568f8b4046a29c42c52839e242b5077f538b528fb99beb6682b999722a0388ef

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-10-2024 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe
Size

184KB
MD5

3688e6314c6585632d372d4ba925902a
SHA1

bc6371ed5c35a661d94ac3be93e9f20d8aca2013
SHA256

568f8b4046a29c42c52839e242b5077f538b528fb99beb6682b999722a0388ef
SHA512

94e8064bbe5ff548f15dcc41c0e38082f2fefa83b4022f1a7d31d08bbc56ff089a4de7595c65c3788984212be798e67cf3497304474493e24c6adee6805de36e
SSDEEP

3072:yw99oz9swWU8nojOdT4NeKwaIZW6mDuIENExv7PsxNlPvpFD:ywvo5X8nXdkNeKvfBUNlPvpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1620	Unicorn-32241.exe
2368	Unicorn-7819.exe
1780	Unicorn-26848.exe
2872	Unicorn-37560.exe
2736	Unicorn-40252.exe
2744	Unicorn-42713.exe
2660	Unicorn-60201.exe
1084	Unicorn-9609.exe
2364	Unicorn-29475.exe
2928	Unicorn-53979.exe
2924	Unicorn-34113.exe
2768	Unicorn-37726.exe
308	Unicorn-13776.exe
2284	Unicorn-15167.exe
2060	Unicorn-9713.exe
2068	Unicorn-40440.exe
2956	Unicorn-55385.exe
1488	Unicorn-12406.exe
604	Unicorn-49148.exe
2212	Unicorn-33366.exe
904	Unicorn-12199.exe
2140	Unicorn-51862.exe
2472	Unicorn-13522.exe
2420	Unicorn-20067.exe
2312	Unicorn-3216.exe
2012	Unicorn-23082.exe
1480	Unicorn-36403.exe
1272	Unicorn-12775.exe
1940	Unicorn-2147.exe
3048	Unicorn-61483.exe
2260	Unicorn-43777.exe
2416	Unicorn-23911.exe
2688	Unicorn-35609.exe
2836	Unicorn-40247.exe
2224	Unicorn-64197.exe
2656	Unicorn-1353.exe
2244	Unicorn-14996.exe
620	Unicorn-57975.exe
1188	Unicorn-31333.exe
2828	Unicorn-15551.exe
2852	Unicorn-4690.exe
992	Unicorn-55837.exe
776	Unicorn-48224.exe
1780	Unicorn-2552.exe
1924	Unicorn-31141.exe
2960	Unicorn-11275.exe
3000	Unicorn-3107.exe
2192	Unicorn-10995.exe
1108	Unicorn-30024.exe
2736	Unicorn-2827.exe
1372	Unicorn-2827.exe
376	Unicorn-46361.exe
1284	Unicorn-43668.exe
2252	Unicorn-19718.exe
2188	Unicorn-60004.exe
2512	Unicorn-60004.exe
1828	Unicorn-17580.exe
2272	Unicorn-31992.exe
1612	Unicorn-5349.exe
2548	Unicorn-5349.exe
1496	Unicorn-59189.exe
2124	Unicorn-40714.exe
2704	Unicorn-46190.exe
2908	Unicorn-46190.exe

