b144fe8f6603db9238282519b488882476f5e99b03219cc94fc09b5c01d3e0b3

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 02:21 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe
Size

184KB
MD5

291dfcf3641ceba496cdde53650f6f06
SHA1

db07f09c03d8036fc9e0f772e9612f15b51751cd
SHA256

b144fe8f6603db9238282519b488882476f5e99b03219cc94fc09b5c01d3e0b3
SHA512

b0747c86c55d7beb09a30d099314ca78a2e502bee571dfcc755ad1ec322c56ce5479c13cda859f77cc16eed88775b654b147d40fd79119d980b5ecd488cfb3b6
SSDEEP

3072:5AQ6oz5OhYA0rDjmdTntw8NmFlF6d/rV3DEx83v9V6lPvlFC:5Ahom50redbtw8ZRPP6lPvlF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2984	Unicorn-49851.exe
3060	Unicorn-55689.exe
2688	Unicorn-10017.exe
2740	Unicorn-23505.exe
2836	Unicorn-19421.exe
2788	Unicorn-44672.exe
2640	Unicorn-49400.exe
2868	Unicorn-57054.exe
1244	Unicorn-4283.exe
1936	Unicorn-12451.exe
1852	Unicorn-37510.exe
1892	Unicorn-4449.exe
1292	Unicorn-9088.exe
2992	Unicorn-57542.exe
1008	Unicorn-25424.exe
1188	Unicorn-49374.exe
404	Unicorn-26214.exe
624	Unicorn-9768.exe
2012	Unicorn-63608.exe
892	Unicorn-1600.exe
1368	Unicorn-26659.exe
1660	Unicorn-34273.exe
2264	Unicorn-40447.exe
1664	Unicorn-56037.exe
1140	Unicorn-31533.exe
2312	Unicorn-19089.exe
1492	Unicorn-48424.exe
876	Unicorn-48424.exe
1696	Unicorn-35664.exe
2880	Unicorn-15051.exe
2228	Unicorn-60723.exe
2052	Unicorn-61512.exe
2800	Unicorn-16396.exe
2856	Unicorn-45731.exe
2620	Unicorn-12311.exe
2928	Unicorn-19411.exe
2596	Unicorn-8590.exe
3012	Unicorn-48876.exe
3020	Unicorn-27387.exe
2004	Unicorn-36109.exe
1980	Unicorn-60059.exe
2120	Unicorn-39447.exe
2524	Unicorn-60614.exe
2128	Unicorn-48170.exe
1896	Unicorn-15409.exe
2904	Unicorn-45897.exe
1760	Unicorn-32898.exe
1128	Unicorn-33.exe
376	Unicorn-8201.exe
2720	Unicorn-33260.exe
2788	Unicorn-65378.exe
1572	Unicorn-8564.exe
1984	Unicorn-16178.exe
2288	Unicorn-13992.exe
1336	Unicorn-33858.exe
2400	Unicorn-63193.exe
944	Unicorn-17522.exe
2252	Unicorn-54278.exe
1532	Unicorn-54278.exe
1736	Unicorn-42026.exe
2184	Unicorn-13800.exe
2996	Unicorn-21968.exe
2704	Unicorn-5440.exe
2808	Unicorn-25306.exe

