	349
2920	2948	WerFault.exe	429
1880	2764	WerFault.exe	484

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15267.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10208.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58836.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27417.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3565.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28211.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56487.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57416.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15853.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19415.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26363.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64152.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60115.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56746.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2081.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13300.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56134.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35470.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2796	1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe
2052	Unicorn-6227.exe
2664	Unicorn-20701.exe
2572	Unicorn-3658.exe
2452	Unicorn-46165.exe
2412	Unicorn-48858.exe
2328	Unicorn-27691.exe
660	Unicorn-56554.exe
2784	Unicorn-26382.exe
2224	Unicorn-7353.exe
1904	Unicorn-7353.exe
544	Unicorn-42910.exe
2164	Unicorn-61754.exe
552	Unicorn-20914.exe
2824	Unicorn-13300.exe
2828	Unicorn-15267.exe
2716	Unicorn-8723.exe
2076	Unicorn-28589.exe
2332	Unicorn-34296.exe
2132	Unicorn-54162.exe
1536	Unicorn-57945.exe
768	Unicorn-19605.exe
1212	Unicorn-64551.exe
2948	Unicorn-30295.exe
2344	Unicorn-50161.exe
3032	Unicorn-52299.exe
1960	Unicorn-44131.exe
1264	Unicorn-25465.exe
2356	Unicorn-5599.exe
1724	Unicorn-56746.exe
2192	Unicorn-15158.exe
1704	Unicorn-50716.exe
2636	Unicorn-35470.exe
2680	Unicorn-38162.exe
2532	Unicorn-52382.exe
2904	Unicorn-52937.exe
2096	Unicorn-50436.exe
2484	Unicorn-46352.exe
2400	Unicorn-42822.exe
2864	Unicorn-21464.exe
1440	Unicorn-13850.exe
584	Unicorn-37800.exe
1592	Unicorn-34462.exe
1892	Unicorn-62496.exe
2572	Unicorn-63627.exe
2384	Unicorn-17956.exe
564	Unicorn-3565.exe
2176	Unicorn-33284.exe
1036	Unicorn-53150.exe
2324	Unicorn-53150.exe
2992	Unicorn-53150.exe
2144	Unicorn-59756.exe
2328	Unicorn-14447.exe
2752	Unicorn-20670.exe
380	Unicorn-25823.exe
1764	Unicorn-19601.exe
1884	Unicorn-16647.exe
2128	Unicorn-2257.exe
1608	Unicorn-45065.exe
2036	Unicorn-55371.exe
2564	Unicorn-5978.exe
2808	Unicorn-40789.exe
1740	Unicorn-16839.exe
2720	Unicorn-2449.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 2052	2796	1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe	29
PID 2796 wrote to memory of 2052	2796	1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe	29
PID 2796 wrote to memory of 2052	2796	1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe	29
PID 2796 wrote to memory of 2052	2796	1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe	29
PID 2052 wrote to memory of 2664	2052	Unicorn-6227.exe	30
PID 2052 wrote to memory of 2664	2052	Unicorn-6227.exe	30
PID 2052 wrote to memory of 2664	2052	Unicorn-6227.exe	30
PID 2052 wrote to memory of 2664	2052	Unicorn-6227.exe	30
PID 2796 wrote to memory of 2572	2796	1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe	31