Loads dropped DLL 64 IoCs

pid	Process
2156	3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe
2156	3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe
1620	Unicorn-32241.exe
1620	Unicorn-32241.exe
2156	3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe
2156	3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe
2368	Unicorn-7819.exe
2368	Unicorn-7819.exe
1620	Unicorn-32241.exe
1620	Unicorn-32241.exe
1780	Unicorn-26848.exe
1780	Unicorn-26848.exe
2872	Unicorn-37560.exe
2872	Unicorn-37560.exe
2736	Unicorn-40252.exe
2368	Unicorn-7819.exe
2736	Unicorn-40252.exe
2368	Unicorn-7819.exe
2744	Unicorn-42713.exe
1780	Unicorn-26848.exe
2744	Unicorn-42713.exe
1780	Unicorn-26848.exe
2660	Unicorn-60201.exe
2660	Unicorn-60201.exe
2872	Unicorn-37560.exe
2872	Unicorn-37560.exe
2928	Unicorn-53979.exe
2928	Unicorn-53979.exe
2364	Unicorn-29475.exe
2364	Unicorn-29475.exe
1084	Unicorn-9609.exe
2744	Unicorn-42713.exe
1084	Unicorn-9609.exe
2744	Unicorn-42713.exe
2736	Unicorn-40252.exe
2736	Unicorn-40252.exe
2768	Unicorn-37726.exe
2768	Unicorn-37726.exe
2660	Unicorn-60201.exe
2660	Unicorn-60201.exe
308	Unicorn-13776.exe
308	Unicorn-13776.exe
2284	Unicorn-15167.exe
2284	Unicorn-15167.exe
2928	Unicorn-53979.exe
2928	Unicorn-53979.exe
2060	Unicorn-9713.exe
2060	Unicorn-9713.exe
2364	Unicorn-29475.exe
2364	Unicorn-29475.exe
2956	Unicorn-55385.exe
2956	Unicorn-55385.exe
1488	Unicorn-12406.exe
1488	Unicorn-12406.exe
2068	Unicorn-40440.exe
2068	Unicorn-40440.exe
1084	Unicorn-9609.exe
1084	Unicorn-9609.exe
604	Unicorn-49148.exe
604	Unicorn-49148.exe
2768	Unicorn-37726.exe
2212	Unicorn-33366.exe
2212	Unicorn-33366.exe
2768	Unicorn-37726.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1676	2640	WerFault.exe	232
1272	2792	WerFault.exe	436
1836	1992	WerFault.exe	435