Loads dropped DLL 64 IoCs

pid	Process
1792	291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe
1792	291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe
1792	291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe
1792	291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe
2984	Unicorn-49851.exe
2984	Unicorn-49851.exe
3060	Unicorn-55689.exe
2688	Unicorn-10017.exe
3060	Unicorn-55689.exe
2688	Unicorn-10017.exe
2984	Unicorn-49851.exe
2984	Unicorn-49851.exe
2740	Unicorn-23505.exe
2740	Unicorn-23505.exe
2688	Unicorn-10017.exe
2688	Unicorn-10017.exe
2788	Unicorn-44672.exe
2788	Unicorn-44672.exe
2836	Unicorn-19421.exe
2836	Unicorn-19421.exe
3060	Unicorn-55689.exe
3060	Unicorn-55689.exe
2640	Unicorn-49400.exe
2640	Unicorn-49400.exe
2740	Unicorn-23505.exe
2740	Unicorn-23505.exe
1936	Unicorn-12451.exe
1936	Unicorn-12451.exe
2836	Unicorn-19421.exe
2836	Unicorn-19421.exe
1852	Unicorn-37510.exe
1852	Unicorn-37510.exe
2868	Unicorn-57054.exe
2868	Unicorn-57054.exe
1892	Unicorn-4449.exe
1892	Unicorn-4449.exe
2640	Unicorn-49400.exe
2640	Unicorn-49400.exe
1292	Unicorn-9088.exe
1292	Unicorn-9088.exe
1244	Unicorn-4283.exe
1244	Unicorn-4283.exe
2992	Unicorn-57542.exe
2992	Unicorn-57542.exe
1936	Unicorn-12451.exe
1936	Unicorn-12451.exe
1008	Unicorn-25424.exe
1008	Unicorn-25424.exe
1188	Unicorn-49374.exe
1188	Unicorn-49374.exe
404	Unicorn-26214.exe
404	Unicorn-26214.exe
2868	Unicorn-57054.exe
1852	Unicorn-37510.exe
1852	Unicorn-37510.exe
2868	Unicorn-57054.exe
624	Unicorn-9768.exe
624	Unicorn-9768.exe
2012	Unicorn-63608.exe
2012	Unicorn-63608.exe
1892	Unicorn-4449.exe
1892	Unicorn-4449.exe
1368	Unicorn-26659.exe
1368	Unicorn-26659.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2520	1128	WerFault.exe	78
2196	2720	WerFault.exe	80
2748	1340	WerFault.exe	461