PID 2796 wrote to memory of 2572	2796	1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe	31
PID 2796 wrote to memory of 2572	2796	1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe	31
PID 2796 wrote to memory of 2572	2796	1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe	31
PID 2664 wrote to memory of 2452	2664	Unicorn-20701.exe	32
PID 2664 wrote to memory of 2452	2664	Unicorn-20701.exe	32
PID 2664 wrote to memory of 2452	2664	Unicorn-20701.exe	32
PID 2664 wrote to memory of 2452	2664	Unicorn-20701.exe	32
PID 2052 wrote to memory of 2412	2052	Unicorn-6227.exe	33
PID 2052 wrote to memory of 2412	2052	Unicorn-6227.exe	33
PID 2052 wrote to memory of 2412	2052	Unicorn-6227.exe	33
PID 2052 wrote to memory of 2412	2052	Unicorn-6227.exe	33
PID 2572 wrote to memory of 2328	2572	Unicorn-3658.exe	34
PID 2572 wrote to memory of 2328	2572	Unicorn-3658.exe	34
PID 2572 wrote to memory of 2328	2572	Unicorn-3658.exe	34
PID 2572 wrote to memory of 2328	2572	Unicorn-3658.exe	34
PID 2452 wrote to memory of 660	2452	Unicorn-46165.exe	35
PID 2452 wrote to memory of 660	2452	Unicorn-46165.exe	35
PID 2452 wrote to memory of 660	2452	Unicorn-46165.exe	35
PID 2452 wrote to memory of 660	2452	Unicorn-46165.exe	35
PID 2664 wrote to memory of 2784	2664	Unicorn-20701.exe	36
PID 2664 wrote to memory of 2784	2664	Unicorn-20701.exe	36
PID 2664 wrote to memory of 2784	2664	Unicorn-20701.exe	36
PID 2664 wrote to memory of 2784	2664	Unicorn-20701.exe	36
PID 2328 wrote to memory of 2224	2328	Unicorn-27691.exe	37
PID 2328 wrote to memory of 2224	2328	Unicorn-27691.exe	37
PID 2328 wrote to memory of 2224	2328	Unicorn-27691.exe	37
PID 2328 wrote to memory of 2224	2328	Unicorn-27691.exe	37
PID 2412 wrote to memory of 1904	2412	Unicorn-48858.exe	38
PID 2412 wrote to memory of 1904	2412	Unicorn-48858.exe	38
PID 2412 wrote to memory of 1904	2412	Unicorn-48858.exe	38
PID 2412 wrote to memory of 1904	2412	Unicorn-48858.exe	38
PID 2572 wrote to memory of 544	2572	Unicorn-3658.exe	39
PID 2572 wrote to memory of 544	2572	Unicorn-3658.exe	39
PID 2572 wrote to memory of 544	2572	Unicorn-3658.exe	39
PID 2572 wrote to memory of 544	2572	Unicorn-3658.exe	39
PID 660 wrote to memory of 2164	660	Unicorn-56554.exe	40
PID 660 wrote to memory of 2164	660	Unicorn-56554.exe	40
PID 660 wrote to memory of 2164	660	Unicorn-56554.exe	40
PID 660 wrote to memory of 2164	660	Unicorn-56554.exe	40
PID 2784 wrote to memory of 552	2784	Unicorn-26382.exe	41
PID 2784 wrote to memory of 552	2784	Unicorn-26382.exe	41
PID 2784 wrote to memory of 552	2784	Unicorn-26382.exe	41
PID 2784 wrote to memory of 552	2784	Unicorn-26382.exe	41
PID 2452 wrote to memory of 2824	2452	Unicorn-46165.exe	42
PID 2452 wrote to memory of 2824	2452	Unicorn-46165.exe	42
PID 2452 wrote to memory of 2824	2452	Unicorn-46165.exe	42
PID 2452 wrote to memory of 2824	2452	Unicorn-46165.exe	42
PID 1904 wrote to memory of 2828	1904	Unicorn-7353.exe	43
PID 1904 wrote to memory of 2828	1904	Unicorn-7353.exe	43
PID 1904 wrote to memory of 2828	1904	Unicorn-7353.exe	43
PID 1904 wrote to memory of 2828	1904	Unicorn-7353.exe	43
PID 2412 wrote to memory of 2332	2412	Unicorn-48858.exe	44
PID 2412 wrote to memory of 2332	2412	Unicorn-48858.exe	44
PID 2412 wrote to memory of 2332	2412	Unicorn-48858.exe	44
PID 2412 wrote to memory of 2332	2412	Unicorn-48858.exe	44