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55827.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45521.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43668.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4903.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48259.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24030.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44099.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64379.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53647.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21749.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63191.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25054.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57309.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45770.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60290.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12406.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21505.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60144.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22916.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60838.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20975.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38036.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28306.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61483.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2156	3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe
1620	Unicorn-32241.exe
2368	Unicorn-7819.exe
1780	Unicorn-26848.exe
2872	Unicorn-37560.exe
2736	Unicorn-40252.exe
2744	Unicorn-42713.exe
2660	Unicorn-60201.exe
1084	Unicorn-9609.exe
2928	Unicorn-53979.exe
2924	Unicorn-34113.exe
2364	Unicorn-29475.exe
2768	Unicorn-37726.exe
308	Unicorn-13776.exe
2284	Unicorn-15167.exe
2956	Unicorn-55385.exe
2060	Unicorn-9713.exe
2068	Unicorn-40440.exe
1488	Unicorn-12406.exe
604	Unicorn-49148.exe
2212	Unicorn-33366.exe
904	Unicorn-12199.exe
2140	Unicorn-51862.exe
2472	Unicorn-13522.exe
2420	Unicorn-20067.exe
2312	Unicorn-3216.exe
2012	Unicorn-23082.exe
1480	Unicorn-36403.exe
1940	Unicorn-2147.exe
1272	Unicorn-12775.exe
3048	Unicorn-61483.exe
2416	Unicorn-23911.exe
2688	Unicorn-35609.exe
2260	Unicorn-43777.exe
2836	Unicorn-40247.exe
2224	Unicorn-64197.exe
2656	Unicorn-1353.exe
2244	Unicorn-14996.exe
620	Unicorn-57975.exe
1188	Unicorn-31333.exe
2828	Unicorn-15551.exe
2852	Unicorn-4690.exe
992	Unicorn-55837.exe
1780	Unicorn-2552.exe
776	Unicorn-48224.exe
1924	Unicorn-31141.exe
2960	Unicorn-11275.exe
3000	Unicorn-3107.exe
2736	Unicorn-2827.exe
1108	Unicorn-30024.exe
2192	Unicorn-10995.exe
1372	Unicorn-2827.exe
376	Unicorn-46361.exe
1284	Unicorn-43668.exe
2252	Unicorn-19718.exe
2188	Unicorn-60004.exe
2512	Unicorn-60004.exe
2272	Unicorn-31992.exe
1828	Unicorn-17580.exe
1612	Unicorn-5349.exe
2548	Unicorn-5349.exe
1496	Unicorn-59189.exe
2124	Unicorn-40714.exe
1988	Unicorn-46190.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 1620	2156	3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe	30
PID 2156 wrote to memory of 1620	2156	3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe	30
PID 2156 wrote to memory of 1620	2156	3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe	30
PID 2156 wrote to memory of 1620	2156	3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe	30
PID 1620 wrote to memory of 2368	1620	Unicorn-32241.exe	31
PID 1620 wrote to memory of 2368	1620	Unicorn-32241.exe	31
PID 1620 wrote to memory of 2368	1620	Unicorn-32241.exe	31
PID 1620 wrote to memory of 2368	1620	Unicorn-32241.exe	31
PID 2156 wrote to memory of 1780	2156	3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe	32
PID 2156 wrote to memory of 1780	2156	3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe	32
PID 2156 wrote to memory of 1780	2156	3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe	32
PID 2156 wrote to memory of 1780	2156	3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe	32
PID 2368 wrote to memory of 2872	2368	Unicorn-7819.exe	33
PID 2368 wrote to memory of 2872	2368	Unicorn-7819.exe	33
PID 2368 wrote to memory of 2872	2368	Unicorn-7819.exe	33
PID 2368 wrote to memory of 2872	2368	Unicorn-7819.exe	33
PID 1620 wrote to memory of 2736	1620	Unicorn-32241.exe	34
PID 1620 wrote to memory of 2736	1620	Unicorn-32241.exe	34
PID 1620 wrote to memory of 2736	1620	Unicorn-32241.exe	34
PID 1620 wrote to memory of 2736	1620	Unicorn-32241.exe	34
PID 1780 wrote to memory of 2744	1780	Unicorn-26848.exe	35
PID 1780 wrote to memory of 2744	1780	Unicorn-26848.exe	35
PID 1780 wrote to memory of 2744	1780	Unicorn-26848.exe	35
PID 1780 wrote to memory of 2744	1780	Unicorn-26848.exe	35
PID 2872 wrote to memory of 2660	2872	Unicorn-37560.exe	37
PID 2872 wrote to memory of 2660	2872	Unicorn-37560.exe	37
PID 2872 wrote to memory of 2660	2872	Unicorn-37560.exe	37
PID 2872 wrote to memory of 2660	2872	Unicorn-37560.exe	37
PID 2736 wrote to memory of 2364	2736	Unicorn-40252.exe	38
PID 2736 wrote to memory of 2364	2736	Unicorn-40252.exe	38
PID 2736 wrote to memory of 2364	2736	Unicorn-40252.exe	38
PID 2736 wrote to memory of 2364	2736	Unicorn-40252.exe	38
PID 2368 wrote to memory of 1084	2368	Unicorn-7819.exe	39
PID 2368 wrote to memory of 1084	2368	Unicorn-7819.exe	39
PID 2368 wrote to memory of 1084	2368	Unicorn-7819.exe	39
PID 2368 wrote to memory of 1084	2368	Unicorn-7819.exe	39
PID 2744 wrote to memory of 2928	2744	Unicorn-42713.exe	40
PID 2744 wrote to memory of 2928	2744	Unicorn-42713.exe	40
PID 2744 wrote to memory of 2928	2744	Unicorn-42713.exe	40
PID 2744 wrote to memory of 2928	2744	Unicorn-42713.exe	40
PID 1780 wrote to memory of 2924	1780	Unicorn-26848.exe	41
PID 1780 wrote to memory of 2924	1780	Unicorn-26848.exe	41
PID 1780 wrote to memory of 2924	1780	Unicorn-26848.exe	41
PID 1780 wrote to memory of 2924	1780	Unicorn-26848.exe	41
PID 2660 wrote to memory of 2768	2660	Unicorn-60201.exe	42
PID 2660 wrote to memory of 2768	2660	Unicorn-60201.exe	42
PID 2660 wrote to memory of 2768	2660	Unicorn-60201.exe	42
PID 2660 wrote to memory of 2768	2660	Unicorn-60201.exe	42
PID 2872 wrote to memory of 308	2872	Unicorn-37560.exe	43
PID 2872 wrote to memory of 308	2872	Unicorn-37560.exe	43
PID 2872 wrote to memory of 308	2872	Unicorn-37560.exe	43
PID 2872 wrote to memory of 308	2872	Unicorn-37560.exe	43
PID 2928 wrote to memory of 2284	2928	Unicorn-53979.exe	44
PID 2928 wrote to memory of 2284	2928	Unicorn-53979.exe	44
PID 2928 wrote to memory of 2284	2928	Unicorn-53979.exe	44
PID 2928 wrote to memory of 2284	2928	Unicorn-53979.exe	44
PID 2364 wrote to memory of 2060	2364	Unicorn-29475.exe	45
PID 2364 wrote to memory of 2060	2364	Unicorn-29475.exe	45
PID 2364 wrote to memory of 2060	2364	Unicorn-29475.exe	45
PID 2364 wrote to memory of 2060	2364	Unicorn-29475.exe	45
PID 1084 wrote to memory of 2068	1084	Unicorn-9609.exe	46
PID 1084 wrote to memory of 2068	1084	Unicorn-9609.exe	46
PID 1084 wrote to memory of 2068	1084	Unicorn-9609.exe	46
PID 1084 wrote to memory of 2068	1084	Unicorn-9609.exe	46