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48957.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18610.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28813.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13052.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1860.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50803.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60059.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17500.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45097.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5944.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34758.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3429.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1792	291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe
2984	Unicorn-49851.exe
3060	Unicorn-55689.exe
2688	Unicorn-10017.exe
2740	Unicorn-23505.exe
2836	Unicorn-19421.exe
2788	Unicorn-44672.exe
2640	Unicorn-49400.exe
2868	Unicorn-57054.exe
1936	Unicorn-12451.exe
1244	Unicorn-4283.exe
1852	Unicorn-37510.exe
1892	Unicorn-4449.exe
1292	Unicorn-9088.exe
2992	Unicorn-57542.exe
1008	Unicorn-25424.exe
1188	Unicorn-49374.exe
404	Unicorn-26214.exe
624	Unicorn-9768.exe
2012	Unicorn-63608.exe
1368	Unicorn-26659.exe
892	Unicorn-1600.exe
1660	Unicorn-34273.exe
2264	Unicorn-40447.exe
1664	Unicorn-56037.exe
1140	Unicorn-31533.exe
876	Unicorn-48424.exe
2312	Unicorn-19089.exe
1492	Unicorn-48424.exe
1696	Unicorn-35664.exe
2880	Unicorn-15051.exe
2228	Unicorn-60723.exe
2052	Unicorn-61512.exe
2800	Unicorn-16396.exe
2856	Unicorn-45731.exe
2620	Unicorn-12311.exe
2928	Unicorn-19411.exe
2596	Unicorn-8590.exe
3012	Unicorn-48876.exe
3020	Unicorn-27387.exe
2004	Unicorn-36109.exe
1980	Unicorn-60059.exe
2524	Unicorn-60614.exe
2120	Unicorn-39447.exe
2128	Unicorn-48170.exe
1896	Unicorn-15409.exe
2904	Unicorn-45897.exe
1760	Unicorn-32898.exe
1128	Unicorn-33.exe
376	Unicorn-8201.exe
2720	Unicorn-33260.exe
2788	Unicorn-65378.exe
1572	Unicorn-8564.exe
1984	Unicorn-16178.exe
1336	Unicorn-33858.exe
2288	Unicorn-13992.exe
944	Unicorn-17522.exe
2400	Unicorn-63193.exe
1532	Unicorn-54278.exe
2252	Unicorn-54278.exe
1736	Unicorn-42026.exe
2184	Unicorn-13800.exe
2996	Unicorn-21968.exe
2704	Unicorn-5440.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 2984	1792	291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe	31
PID 1792 wrote to memory of 2984	1792	291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe	31
PID 1792 wrote to memory of 2984	1792	291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe	31
PID 1792 wrote to memory of 2984	1792	291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe	31
PID 1792 wrote to memory of 3060	1792	291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe	32
PID 1792 wrote to memory of 3060	1792	291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe	32
PID 1792 wrote to memory of 3060	1792	291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe	32
PID 1792 wrote to memory of 3060	1792	291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe	32
PID 2984 wrote to memory of 2688	2984	Unicorn-49851.exe	33
PID 2984 wrote to memory of 2688	2984	Unicorn-49851.exe	33
PID 2984 wrote to memory of 2688	2984	Unicorn-49851.exe	33
PID 2984 wrote to memory of 2688	2984	Unicorn-49851.exe	33
PID 3060 wrote to memory of 2836	3060	Unicorn-55689.exe	34
PID 3060 wrote to memory of 2836	3060	Unicorn-55689.exe	34
PID 3060 wrote to memory of 2836	3060	Unicorn-55689.exe	34
PID 3060 wrote to memory of 2836	3060	Unicorn-55689.exe	34
PID 2688 wrote to memory of 2740	2688	Unicorn-10017.exe	35
PID 2688 wrote to memory of 2740	2688	Unicorn-10017.exe	35
PID 2688 wrote to memory of 2740	2688	Unicorn-10017.exe	35
PID 2688 wrote to memory of 2740	2688	Unicorn-10017.exe	35
PID 2984 wrote to memory of 2788	2984	Unicorn-49851.exe	36
PID 2984 wrote to memory of 2788	2984	Unicorn-49851.exe	36
PID 2984 wrote to memory of 2788	2984	Unicorn-49851.exe	36
PID 2984 wrote to memory of 2788	2984	Unicorn-49851.exe	36
PID 2740 wrote to memory of 2640	2740	Unicorn-23505.exe	37
PID 2740 wrote to memory of 2640	2740	Unicorn-23505.exe	37
PID 2740 wrote to memory of 2640	2740	Unicorn-23505.exe	37
PID 2740 wrote to memory of 2640	2740	Unicorn-23505.exe	37
PID 2688 wrote to memory of 2868	2688	Unicorn-10017.exe	38
PID 2688 wrote to memory of 2868	2688	Unicorn-10017.exe	38
PID 2688 wrote to memory of 2868	2688	Unicorn-10017.exe	38
PID 2688 wrote to memory of 2868	2688	Unicorn-10017.exe	38
PID 2788 wrote to memory of 1244	2788	Unicorn-44672.exe	39
PID 2788 wrote to memory of 1244	2788	Unicorn-44672.exe	39
PID 2788 wrote to memory of 1244	2788	Unicorn-44672.exe	39
PID 2788 wrote to memory of 1244	2788	Unicorn-44672.exe	39
PID 2836 wrote to memory of 1936	2836	Unicorn-19421.exe	40
PID 2836 wrote to memory of 1936	2836	Unicorn-19421.exe	40
PID 2836 wrote to memory of 1936	2836	Unicorn-19421.exe	40
PID 2836 wrote to memory of 1936	2836	Unicorn-19421.exe	40
PID 3060 wrote to memory of 1852	3060	Unicorn-55689.exe	41
PID 3060 wrote to memory of 1852	3060	Unicorn-55689.exe	41
PID 3060 wrote to memory of 1852	3060	Unicorn-55689.exe	41
PID 3060 wrote to memory of 1852	3060	Unicorn-55689.exe	41
PID 2640 wrote to memory of 1892	2640	Unicorn-49400.exe	42
PID 2640 wrote to memory of 1892	2640	Unicorn-49400.exe	42
PID 2640 wrote to memory of 1892	2640	Unicorn-49400.exe	42
PID 2640 wrote to memory of 1892	2640	Unicorn-49400.exe	42
PID 2740 wrote to memory of 1292	2740	Unicorn-23505.exe	43
PID 2740 wrote to memory of 1292	2740	Unicorn-23505.exe	43
PID 2740 wrote to memory of 1292	2740	Unicorn-23505.exe	43
PID 2740 wrote to memory of 1292	2740	Unicorn-23505.exe	43
PID 1936 wrote to memory of 2992	1936	Unicorn-12451.exe	44
PID 1936 wrote to memory of 2992	1936	Unicorn-12451.exe	44
PID 1936 wrote to memory of 2992	1936	Unicorn-12451.exe	44
PID 1936 wrote to memory of 2992	1936	Unicorn-12451.exe	44
PID 2836 wrote to memory of 1008	2836	Unicorn-19421.exe	45
PID 2836 wrote to memory of 1008	2836	Unicorn-19421.exe	45
PID 2836 wrote to memory of 1008	2836	Unicorn-19421.exe	45
PID 2836 wrote to memory of 1008	2836	Unicorn-19421.exe	45
PID 1852 wrote to memory of 1188	1852	Unicorn-37510.exe	46
PID 1852 wrote to memory of 1188	1852	Unicorn-37510.exe	46
PID 1852 wrote to memory of 1188	1852	Unicorn-37510.exe	46
PID 1852 wrote to memory of 1188	1852	Unicorn-37510.exe	46