C:\Users\Admin\AppData\Local\Temp\1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\1562a1d07d18f651c7f79ca5841303bf_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35470.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
        10⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        11⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        12⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        13⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40364.exe
        15⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58942.exe
        16⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
        17⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30541.exe
        18⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61983.exe
        19⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        20⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45725.exe
        21⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52742.exe
        22⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4848.exe
        23⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63926.exe
        22⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8305.exe
        23⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
        9⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        10⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
        11⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3036.exe
        12⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64209.exe
        13⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        14⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
        15⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18289.exe
        16⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe
        17⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23878.exe
        18⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe
        19⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2257.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10550.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5693.exe
        11⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64790.exe
        12⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        13⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        14⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
        15⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        16⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
        17⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4500.exe
        18⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51339.exe
        11⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43270.exe
        13⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65356.exe
        14⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12621.exe
        15⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
        16⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6690.exe
        17⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        18⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6671.exe
        20⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38162.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8884.exe
        9⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        10⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31246.exe
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
        12⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
        13⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10680.exe
        14⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
        15⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
        16⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14972.exe
        17⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44770.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        19⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26362.exe
        20⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54645.exe
        14⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
        15⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        16⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10390.exe
        17⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52153.exe
        18⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8311.exe
        20⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60877.exe
        19⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        9⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        12⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58838.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37754.exe
        14⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21366.exe
        15⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29145.exe
        16⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        17⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
        18⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19312.exe
        19⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33806.exe
        20⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4413.exe
        19⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        8⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34588.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        10⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22715.exe
        11⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36176.exe
        12⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
        13⤵
        
        PID:928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 376
        14⤵
        Program crash
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19605.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
        9⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
        9⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
        11⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62647.exe
        12⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 200
        13⤵
        Program crash
        
        PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55755.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
        9⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
        11⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
        12⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
        13⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40800.exe
        14⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
        15⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29009.exe
        16⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43836.exe
        17⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe
        18⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52211.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39414.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50618.exe
        10⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
        11⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64209.exe
        12⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
        13⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
        14⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
        15⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65190.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42819.exe
        17⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        19⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 368
        18⤵
        Program crash
        
        PID:1880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 376
        17⤵
        Program crash
        
        PID:2920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 216
        15⤵
        Program crash
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38567.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12579.exe
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-348.exe
        9⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55143.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5169.exe
        11⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42030.exe
        12⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        13⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22923.exe
        14⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13296.exe
        15⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50987.exe
        16⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60747.exe
        17⤵
        
        PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64551.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
        7⤵
        Program crash
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
        8⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        10⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62159.exe
        11⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26877.exe
        12⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
        13⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21174.exe
        14⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3322.exe
        15⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-940.exe
        16⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
        17⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        18⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        15⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
        16⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        17⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-597.exe
        18⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61468.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
        20⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55096.exe
        7⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        9⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29700.exe
        10⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
        11⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
        12⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        13⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        14⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46628.exe
        15⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43441.exe
        16⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26634.exe
        17⤵
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
        8⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26446.exe
        11⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-483.exe
        12⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        13⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
        14⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
        15⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54246.exe
        16⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50302.exe
        17⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
        19⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
        20⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25339.exe
        18⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24938.exe
        19⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
        20⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65455.exe
        19⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11630.exe
        15⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
        17⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
        18⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16647.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43825.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3612.exe
        11⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        12⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        13⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
        14⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47448.exe
        16⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        17⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        18⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
        7⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        9⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45460.exe
        10⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1552.exe
        11⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24516.exe
        12⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe
        13⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        14⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14152.exe
        15⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53234.exe
        16⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
        17⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19507.exe
        12⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
        13⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe
        14⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48958.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54352.exe
        16⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        17⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        18⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10424.exe
        17⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59600.exe
        18⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
        16⤵
        