C:\Users\Admin\AppData\Local\Temp\3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3688e6314c6585632d372d4ba925902a_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49148.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61483.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63761.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26341.exe
        11⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16523.exe
        12⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52926.exe
        13⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-840.exe
        14⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10902.exe
        15⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
        16⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        17⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23996.exe
        18⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
        19⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        20⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17580.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63185.exe
        9⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        10⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
        11⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42781.exe
        12⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1011.exe
        13⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        14⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
        15⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        16⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
        17⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        18⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
        19⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-672.exe
        20⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        21⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57309.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        13⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        14⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        15⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
        16⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 220
        17⤵
        Program crash
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53959.exe
        15⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55106.exe
        16⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
        17⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        18⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
        19⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9464.exe
        10⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38261.exe
        11⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        12⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        13⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9766.exe
        14⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        15⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59992.exe
        16⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        17⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
        12⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
        13⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55633.exe
        15⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33345.exe
        16⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
        9⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27275.exe
        11⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31105.exe
        12⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58873.exe
        13⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        14⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59631.exe
        15⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
        16⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55407.exe
        17⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38887.exe
        18⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        19⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38566.exe
        11⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
        12⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        13⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        14⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
        16⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        9⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        10⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        11⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38915.exe
        12⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20462.exe
        13⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19257.exe
        14⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        15⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        16⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe
        17⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33366.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        9⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        11⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
        12⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
        13⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        14⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13658.exe
        15⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43482.exe
        16⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7501.exe
        17⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
        18⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        19⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50067.exe
        15⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        17⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58036.exe
        18⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57134.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        9⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        10⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exe
        11⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38453.exe
        12⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
        13⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
        14⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        15⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13907.exe
        16⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
        17⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        18⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
        13⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        14⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
        15⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14055.exe
        17⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27502.exe
        18⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59189.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        8⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5261.exe
        9⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        11⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        12⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
        13⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
        14⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
        15⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        16⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2151.exe
        17⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        18⤵
        
        PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10995.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        9⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
        10⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24286.exe
        11⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        13⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6901.exe
        15⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        16⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        17⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        18⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28446.exe
        19⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3964.exe
        16⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        17⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        18⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12017.exe
        8⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44239.exe
        9⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        10⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
        11⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
        12⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
        13⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37400.exe
        14⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
        15⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47566.exe
        16⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26552.exe
        17⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
        18⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        19⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        20⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
        18⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3144.exe
        13⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13658.exe
        14⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        15⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
        16⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
        17⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38297.exe
        8⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53647.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
        10⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
        11⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
        12⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        13⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14047.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        15⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        16⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30439.exe
        17⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64415.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23212.exe
        11⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
        12⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58157.exe
        13⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53684.exe
        14⤵
        
        PID:504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30187.exe
        15⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43682.exe
        16⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4268.exe
        17⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        18⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23105.exe
        16⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        17⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
        14⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33560.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48259.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        17⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
        8⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        9⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        10⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40290.exe
        12⤵
        
        PID:504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30280.exe
        13⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51598.exe
        14⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        15⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35698.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        17⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        18⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        11⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21749.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43186.exe
        13⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60285.exe
        14⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17481.exe
        15⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe
        16⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
        9⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16222.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        11⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
        12⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
        9⤵
        
        PID:2640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 200
        10⤵
        Program crash
        
        PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40440.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        9⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64524.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50513.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        12⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56258.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20462.exe
        14⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
        15⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 220
        16⤵
        Program crash
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26169.exe
        13⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26186.exe
        14⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31212.exe
        15⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
        16⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        17⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-258.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41634.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5401.exe
        9⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
        10⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25916.exe
        12⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-399.exe
        13⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13907.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26552.exe
        15⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        16⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1819.exe
        17⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9101.exe
        10⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7451.exe
        11⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11722.exe
        12⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        13⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35210.exe
        14⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32517.exe
        15⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
        16⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61206.exe
        17⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        18⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34509.exe
        9⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        10⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        11⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
        12⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57877.exe
        13⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
        15⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5036.exe
        16⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        17⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        8⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49750.exe
        9⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45770.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
        11⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13668.exe
        12⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
        13⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2345.exe
        14⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39699.exe
        15⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20405.exe
        16⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        17⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
        6⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27436.exe
        7⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        8⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17701.exe
        9⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6299.exe
        10⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
        11⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33788.exe
        12⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52475.exe
        13⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19703.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62649.exe
        15⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        16⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4716.exe
        9⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        10⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
        11⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe
        12⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6320.exe
        13⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
        14⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52291.exe
        15⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
        16⤵
        
        PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40252.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29475.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20067.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        8⤵
        Executes dropped EXE
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        10⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        11⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13180.exe
        12⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
        13⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
        14⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        15⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
        16⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6899.exe
        17⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        18⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34784.exe
        9⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51800.exe
        10⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        11⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
        12⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62044.exe
        13⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60285.exe
        14⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54756.exe
        15⤵
        
        PID:504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        16⤵
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15551.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35604.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19984.exe
        9⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        10⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9008.exe
        11⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48474.exe
        12⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe
        13⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe
        15⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe
        16⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23179.exe
        17⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        14⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6131.exe
        15⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        16⤵
        
        PID:736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57975.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
        7⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31882.exe
        8⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22916.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
        10⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48199.exe
        12⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46035.exe
        13⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        14⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        15⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
        16⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
        17⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
        13⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44813.exe
        14⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60179.exe
        15⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
        16⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        7⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42323.exe
        10⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        11⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        12⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34079.exe
        13⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        15⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52775.exe
        6⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53647.exe
        7⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
        8⤵
        
        PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5349.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58738.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7601.exe
        9⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2490.exe
        10⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        11⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        12⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        13⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37177.exe
        14⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1004.exe
        15⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4953.exe
        16⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50916.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29958.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        9⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
        10⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42609.exe
        11⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23420.exe
        12⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
        13⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        14⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        15⤵
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11275.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        6⤵
        Executes dropped EXE
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19631.exe
        7⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32219.exe
        7⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23695.exe
        11⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        12⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17691.exe
        13⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63775.exe
        14⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54616.exe
        15⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
        6⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
        7⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
        8⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59859.exe
        9⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10710.exe
        11⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18874.exe
        12⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25859.exe
        13⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7065.exe
        14⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36033.exe
        15⤵
        
        PID:2964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51862.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43668.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        9⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
        10⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
        11⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
        13⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        14⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
        15⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61053.exe
        16⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
        17⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
        18⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        8⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        9⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18640.exe
        10⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
        11⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54234.exe
        12⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64379.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
        14⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
        15⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31212.exe
        16⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        17⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4804.exe
        9⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13180.exe
        10⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        11⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8572.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31318.exe
        13⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40166.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28306.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4097.exe
        16⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
        11⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40773.exe
        12⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        15⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50373.exe
        11⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19782.exe
        13⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5220.exe
        14⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        15⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        16⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50205.exe
        17⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30911.exe
        18⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        15⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63191.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe
        17⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        18⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11841.exe
        10⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
        11⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        12⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41868.exe
        13⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39569.exe
        14⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12755.exe
        15⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12127.exe
        16⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62296.exe
        17⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29448.exe
        18⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1353.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14643.exe
        8⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        10⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15698.exe
        11⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
        12⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe
        13⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        14⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        15⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36630.exe
        16⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2827.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        8⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11675.exe
        9⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        10⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41494.exe
        11⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe
        12⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17068.exe
        13⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
        14⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
        15⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39782.exe
        16⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38036.exe
        17⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        18⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1109.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
        9⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        11⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe
        12⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11712.exe
        14⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26627.exe
        15⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        16⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46361.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20975.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4166.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48619.exe
        9⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9584.exe
        11⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56066.exe
        12⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22019.exe
        13⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31230.exe
        14⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59608.exe
        15⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60838.exe
        16⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23616.exe
        13⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9037.exe
        14⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe
        15⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58036.exe
        16⤵
        
        PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31141.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46190.exe
        7⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        8⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18256.exe
        9⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        10⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        11⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
        13⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        14⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe
        15⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18763.exe
        16⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58036.exe
        17⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24700.exe
        10⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
        11⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
        12⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        14⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        15⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
        16⤵
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63081.exe
        6⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52303.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
        9⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
        10⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
        11⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46720.exe
        12⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13658.exe
        13⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13121.exe
        15⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        16⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
        6⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31904.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
        8⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
        9⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
        10⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        11⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
        12⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
        13⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe
        14⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56702.exe
        15⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11772.exe
        16⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        17⤵
        