C:\Users\Admin\AppData\Local\Temp\291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\291dfcf3641ceba496cdde53650f6f06_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9768.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15409.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
        10⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
        11⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        12⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        13⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25080.exe
        14⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50514.exe
        15⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe
        16⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
        18⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        19⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
        20⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
        9⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21897.exe
        10⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        11⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
        12⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49331.exe
        13⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        14⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        15⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        17⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56745.exe
        18⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21925.exe
        20⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59753.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1860.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        11⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
        12⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        13⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55465.exe
        14⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
        15⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4474.exe
        16⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56358.exe
        17⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14337.exe
        18⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        19⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 240
        9⤵
        Program crash
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9763.exe
        8⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        9⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34507.exe
        10⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2112.exe
        12⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18802.exe
        13⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59850.exe
        14⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        15⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        16⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
        17⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27633.exe
        18⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45526.exe
        19⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        20⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10365.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23711.exe
        10⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        11⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
        12⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60784.exe
        13⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
        14⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe
        15⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
        18⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        19⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        20⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
        15⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20596.exe
        16⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
        17⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1395.exe
        18⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
        13⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        14⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28813.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25713.exe
        16⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6901.exe
        17⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33066.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
        11⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
        12⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31864.exe
        13⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        14⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        15⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30128.exe
        16⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
        17⤵
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51756.exe
        8⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        10⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10114.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29902.exe
        12⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        13⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
        14⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4531.exe
        15⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18598.exe
        16⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34841.exe
        17⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        18⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        10⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43393.exe
        11⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12299.exe
        12⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49897.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
        14⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe
        15⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19081.exe
        16⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12630.exe
        17⤵
        
        PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1600.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        9⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27107.exe
        10⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60249.exe
        11⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31952.exe
        12⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        13⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        15⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27425.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
        17⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14332.exe
        18⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43998.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        10⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57016.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2740.exe
        12⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17287.exe
        13⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49290.exe
        14⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52786.exe
        17⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50365.exe
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
        9⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        10⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
        11⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
        12⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        13⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59767.exe
        14⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        15⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
        16⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
        17⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        18⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8201.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29629.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14112.exe
        9⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        10⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        11⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
        12⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        13⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39129.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31662.exe
        16⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
        17⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
        18⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        16⤵
        
        PID:1340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 240
        17⤵
        Program crash
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10711.exe
        13⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
        14⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25475.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
        16⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        17⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46377.exe
        18⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        9⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10067.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        11⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57307.exe
        12⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40722.exe
        13⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
        14⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
        15⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
        16⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54981.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10002.exe
        9⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        10⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        11⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58874.exe
        12⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39840.exe
        13⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59591.exe
        14⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        15⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        16⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41686.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
        15⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        16⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        17⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
        14⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
        15⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
        16⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51945.exe
        17⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe
        18⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
        15⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27633.exe
        16⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        17⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe
        18⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61711.exe
        16⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
        8⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60934.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        10⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe
        11⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8205.exe
        12⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37972.exe
        13⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49843.exe
        14⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20041.exe
        15⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        16⤵
        
        PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19089.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        9⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60934.exe
        11⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60348.exe
        12⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20603.exe
        13⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21448.exe
        14⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        15⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55069.exe
        16⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6771.exe
        17⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22556.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19326.exe
        10⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
        11⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        9⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        10⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
        12⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32845.exe
        13⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
        14⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        15⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43611.exe
        16⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39800.exe
        8⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        10⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        11⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48480.exe
        12⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18517.exe
        13⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
        14⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61293.exe
        15⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62064.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        17⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50653.exe
        18⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        19⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48790.exe
        18⤵
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33260.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
        7⤵
        Program crash
        
        PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26659.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4693.exe
        7⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28337.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        9⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        10⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29295.exe
        11⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
        12⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8781.exe
        13⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
        14⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
        15⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21992.exe
        16⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
        17⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13420.exe
        12⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23743.exe
        13⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
        14⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21691.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13460.exe
        16⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29958.exe
        17⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe
        18⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35504.exe
        15⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29766.exe
        16⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        17⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17500.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5067.exe
        8⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        9⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        11⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
        12⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47432.exe
        13⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4941.exe
        14⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        15⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26289.exe
        16⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33035.exe
        17⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        18⤵
        