        PID:2168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48858.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15267.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15158.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39227.exe
        8⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63067.exe
        9⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56373.exe
        10⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
        11⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22793.exe
        12⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35294.exe
        13⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        15⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-338.exe
        16⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
        17⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        9⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46482.exe
        10⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21532.exe
        11⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
        12⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
        13⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23120.exe
        14⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
        16⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
        17⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        18⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15502.exe
        20⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
        19⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
        10⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35377.exe
        11⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44588.exe
        12⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33011.exe
        14⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
        15⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60769.exe
        16⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        17⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
        16⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33284.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
        7⤵
        Program crash
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56746.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
        8⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
        9⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
        10⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64126.exe
        11⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
        12⤵
        Program crash
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7779.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
        12⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        13⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        14⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7183.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
        16⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42485.exe
        17⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19792.exe
        7⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15948.exe
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61360.exe
        11⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54474.exe
        12⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
        13⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34167.exe
        14⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55808.exe
        15⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        16⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        17⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
        7⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49061.exe
        8⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        9⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe
        10⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59414.exe
        11⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 368
        12⤵
        Program crash
        
        PID:408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25465.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62496.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58272.exe
        9⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        10⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13617.exe
        11⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43270.exe
        12⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37707.exe
        13⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
        14⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42153.exe
        12⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11552.exe
        13⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
        14⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59316.exe
        15⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
        16⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        17⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17052.exe
        7⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54951.exe
        9⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        10⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12242.exe
        11⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22845.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        13⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        14⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        15⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15107.exe
        16⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
        17⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45626.exe
        14⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        15⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
        16⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        17⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49995.exe
        8⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34509.exe
        9⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31921.exe
        10⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        11⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        12⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
        13⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28351.exe
        14⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
        15⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27251.exe
        16⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe
        17⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
        18⤵
        
        PID:868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27691.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11074.exe
        6⤵
        Executes dropped EXE
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39658.exe
        9⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        10⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27925.exe
        11⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
        12⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22741.exe
        13⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe
        14⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
        15⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7437.exe
        16⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
        17⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41438.exe
        18⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
        19⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
        18⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52657.exe
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2081.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
        10⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        11⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
        12⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15003.exe
        13⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1500.exe
        14⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        15⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35471.exe
        16⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43203.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        19⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
        20⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40955.exe
        18⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10283.exe
        19⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26106.exe
        20⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        7⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
        9⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
        11⤵
        
        PID:1036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
        12⤵
        Program crash
        
        PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17956.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        7⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-135.exe
        8⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
        9⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        10⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38418.exe
        11⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65164.exe
        12⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59876.exe
        13⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
        14⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
        15⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe
        16⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58836.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23111.exe
        18⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
        16⤵
        
        PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47971.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe
        8⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3612.exe
        10⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48724.exe
        11⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exe
        12⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55984.exe
        13⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27417.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        15⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55948.exe
        16⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9666.exe
        17⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13850.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19601.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51718.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        8⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32253.exe
        9⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        10⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        11⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-182.exe
        12⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
        13⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
        14⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57453.exe
        15⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        16⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
        17⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60534.exe
        18⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63711.exe
        15⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
        16⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        17⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46503.exe
        10⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40193.exe
        11⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44417.exe
        12⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
        13⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1791.exe
        14⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48875.exe
        15⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21271.exe
        16⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
        17⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37882.exe
        6⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
        7⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
        8⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        9⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31018.exe
        10⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
        11⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58698.exe
        12⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
        14⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
        15⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39741.exe
        16⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        17⤵
        
        PID:1712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42910.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28589.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44131.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
        8⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 200
        9⤵
        Program crash
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29316.exe
        10⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28771.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        12⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
        13⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        14⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        16⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
        14⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2004.exe
        15⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
        16⤵
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48142.exe
        6⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17702.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
        10⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
        11⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31304.exe
        14⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14723.exe
        15⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        16⤵
        
        PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe
        6⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
        7⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53996.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1749.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55330.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27064.exe
        12⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39373.exe
        13⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51153.exe
        14⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42274.exe
        15⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10966.exe
        16⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33004.exe
        6⤵
        
        PID:448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 240
        7⤵
        Program crash
        
        PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5599.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
        8⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
        9⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64209.exe
        10⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-369.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45590.exe
        13⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53239.exe
        14⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
        15⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        16⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        6⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23654.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        9⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11412.exe
        10⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        11⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34167.exe
        12⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        14⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24342.exe
        16⤵
        
        PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12823.exe
        6⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42419.exe
        9⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41132.exe
        10⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63493.exe
        11⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
        12⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4614.exe
        13⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
        14⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe
        15⤵
        
        PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe

Filesize
188KB

MD5
6ee01435934529bdc732c37a600e6574

SHA1
a463de9ef9444361f43d222c1a2147cd99d33185

SHA256
e1d5f232e6dbe83d55aa67adf75dc5fbc0b37ec8eff05a0ce5cf4979187b4497

SHA512
adf34fdc3d4c9a0ce18c827c368e5ea5e70349858346edc3227be9e88e8f2a8626d47d3ecacbee3ecf1dd602e7721bb6f62774b4474d2a26d88c2f489559cc1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe

Filesize
188KB

MD5
c6829d9c697431b4a5a8cfb640def9b6

SHA1
4aaae9a6a0364061c6637b0634967ae1d42d7d1d

SHA256
11bc49bcf9beb447e9479a086a5c1bb21cc1c260cf33f995c8657f5129dc012d

SHA512
ececc102b0797a1dbbd951d2ba5f410ca21893f0d4863744a129680b2bf5629ebf15e6bdd6c2616ebced25e7fc3cb98f21546c57b3d507bb6386da960eb27d52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27691.exe

Filesize
188KB

MD5
7dd546d12219df0025f96221739ad7f4

SHA1
af3558d65599df9e414624161dc1e23e28ab324d

SHA256
1412e43d12a1b54274f93b6ad0c75fb3aa4ccd1da586399a44cb65bdf46deff3

SHA512
6dec9cb3cca72b2d1c618b63b65fcc139e205eaedb03c299a8af00bc3e004ce0e621340eaee66b74c94ef0ef9ba19a35dce4024a982ed822654fc5bfb604d980

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe

Filesize
188KB

MD5
2a63bf376ac00f78afc87567b99d482b

SHA1
0259d685c6050a683f883fd130745aa57324648f

SHA256
7571c3dd2b4882cdc38523c48149a8f8020525f7ef19c6c3073542f026d13701

SHA512
79823ee4ba4dc0e9c024ceefe825dee1025c8f5c976a2182d00aa66d32e471d66d43a9e39ee5ef5d143e4679d3850beb4f9f094527cec541ffad124afe0b6f92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe

Filesize
188KB

MD5
16c519a75bd9a5bdb351753ade318b9d

SHA1
520fa3bbf07ec25d014ece273b1fc63f007f9597

SHA256
ca77f250db117d387a06c226d62144e6cf0114f23e92c876538661c13e0c5ab0

SHA512
06b9cd61da5f57ea7f6fea108b104577d63aaba4b6ff7f1dad2a49384e256f001d9a38e7c8caa8982a0d1d58d30fc3ea7d1fee5a8e48db6ab2cee97898ff503e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37276.exe

Filesize
188KB

MD5
1dd340f40b1f20d8be9a6dca5481b36c

SHA1
98a30b051d52e4fd3ab8cf8cab07a783a7e1abb6

SHA256
bf6e43b9f36de04ef36a5c867f62435ae1de9808ff4936e3d5423a5e6ce8fdb8

SHA512
2803fa7d998c11d6ed017c693fd8211383e4b75884cee6738251fbebe597b3c6671fecf070db95b6ab738a33ba70cdf291dd6f57dc456223101a0f2f473f3f93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40955.exe