        PID:1104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34113.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe

Filesize
184KB

MD5
7a26752823f76b681edd6d56e315bf02

SHA1
255c425c254f9b28c690882a40649dfb42323e6e

SHA256
5b4874ea3bedd843d25d360384d625c431333ae3701921be49e1887caa288576

SHA512
e5934a9829a7b3fbfc71b7e56c6a392e3e4f0f6961fcf241d5fc706d764f314bdd7bfa92ac4f82998a5e0a626551c8614951df594e185802bbeb671c0b6a78d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe

Filesize
184KB

MD5
bbce23a9fc7692fd74ba71efbcbb21d1

SHA1
5fd4a4015e3551311657e605121c206ea58169d8

SHA256
dacc6b97b9d524c5ffc024504c06de7930cb3b6030c3cf4c28a8059ebf4f3f3e

SHA512
97784d00dff349082de0269fbfe8d9760609ddb3528d7f5103e81c2e68322783f18a454f78988d2785eb0fc65a0ddc3422a85c4c9de30652134dc41710c2b974

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40440.exe

Filesize
184KB

MD5
422a5e66821268ee4abdaf0f2285389e

SHA1
8069a65ac06e103d6de453cac7a19fd192ecb37e

SHA256
ca1c1cefc9533e3598738673e28e3871f8e77abac1728aea47ecc9dd1c5bfb1f

SHA512
2ec5ce8184af4c09edef86fc16acf43e1f0ef4150cb5e41ab17896132911d9d76056f48a79ee4334d31f374769146f4b30baf1382736cf62f01ee840cc423344

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe

Filesize
184KB

MD5
be7704e5f20bc3e447782e326236db52

SHA1
4345beb98a4cd0547e0be46b2a62de272d755a1e

SHA256
4f252e19bf49b5b11b21a9ef0da9aa009fbbb099c18d72c161e014155c42e5e9

SHA512
0e9f774b8f2d918adcea2778500845f00bf78b0a0021950062f3b33cf4a872cf02120894ff27e25ad11c912274c17d4fe2bb7be151be7019c6ad1be31a93da79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43482.exe

Filesize
184KB

MD5
58242e10df51fc73ef9e9165335dba70

SHA1
0ec26b7ffb2a7b6cb4148f63fd3bc27e2602ba25

SHA256
762cf2294c4383d6bf4598130bc7b3ffa303162d34bcd9415a821782bc8b867b

SHA512
0e89ed062ba2dc049e52b25610de46dcc253fc18d0ec4051ffc2ab3cfc087b0751a36e44c76908245bd0433eae3c665574c5755c46e417311fa51e72f878fde5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe

Filesize
184KB

MD5
0b13f57957dd014cf6ee4d01ce8e8108

SHA1
c826aa0115388c760ce4906a0f2a91ee3fcb5022

SHA256
ba460e7e9a5b592c48bcfe56125c7f31e7775effaa617758a86d932f72a7f132

SHA512
4e8b16a82191bdb6b8572372055947a82f53e7ac1055dcef956c0e6599da45e4a8ab58e15fc3c2e72c52c11743795815f7c3dc7901a6a62eeee6dfa61c741098

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe

Filesize
184KB

MD5
72b997fc1aa8b2f39173017e094a5587

SHA1
59bd167488be0174be0e17fdb2c556e630b02426

SHA256
d18993635e856069b6908423f08af8d83335e7f2af61ccbb342a6a7ad50f49cb

SHA512
adf54fd66df1cb2fe7383629f4e359d217f9ac09da57fa61e923b75a9e756ddf65ee192fe284d3708bb4adfdc0e1a9b4a46963173914ae564130b6adc3188acd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6131.exe

Filesize
184KB

MD5
09dc0ac0833f0e7d8542a910f5967e82

SHA1
9e82f3a2f82be06334a37dd8cc96e1e5d7ab1f5e

SHA256
be12de26558aeba9be54a8bad6bf0182d53c36b31466d39a3c966fe1515ea456

SHA512
147fac97a5db3051242852d393d5b7f9c4fda574d6380640dedf8b12c7a44708627a32dbc2f2fdc6b06119bda200548a358e2e89d01d5732b2b1055b146807a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6299.exe