        PID:2768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17522.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        9⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55646.exe
        10⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5729.exe
        11⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51282.exe
        12⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
        13⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        14⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33696.exe
        15⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57928.exe
        16⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3429.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        18⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28996.exe
        9⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25531.exe
        10⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe
        11⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52839.exe
        12⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        13⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
        14⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        15⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61436.exe
        16⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        17⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        18⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34857.exe
        13⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23411.exe
        14⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe
        15⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
        16⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55064.exe
        17⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45731.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46349.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
        9⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
        10⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21552.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46923.exe
        12⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
        13⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
        14⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        15⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47998.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29581.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        18⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        19⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
        20⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21775.exe
        16⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51945.exe
        17⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        18⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        9⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe
        10⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        11⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe
        12⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        13⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        14⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        15⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
        16⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3310.exe
        17⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
        10⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        11⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
        12⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
        13⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24681.exe
        14⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
        16⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32833.exe
        17⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
        11⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27453.exe
        12⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7598.exe
        13⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        14⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        15⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41587.exe
        16⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55796.exe
        17⤵
        
        PID:324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12311.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24785.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        10⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        11⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe
        12⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18495.exe
        12⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50556.exe
        13⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25362.exe
        14⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8008.exe
        15⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47212.exe
        16⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe
        17⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4161.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        15⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14420.exe
        16⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        17⤵
        
        PID:336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5440.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        7⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63671.exe
        9⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
        9⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22777.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
        11⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59591.exe
        13⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        14⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
        15⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
        16⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        17⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
        13⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        14⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
        15⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        16⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        10⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44147.exe
        11⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48247.exe
        12⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53844.exe
        13⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        14⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49470.exe
        15⤵
        
        PID:1324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60059.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35057.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        9⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55646.exe
        10⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23711.exe
        11⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
        12⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exe
        13⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55600.exe
        14⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49534.exe
        15⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35702.exe
        16⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
        17⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
        18⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14999.exe
        7⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        8⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52330.exe
        9⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        10⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18610.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20084.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5112.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        14⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29424.exe
        15⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        16⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
        17⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe
        18⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        19⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3145.exe
        14⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51231.exe
        15⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
        16⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32843.exe
        17⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        18⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62823.exe
        11⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19451.exe
        12⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57017.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27425.exe
        15⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49096.exe
        16⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        17⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53842.exe
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        8⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45864.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54707.exe
        10⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        11⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64235.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46763.exe
        13⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
        14⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        15⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        16⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1156.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
        16⤵
        
        PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60614.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        7⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
        9⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2112.exe
        10⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        11⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7966.exe
        12⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
        13⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49534.exe
        14⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        15⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
        16⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
        17⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15850.exe
        6⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46484.exe
        7⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
        8⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13674.exe
        9⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21127.exe
        10⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40831.exe
        11⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        12⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        13⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27425.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44929.exe
        15⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12469.exe
        16⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65505.exe
        17⤵
        
        PID:1588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe
        8⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58570.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        10⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43446.exe
        11⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51749.exe
        12⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
        13⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
        14⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
        15⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
        16⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7788.exe
        17⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        18⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        9⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
        10⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55065.exe
        11⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64484.exe
        12⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
        13⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48501.exe
        13⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        15⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45334.exe
        16⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        17⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63012.exe
        8⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1977.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
        10⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-187.exe
        11⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe
        12⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7665.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4474.exe
        14⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        15⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        16⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        17⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36740.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        9⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25076.exe
        10⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        11⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59824.exe
        12⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52715.exe
        13⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        14⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49013.exe
        16⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
        17⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        10⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33270.exe
        11⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
        12⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
        13⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        14⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64721.exe
        15⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36351.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22309.exe
        17⤵
        
        PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25306.exe
        6⤵
        Executes dropped EXE
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57885.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33794.exe
        10⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
        11⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3498.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45289.exe
        13⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20788.exe
        14⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41919.exe
        15⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        16⤵
        
        PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32675.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21596.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15657.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        10⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
        11⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
        12⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        14⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
        15⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40352.exe
        16⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
        17⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35716.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2410.exe
        8⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28376.exe
        9⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3539.exe
        10⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        11⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59632.exe
        12⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62808.exe
        13⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45097.exe
        14⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        15⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
        16⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
        17⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        18⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
        15⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30757.exe
        16⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25926.exe
        17⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14270.exe
        18⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe
        17⤵
        
        PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe

Filesize
184KB

MD5
c4a927aa0d11fb17f6d7a44984ee06f3

SHA1
22a7a5e4023fdf3fc2e791a99b61dee58cf3c017

SHA256
b1a7ae8f9864a61a2497c1757acac6aacff5fcfbecdb7c2e3e0f2d0763a75428

SHA512
a9337361716cdfe764605a3a946787ca7c2abb8f5860079fb1ebb5d8c44851ac15c82fc019bd9f18845da8b982bf9d6faebbc60a03f295091d3e09d4099d090c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21448.exe

Filesize
184KB

MD5
d0036ee57a374e0b45d41e6bc97b88e6

SHA1
6a82e7cc32e63c9bdfc098b0ef1172da6341bacb

SHA256
87818a4379c656e57b577ec2ebe444659fe0e343aff3afc028882c0040c35963

SHA512
23aa33b7f385726f7aabe607170a70f07489a80fa7e3832c193c069eb9abfa9a9a0de6b349770bed395f886318ff4cf9e490a65875514d152e7a2df39f8e1b9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25424.exe

Filesize
184KB

MD5
e177dedb9f65031927701269d0cfb904

SHA1
56fd1ca78cb81feee0558e18aeb3dd058fe4c3e6

SHA256
6a845924d019a79c2c3eb68c4816a3bde82103549d7fa847186c47ceea6c3721

SHA512
36d5fa0e420d6a49f46ae9e203cabaf79ea96d9ef1066ff2b0b1e66b66e6ffe0a45d93f63618dbeaff98346cdbace92a07d335a980c621804a1f73413a2f502d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe

Filesize
184KB

MD5
35c87bc92d0a75f523ea974a0b35e0a7

SHA1
67b5a2302e8d9f594e028b9550ae71e44fa00b96

SHA256
cb4b31c15f7966bbe1be3bcf2e468cf1626ada557f8c34366bf15c39d55fd4e6

SHA512
9055f39b17eead628ebac34b5ac331429c8a581b0eb030da35a9c70bb585f9d872193d8324b41cbc148bfb90b7ecf6e5d6e0a32e3f1134b322234581480aae7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39887.exe

Filesize
184KB

MD5
b2e2719d5cb79773499c4afcd68eee03

SHA1
61388fb7492e06da33ca35abcca1499256ce6e9d

SHA256
68af8f1fd462d51f4db0762b53d2d84b0b05f8e5f3cec08a16fe51f43b648c0d

SHA512
8e7aa4fd85705a6b37e2b69510182eef985b646b716adbeb549aab34adc7a7b3beed33376e781876f5ac6ec34a914abb9091be247412213e79ce0d2cbbceb48d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40447.exe

Filesize
184KB

MD5
30e67d72892bc7fde37bb535f4a44798

SHA1
43e0624103ce9829d646591dc881145eed57861c

SHA256
5c740eb4bf391d954513c8c3b2183504e1b2c8050db51a18685a63810e4c26ef

SHA512
6d658e1cd9eacd149a89bccfcb9024459b0f906f8a5061ff588e2ca901f2c127a655c270553ff3d4769fb9394e9b25aeadb814f301ad4f04f1ad87bf8e99f7a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5729.exe

Filesize
184KB

MD5
a9d0f7f2fee6175bb0491f64ef01aeb4

SHA1
a239b6e70a2990124fc69b358ae0249f99e7591c

SHA256
ac68ce53ce01545334ed2a5ecadbc8c67ef221dfed7e61baf95f131b6184b2a5

SHA512
1a0aa9f62390104d0d853b4ae69e77da392ff21e2f35edfda81ad0e3652d284ad1c28c39925c64e4069eee7c93717ec55b47c4e9aeac06d55c40e8f759bfe64b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5863.exe

Filesize
184KB

MD5
ee62d15b3907f159fc7e290045aa339b

SHA1
20f96d2294a005ea7701d9de2afe804cd2bcfe8e

SHA256
91fac1673f79fbd2444ff660f485eea415640448c054dc5d6b5d5863c8227998

SHA512
fe7eecea156baf8fe109b8f427bbf06680912086f5927b1e36e4f950e75db9afc01616e42743b5ce3783de7e72936127501c016ba88d685f4a864c193c0aa864

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe

Filesize
184KB

MD5
dca535e1d4324d1648cd9f2132d80e99

SHA1
e2fab353f4152883985a37f8f786c7a42a34f81e

SHA256
47e457833bccacfec684ff11f5b1402d38b3ffe688449b25622530e4e236e3fe

SHA512
50261bcf00d7ad9faa686dc3203dd7c4ab3cf60548309041c425ac19cbdc0594a204e5a880e725a2175648426a62643ca86d179801183340d250c9539958e2fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe

Filesize
184KB

MD5
c545db3cc6e1d73424d8a87af15dae74

SHA1
df5a550d6623fee424b5dd0514bf8b520de768e7

SHA256
f12e0122fd2a9bf4423114c3319902436f0c5dffd9251ef5dde05c11182802bf

SHA512
95c0b3d1db12970a70799702f8cde3925f3bc35360f49fb2d31eda6b360b28b032c664a0ec9c7e202d5920b3a6f6a428e81f6d1465e7d9a77432df0816e2b258

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9149.exe

Filesize
184KB

MD5
91103b94a5789a87b7a9e5f17a879011

SHA1
0ab1759ceb48f9d445a23c89266b4a9a445e4ec5

SHA256
e0fe9b12e809ebed0ab12e6e4dd8ba3b54ec60820a31d97b2c9a9e7076b0848d

SHA512
65360f65f22b1d1548146153250ba8c4f093c28268a227234654f0f3ad9c142fbbf03b98af7874028ec170eff28eabe6ddb2ba8610496725fa08246b8ef58e4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe

Filesize
184KB

MD5
122936bb11181f59ad702fb84c44e16f

SHA1
8b95c55dc55ebfa9515ef90b879f41b5bdb9f397

SHA256
810fca16ff41b1ee0ce00c34e4a76b9102ed9b2d6f1acc011b2bee1f83e43a98

SHA512
d0479b99a24fb2ec9b5fb8739680475d7bc6a78edec44ae8888e5f0a7dbbbc4c4bb49091892d3c4deec68e155d665f74eab52fcb61b2c9035979516b2d5ee129

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe

Filesize
184KB

MD5
69503862c599369b6ba64684b98f7dee

SHA1
0187807b79fc1ea30587c08fb3d16f7c75ade712

SHA256
e3c9add0a6954f91b60a5ab22900e69641d0f7fb4b7a81e9f5d80ae1e6beef97

SHA512
e69183d069d8b3e83193134dfec664a97e24f49cab439025784637761008e26d71b207aa431dc2d62258094a007361c68c40ae71955af3e5174f72f532524bb2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe

Filesize
184KB

MD5
ab3822dac619356482ce2ac119540262

SHA1
0846a4472435eed9ca9b1d1e622500e248cc183a

SHA256
f6e98499c87aa89003f63e17c3d579739daed938638288f703d7e4758c28007e

SHA512
f36eadcf089028ec2b82b7aee7cb5acdf27c6bd93abb89f63f10ed1d607bddfebadfea54ff2c1b23732f5a691afa6604d29140834b28d336703b5b7724305d97

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe

Filesize
184KB

MD5
65f2727cc2725862e3be410b472b4d8a

SHA1
89778240036c4774e5297d7b2b362f52de48a57c

SHA256
40ef19c19f48b35b2745268a850ae5c44a3715ab6beb4f836ee3f361e9d8b453

SHA512
2e0bf0112d3094bc808694c66097688e4ae0990326c3153d14317821c9460fc27436c8868207434e903e0b0b71684d6a20e6055b4a9dcc8215ed588eae44980c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe

Filesize
184KB

MD5
4bced059ec7f083850ff784fa8e141a3

SHA1
8ae1701ef5a13cee6df8533f0a42657a410493ac

SHA256
9eb4231e4b06d32fdb71dd86aa218354e60c76f6e9624c313a36b612f6826d98

SHA512
86aa3232abd26a24a7aac4944c53272051fe8eeb0af1676eec6005b362f8a9f698f966e47fbc0994b8dfa9d4dfc67b02eeb96eaf11a430b77ee6bfee8fefa5a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4283.exe

Filesize
184KB

MD5
46e5a6ed829f6236c4f9e403c8c57a08

SHA1
8a91f4236af5ef203b4b7ddb830767c1c1473ff4

SHA256
828b712c96695e02a78cd460acfc9c851d3eff678e68f4fbeb26219f39b47854

SHA512
392fefe41beb48e9de746c8463c1cc1e684793916b943a3855ae244e034aa6f8bf0aef85467b3d692eb0058da40844fe2ed54b05619700fe0eef001a50e47ef4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe

Filesize
184KB

MD5
55fa12bb25150b5d91c5d44b28b14345

SHA1
63fa514304cb6b14b80941a5e654e374beaf034f

SHA256
524b78c289360c514be501984e781c79fbba489e58acffd2cad26377b6112d96

SHA512
15e7d1fd561005f676ca431e111d925e386ff1849d1461c36a7448d8149c8ae253464e86076b33baaea517d18ecb96f89022d5bb9a783e0843ea3a092566876b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe

Filesize
184KB

MD5
31ee7af14ae590bfd941daa855edcb33

SHA1
3d8a34f20b8242d6a55be8953d35975efc48806c

SHA256
b5a576809b3dbfbc6af638fb753afb3f4586c2620b7850dd2ba5619453d4b4a6

SHA512
5949381b077fd83f7913b07b7b84b5157cdc3886e5d5ca88a51a9b3baddd409e88a58c993a63a826b05c856943ee77d94f03a8af740cc423847aa55734f49399

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe

Filesize
184KB

MD5
9809f1f06a4d35aad1d1eb1991cb54ad

SHA1
3d95669684c62594592cf87c49fadea0e8fd34f2

SHA256
eb4bb952dc22ccb3fcda5297bd16b3576532f55e6adef1bab015448a47d2d9b6

SHA512
51920143b8a114189308727f42f888ce70d93f4735867829714dbe26400361b394813ea4f10251142e0e7479906f7d1b22b125778a030039f96639c0c9428638

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe

Filesize
184KB

MD5
f58ce6906d4a1c2a2601d6c579714b11

SHA1
a6748cb330aaad720840a7c6be4d59792d222b24

SHA256
d9478e7ab070d98b3195085dd7a2b722bfc53a30a7b67b2e0e27959f0d469d67

SHA512
4e56157603cc7f1067fee046c8bad82ef91d664fb68d3b8c28da3f63a3066db95a2a042a6415d39a961a2ffdee801f4ad36bd5ba3000a75a010f346bf7363f2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe

Filesize
184KB

MD5
3e2372b28acd7bb5d5e2d9220ed0380f

SHA1
4ca137c5be0280c7a5d738227acac1c5bd2df4d2

SHA256
a43b31339bd50b9e11b69617e2cf248342e004af42f394c6f291f8670482ecc6

SHA512
9a574dbe86a4a068a38ee8386fc5c226d2ddccd80886e37f4141d061649c02cee411030d6cfc95cfae9a7f00327812fe7e44f624fe7148ec14302f008cacd350

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe

Filesize
184KB

MD5
5c26b5f613394870f510cba1f95aa6b7

SHA1
894318d2e6931f3ff725e8d56d2eb01ff06f73d9

SHA256
d2fdb2bc264c910984f2c49d1d98a5c2e9281dc47daadd48d9bcf9e567b62900

SHA512
97b298676ce0e7cc4d419c7783b638f846f3a45e03697a9197c2219d3f9e06b6fec274e5a98eaf380994233b561e8137d492d623a93dbb873857dac9b8e3fd78

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57054.exe

Filesize
184KB

MD5
72798628304bf3b69866b6926babbe06

SHA1
d9ffcb6e1570f9e194278865f133630433ec49f9

SHA256
5d3b35edef128f6382a79f34e15cf71daa417357a7b4d29eda8512a496a71c2f

SHA512
c16fa684e3dcd62d140b6083ed6ce0dfac0f3d6c115f114f32f6c1c985529db76c3b8b4f60d494d479b9cc8451175019085c83149959a61b7046dabffc465cf5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe

Filesize
184KB

MD5
71dd5df347294c833fda30d3ef4cc327

SHA1
505f60cfa91dc9cbd79838d2ea2216bb3279b7a1

SHA256
48def602b15dcacf4cee2856877ced63fcc07fa6622fc0bf2bcc70b3536543de

SHA512
3b06e3fcf5dfde6de21d32fe71f087dbc690dc3496607d3adb51f571609b3bbfc4328ae392907f5eed770897a6479385937b6db32f0a7c85cb13b50e152518a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe

Filesize
184KB

MD5
6ae5e405ed164c9acb836974e0616d87

SHA1
10d111ccb11cf1467b117c17fc42b8eeee8a2b19

SHA256
83a4c161bff2a0b1d00c399528ce1332dd51e1a020cd3fa3896d535a828896d7

SHA512
fffdbf58f20f29d079db69eab2071662e15e298f3bf8115fb986ec95690ea9dc2973e9b1db0dbcba8ea5293b41b1a9e51122777436b494e0a13d648d4c9cfb2c

Download Submit
memory/2172-2366-0x0000000002880000-0x00000000029DC000-memory.dmp

Filesize
1.4MB

Download