Filesize
188KB

MD5
568964ad93c142d69ece4c1979b40ea1

SHA1
41a13891efff7c28b44a1c83041ad52c6eb60857

SHA256
552379370710ba580632ec022cc0823e2ad0d65fd9b313e1be55927a6f1cbcf9

SHA512
eb8f0997d2f284c4cd3dd22a1ba4d377c4a91ec8339fdc500cfb49f017fa876ef6c31bfa22e475815ad9b234a629909fce4e6567ef8548a1a5cc5a6e72f6afdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5978.exe

Filesize
188KB

MD5
6d1eae3266187672550660d3f3c28d47

SHA1
64cff29498b2bf66cd3bfe7277a88ea98e4b4e14

SHA256
67b5ed864355888895530e5d64378d8c5f154a119752459dcf89588926d02a6e

SHA512
13718eb6f21b2deb24d97cf3e79fcab05deb0db5d4ce3f7c95bbb3f4e3e8a2d27013aad26dd936fa03bc1b161fa759f82e0b26a265dc861944862702123f404c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe

Filesize
188KB

MD5
fa22ca649f7838542236346454315bc7

SHA1
cbf1258cc1481d22a457c2069374baa5ffec867f

SHA256
d4dea020d8d7bb423964c266b99ee27366c5d4b0f76755b7604a6331b0fe8696

SHA512
c045a62396d07e07360ffde047d9acd19f38330a775ce2be1f0412d54f1804949a7a3b227aa86e7c85426dc21cb3597841118fec9be9737c5f90773d82f8fa3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe

Filesize
188KB

MD5
e367b6d3ccb39efb62c7aecf2a14283a

SHA1
33f23c118b811cd8f12f73f54e17569f92403f8a

SHA256
78829106802a0360f60ad4aa3f730ba0eedb0bc8851f5a9dd57416e7e7219330

SHA512
8355360daa5e4e42982769eba55c9b097779718ad71ceb5ed7b447e353a3742a1b1635106b23012ba11c8ef52185c5fa04cb0860a527a8d14f5b9032e65253b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6508.exe

Filesize
188KB

MD5
c9d71639f830cb157043e9335823b6a6

SHA1
e4e88eaf88c26c6cad7df555028bcfc37f9cf1bc

SHA256
f599438217ef2103674c8fed94c4b61813b608fdc829384881de7cb6d33e890b

SHA512
892981c889fc575b09e796ab0ddd64e992912441961e63e8675e3940d4a9a433f8ea03e73b1a82db53758a0e1f4d092ef717f28a7a57e6e75fe05c1daf634737

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe

Filesize
188KB

MD5
e7bc9a09c8003fa7eb9cdce9e7175810

SHA1
70d06c6b707057915f9530aba49ff909a205ad36

SHA256
be73b927bde19bf6a4740c50aa0ca556abfa762fe266f5a6299359a862c676e9

SHA512
06588b2f607f40aaca931fe9fb1dda020f6fff3fbf0991fa316d2be076344413d634c5ab7a8a048d952189fb5aa0d568d6c95a5d1d29a4921aa4558749900cad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15267.exe

Filesize
188KB

MD5
b1e1746429c3ab0ac7f4bbf4c5d0de3f

SHA1
ca6c27017650607fe705d95d3cba8c65452532d2

SHA256
375676eea9fb570a13803b6f4ba64d69d53b8e93222dc6dbba5df25ebfddb998

SHA512
fcf08c1fa9948f13bbba39198cdb92d4680ad28cc64278c6ebc645446b016d9c8afb94d236244cf4fc28f771b204f8dc089102770301765626a25f74dbd660e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe

Filesize
188KB

MD5
c4e00bfe7a8777b187b1c12e699ee7c7

SHA1
f628bba527b350f7c3f7c82e86d0cb5c11f8d551

SHA256
0efe2b965bb8e0d4df4516dbae98779259fdc8020627ff05049cd461e3b90def

SHA512
1cfb3374aa71fce9086fcb43096cac608e222fb63ac598f8551486fd3531a80efa3e23a640408d768f2ae2b933a262ddd8acffc63fcacfe5afbf648c6fa626d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe

Filesize
188KB

MD5
8ffce537c2f754c57c84a3383700ee25

SHA1
22f7208770c039528f247db8a838292ebebee351

SHA256
72c80afc0d655ec95a84fe4c324741a5fbc053ab3a6d23cdcc0e97b8f3edd3c5

SHA512
d717b992d68ab34b465c48aa75ea34ec5087b29d911af8808c1fe2a29ed36c5415cec4e28adaf9376dd30ff9404b51b5ce3831537cbad4fa5a5827e71e41a035

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28589.exe

Filesize
188KB

MD5
a83e416fd0417221a9a69004c43c2e99

SHA1
7e46e4f9077078a76392a2ef096ca934b97b0c7d

SHA256
ef54cf0074714aefafb82c713ba75acbe139ca2874250e1578c232b099f2cfe3

SHA512
608bb599a96f20154474e9c801808fa4ef9adcf910fff6f443189dbda7d39a1a060031f2758d3b5d3db402b7ad2de292f39460d3ed8145c8a87d0a21a354c105

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe

Filesize
188KB

MD5
0be324601ad9806038488d9c57b6e6ac

SHA1
d9c48b34e539e922f9e0fb32dd38f74323da0fb2

SHA256
c8062cd2902e346d1da06dbe85628a72df247a5b123318a0e34eafa416790f83

SHA512
d77dab71abf85bdb81582dbd37d38a5cf6d9520d207cfead1b0c6cd81691c5cb9385f7d2ecabb8433146556a8d0b61411fad985d3ef9a3c0edca2df39f5bdf27

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3658.exe

Filesize
188KB

MD5
961ec5f05ed284f1ffa2c52dbdbc6bf3

SHA1
abb91c15705a3f09a1f2e93503e72f8476d31ede

SHA256
f8af92cd395a696abee4b5f7a893a6f55dd0a76d0fda00fcd3ab8366037f26c6

SHA512
e5a74ac3c6bd79bba9370b93f129503596a3d9cb7a72e6f770b93c854ad3883306bed3bebb8f9fa948ec6582d91802af3b7a3f147342f60e7e5c77c2a292c140

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42910.exe

Filesize
188KB

MD5
6e58d946e565ecb4325201eb44340c79

SHA1
93316560208ebf8037e80b280c6ea5a9f7237229

SHA256
266326cd1b55c40ce0c3f2485089b725ceeb43ad269afedc2b3f852a53bfcff7

SHA512
29e043d97f556496e8260f8524994602dd968ea817fe1066f811a6810c800e54da883b1588439652765ffba7f824b601f2e69768763bde43dd1006f2cd4f391b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe

Filesize
188KB

MD5
47bdbbcbf27facefc2e14990cddfaf93

SHA1
6f7487ece4dbc7fbf2497f8adfaea187c1a6e98f

SHA256
3ca4b7edcc607cb4ab6d988e6eda6373289465fc010259ea7533408a8e9ac677

SHA512
7712cd1fb10d40f1cf1bee9c4af98fdd24800afe6a0dc0cf9284ddabf78817ff6f669137afe386f51045cd0d9e678d74fbc61f6b525467dded9dd127c57ab401

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48858.exe

Filesize
188KB

MD5
a0b48d981519e8540d2f16ad8ed79211

SHA1
2eb0e270dcd8f59ae289c4509d5b4af86f5ec233

SHA256
793e4c03654aa596e699a2b970587870720ea54d6542c9bcd9993155070863c3

SHA512
99c3c928cd36f42af6abeb6e133482587c1df2b2261f0adb64d232c2b167ef6ecb1355d215ef07103b4fe8144b1c98335f8277d834732ecdf2ad060b74194b00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe

Filesize
188KB

MD5
1cdfbc51ad151cfc350f023cdf47edd5

SHA1
49d0add2ccd32a33046df5c4b03cc0963fb52db9

SHA256
4ece7fa65a6882cc7417886a8058e37ba8bc4d5566ac152c7f1d12d489751367

SHA512
62a335cf95fffc7497088599c8c88bb502efc08e88f30f7b62b0c347e3366a5658491c8a9341be49745bf677217bab14d7af52f7702b279fc0bbd1a8688ae589

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe

Filesize
188KB

MD5
6e38e8b369cbab1eeaee6e8ea35e149a

SHA1
63099990bdaabe9d00f00e6953295dfdd8db1d04

SHA256
dfdb04c37250ffea52988e862238d252354d910bf738a13eceac862782819bd6

SHA512
a1a6cae3174be5697d77afd3941e921218a062b545da2e061b688f88a81a5544db273fd39c27b671afbaf35607c8d588dbfb187e508d2be4704c79790484105d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe

Filesize
188KB

MD5
1af6ad3d39ff5174097a2017e0ac82f8

SHA1
461e52789bbadb520533b44a89b54839f55d61a8

SHA256
f469fa39590b3666e99ae5d6df40295c2e48acf27c0232182575ef33a310a7c5

SHA512
05536de1926356d480eedc414eddad9374bd3ad735e267ee52c45d4cd1b99fda32a843182a1b2a0f9fb8eb37aba4f7d2539ae083a1dddd3190f1423244b68895

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe

Filesize
188KB

MD5
41b1f95065a2695e628bd7b860a01c06

SHA1
4c6e9f5bef1b698dde0dba0e749a5135d58afe57

SHA256
255bef3104b3b72125ef264676d535cb5a0299d79d040ad0ce28bee7d1d43a32

SHA512
c1debbf5cfa3f59cdb956d6f4cb62a0475c1a698c518ef3255a28fbb8ae2a5e5ba5be9e208230672354a2606f7cdbea54a158608e4cdab65b32ef84fea4a6284

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe

Filesize
188KB

MD5
447f06098ec1c5cc21064fc6ef0ab0fc

SHA1
9dce865be42b7591bc47700985047c41172aa8a7

SHA256
9888353b4b40bc56588a951792380cd7c20a3fda40bd80aa7c091dd3c8109419

SHA512
989fe6e59ddffd6d5ed941687d52768a995dd30691d653d65ab6aa0121b66f2293a7f683a9ef2412132a7e8682b2f2112602b6947948208fd5420985dffec74c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe

Filesize
188KB

MD5
e37f36847a61a22c910f8ff217729db2

SHA1
88a69cce59b34894ff2890c3a78917d54d6b7fee

SHA256
13f62079bd514582e46591813dfb0db2b1ae1a94e16b93bdeab8114ca3fb3949

SHA512
62596caf6c6ba60babb5f00e9c51c925abb86ccbbea7211958139b7f33554024754124ef530b849de8a57a8c013e47a5711ee6043ddfb439acaf426baf595e3d

Download Submit
memory/2348-685-0x0000000077030000-0x000000007714F000-memory.dmp

Filesize
1.1MB

Download
memory/2348-686-0x0000000077150000-0x000000007724A000-memory.dmp

Filesize
1000KB

Download
memory/2348-687-0x0000000002800000-0x000000000295C000-memory.dmp

Filesize
1.4MB

Download
memory/2348-688-0x0000000002800000-0x0000000002910000-memory.dmp

Filesize
1.1MB

Download
memory/2348-689-0x00000000002F0000-0x000000000031E000-memory.dmp

Filesize
184KB

Download