Filesize
184KB

MD5
b79c57704aed68a48fde687b12b1ebba

SHA1
2e4a87e929fb77e18f96ddc2d9c40b47ed66c82f

SHA256
83f867681acb122c0ed5ed6099495d0f2c0878d15005500bc6d5f06eced8a00d

SHA512
723db32c7ade1eb34bafef5203d6831cf96c829051aad85da6c2afb266f376ceeaad50ced76533064894cc3a61d079af98f6741d8f4dbd1d02cb72cf3273ca08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe

Filesize
184KB

MD5
f2adec4353b00607cae2d144c00f7b29

SHA1
6eb081708fbffd274f5fc2dae7d16eda95fe1a07

SHA256
d385a5862ffa2f3957ea7266ba15d8f91e0524e9cb0d9b237e5275f279a1c84c

SHA512
eef48318d117f1e988b9bb2712c25163a7a00b5403fd974eece6ac3c0a0bc9ed07b590ea0968ddf48318dacb8214b7bdcbe7bf00f299f10e211483828db91fac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe

Filesize
184KB

MD5
27d0c5a7fa82054f2eaa0bb0ae8a4b4a

SHA1
fac664da73b7594f69ab76c0620da94876492ed4

SHA256
522f4eca6f9c15026eca84cbe13c22e5e290443cd5dfa2419bb9853b8f90f926

SHA512
654dad27cdef5273c1917f2546b35934117efb94818efff300436e0dc7472e182d0a009cce1462d99330a9d77f6f190bf0051d63a40503771dc3962ae0755440

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe

Filesize
184KB

MD5
961c353135dc642651a652215fc4baa7

SHA1
5665c9da2d6732c5dbff46868b3e2f3c35fa1712

SHA256
2d19af73692fc64ebf20c165a4061094590891823821eed0e127e97cbbe7ea7d

SHA512
036fa424fa186994f46f0446d4d2b6ccfc6b5f270b913ea073fa246ee3d499d965902873ea4bcc5ca24a0fe7e33e52c9e464f3240a5ce29f8f579f5575292994

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe

Filesize
184KB

MD5
c0b4bbfb11f24a6cf6ff46c71b46dc77

SHA1
2c7e557ab2e3d311ee5a64484371fff8457e9cfa

SHA256
48b18a002f43a36dcb11b5883421fe359eb3d299ab8b3673658831f8d55005f2

SHA512
75a3a175049fc9f25bcf6f0c93d86ee30315fae6c67d9d9c502834651385341a772a1706e125db8d8455b7f78a355f05c0cd74b0fa26db1f8bdc6f5a2f843efd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15167.exe

Filesize
184KB

MD5
204249e4f356e55f66e125d6a04b0129

SHA1
0bd01619b0741737253e8a7d00a7af9454793dd0

SHA256
ef9c53458e01535a8363886c6e3be131d67ad04f9d0e8fb419344116f9b90117

SHA512
800186d7e33d4c816d7eb100a29c04e3d8110c29275ccbb7708c8a75404cb815159b9633e4f7362401409d0e7894e2228056dad5bf3949487946466f8c74272e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29475.exe

Filesize
184KB

MD5
f398d3a21b73e68c99ccb852ed77d112

SHA1
b4015677bb32f8dfd988c3ccaaf5ec785f473f77

SHA256
e66b198987e1e5879135dbc6747328827caa8434a732742ae06b2654a314db8c

SHA512
152876b051492b6a8624026908b1f25d15f7496aa062adbe3a733b3e50819b03bd0dc54b2a9e144400fd2ceb6edfa20f08bc3994d29bfbabd21d9dfc3eea3860

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32241.exe

Filesize
184KB

MD5
2be5beddc6433f47ea7815595b5d03ac

SHA1
136bea303565d05354bc3effc6c55a4d2e1faad1

SHA256
bc1cdd251dee828d5c4fd002c6e678aa9419d17f73d9e57cd3d7c9c0497e7b2e

SHA512
56db05676a5b7e856a6a123c45c8801897b4037aa4ee86ace494da3f8f8892b4ec1522e16eb0a15105855ec3853ca8303f05e545c38fe65e2cb2da7d2278a5e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34113.exe

Filesize
184KB

MD5
f95d97eb7ce626a33e0e1de413679b96

SHA1
ddd21c7f1503dc813e7d74b598c049591f4d7b69

SHA256
0a9e4b85524be98f82cf111bd77b143b074e18f92e8c4b95e109320a60c13128

SHA512
598fe61019b11d1b48562e3c067890a04f117f38135b9cd413c1c8d0569c070aa5abf2fbb51b86f431714ac0f06e4cd81bcedc27e077a830468334057342f662

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe

Filesize
184KB

MD5
edddf2948e7b5303a6b5770b0541e9b9

SHA1
fb67ce983938a490516c8c1285fd18d77e702aaa

SHA256
4b43eba8e0ecb01ea72adcecf135c129c687d3c9a33b49e9130665c4ff0af132

SHA512
205f2de3393c44d5705388bff79991f0e311969f9d31cc5275ebd10f366b02a27cb255d5b8ffb2eaf5ec21a5a0eb0daa794ecb8087826eba08f1da0cbbc04f12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe

Filesize
184KB

MD5
33a72bc1dbcd6f9510ebd3a47e77c5d1

SHA1
1f801125ee984a0af120b8652184d79350189e55

SHA256
38d47bb313f875e7427698dca571b3a786a6eeeeb8a724457620bd1c5aec5619

SHA512
4a8331208312eef105b3600591aa45f8eddc373c3ae61da8e6a0e2a57ce18fe8988063ff0731beb4954d018df0a29f0ea5bfd66a8c3247c780e7dda4fee818d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40252.exe

Filesize
184KB

MD5
c9ffa434563ef1548a664a512cdd7a28

SHA1
322fd2145c7d4342364a91aa75344a4cca8be4cf

SHA256
49782c1d9b6bcdb3927fd8ee4e152b259d6c6c5cc127cf93cc9785032e82f54c

SHA512
b4dc1c2167538d78872c065fc8c1650ee6d288c2fd66fa1b42e9d17b54c8b10a7c160f9be6f37e2fc1e132b5c3c7d041314d5ab1c97d8e02737a62eb17fdeca7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe

Filesize
184KB

MD5
940cab63524d4a83659c9cd79074dc67

SHA1
b9d20d61932515dade82b07406e59c107515b8a9

SHA256
94d59b658c3a2003932cde85c9577faaead25bc2b5537462cb692eae6bb0392c

SHA512
6c113d728dd3f275126d6420a109222463d85dd6efe1af49ed25d5a28d55ae6a6c4bb9cf6a5a88545d152cd5bfbacc4febe40db1f31b79b933da9c1522cceb55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53979.exe

Filesize
184KB

MD5
760e17f3a3c6535ab086f20523c162a7

SHA1
5dfbe7a92702d68a8858a0a4182e9566d0d4f4e8

SHA256
fc1b335e1d7baa20fe21c59c2acd2a398f05d5aa77e2237e3a9cac90c24e184d

SHA512
fe2da9bd250a26989cf77ed81ece9d2a2615a27efc0df96075c8ca277f1f66cd0147e83a26774ada73641aa0f4e1b6f527b36674d9efa7cc0920fb77d37d4b65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe

Filesize
184KB

MD5
bf66bbcc2828cfa355be9e04f994fbe9

SHA1
6fffe5c8954a45c52994983d420e8865f4ede8ec

SHA256
bb39df2447298744f71cda9b6fd0153e1ff0c5e92ffb2d14f7097cb04f4a1a12

SHA512
09da1597efca54a44ded126e899f5fd57cac5749dd3c1593d3b29289adc1c0cc23f3fc33d7508d5529e6c04e1f79a6cc3c1d38c36aaf616e99ba507f9bf0199c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe

Filesize
184KB

MD5
df745ce9ba03f871ad7936b5f1e1b193

SHA1
5b344be9dd158fef20d7d9f6215be10a67cabbb9

SHA256
8b83853ebc6f40584f9af734a1b447bbf54857ae930ae00a56f7e32b4433c422

SHA512
6c9dd0a3b79324b13ca674663dcc309d2247acac29f598de37c7b985a2b64af7327eceb59990bf0fa8600e740566df488a5255e975d286ed85e18b5c4b3fe204

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe

Filesize
184KB

MD5
e6b47e00340481c719a7c34a294d39c2

SHA1
dad26ecc6cb75b48b9e2907ab509a271ede9fdf5

SHA256
a1b165d9d9551577d1e27afabb5d3108d6d3c977a49e66ba7140d80f2956c207

SHA512
e13198bbe90c0f35c048ec5e6bcb9afb910d31e3dd86e9362c3b9a9e8a639e8b88716c145fcff40690e4249341ad244586e7aa38d8af828f87d85c4bc1c73040

Download Submit