460c635019488ad447629f49926c66218d633110d8f2580cad8252b817a7354b

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3adf16d963630195a130405ad0150255_JaffaCakes118.exe
Size

184KB
MD5

3adf16d963630195a130405ad0150255
SHA1

03934b61ff20a8383cb850e8fcaa329ff1d935d8
SHA256

460c635019488ad447629f49926c66218d633110d8f2580cad8252b817a7354b
SHA512

2dba8c5042059d647353ea5cbf8564e50e67f10a6a2c3112968b662145b2100727c104bcdb701cf7b5698a30d6d3c76bef04b44ad1463cee2234cae799ae444e
SSDEEP

3072:1EF2omeL2KfQpOjyogcHvJ0LsOmM12fP40xvbFeMNlvvpFj:1E0o4gQp1oxHvJOcnVNlvvpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1288	Unicorn-31894.exe
3012	Unicorn-22787.exe
2672	Unicorn-60290.exe
2544	Unicorn-13331.exe
2212	Unicorn-5163.exe
2908	Unicorn-50835.exe
2380	Unicorn-1245.exe
3008	Unicorn-1245.exe
1000	Unicorn-13367.exe
1840	Unicorn-26688.exe
1684	Unicorn-46554.exe
552	Unicorn-24222.exe
1908	Unicorn-24776.exe
556	Unicorn-7885.exe
2860	Unicorn-21098.exe
2168	Unicorn-17568.exe
1344	Unicorn-45602.exe
2148	Unicorn-45602.exe
1132	Unicorn-42264.exe
1704	Unicorn-25457.exe
864	Unicorn-22119.exe
1508	Unicorn-54237.exe
1772	Unicorn-47029.exe
2512	Unicorn-60028.exe
2476	Unicorn-30693.exe
1800	Unicorn-34969.exe
2472	Unicorn-35523.exe
1996	Unicorn-43691.exe
352	Unicorn-17865.exe
2884	Unicorn-6167.exe
1556	Unicorn-34393.exe
2156	Unicorn-10511.exe
2764	Unicorn-6982.exe
2428	Unicorn-56396.exe
2668	Unicorn-60480.exe
2680	Unicorn-3858.exe
2540	Unicorn-40252.exe
1988	Unicorn-28554.exe
2508	Unicorn-3303.exe
1564	Unicorn-39676.exe
2352	Unicorn-10573.exe
1396	Unicorn-52675.exe
2828	Unicorn-26547.exe
2796	Unicorn-46967.exe
2436	Unicorn-51798.exe
2028	Unicorn-35675.exe
1228	Unicorn-56842.exe
1640	Unicorn-11170.exe
1760	Unicorn-36613.exe
2888	Unicorn-56479.exe
2264	Unicorn-19915.exe
2892	Unicorn-8108.exe
1752	Unicorn-44118.exe
1524	Unicorn-61201.exe
1376	Unicorn-35950.exe
988	Unicorn-44865.exe
2208	Unicorn-64730.exe
1928	Unicorn-28742.exe
2076	Unicorn-17044.exe
2460	Unicorn-45270.exe
2736	Unicorn-46017.exe
2228	Unicorn-57138.exe
2804	Unicorn-61969.exe
3052	Unicorn-45078.exe

Loads dropped DLL 64 IoCs

pid	Process
3044	3adf16d963630195a130405ad0150255_JaffaCakes118.exe
3044	3adf16d963630195a130405ad0150255_JaffaCakes118.exe
1288	Unicorn-31894.exe
1288	Unicorn-31894.exe
3044	3adf16d963630195a130405ad0150255_JaffaCakes118.exe
3044	3adf16d963630195a130405ad0150255_JaffaCakes118.exe
3012	Unicorn-22787.exe
3012	Unicorn-22787.exe
2672	Unicorn-60290.exe
1288	Unicorn-31894.exe
2672	Unicorn-60290.exe
1288	Unicorn-31894.exe
2212	Unicorn-5163.exe
2544	Unicorn-13331.exe
2212	Unicorn-5163.exe
2544	Unicorn-13331.exe
3012	Unicorn-22787.exe
3012	Unicorn-22787.exe
2672	Unicorn-60290.exe
2672	Unicorn-60290.exe
2908	Unicorn-50835.exe
2908	Unicorn-50835.exe
3008	Unicorn-1245.exe
3008	Unicorn-1245.exe
2544	Unicorn-13331.exe
2544	Unicorn-13331.exe
1840	Unicorn-26688.exe
1840	Unicorn-26688.exe
1684	Unicorn-46554.exe
1684	Unicorn-46554.exe
2908	Unicorn-50835.exe
2908	Unicorn-50835.exe
1000	Unicorn-13367.exe
2380	Unicorn-1245.exe
1000	Unicorn-13367.exe
2380	Unicorn-1245.exe
2212	Unicorn-5163.exe
2212	Unicorn-5163.exe
552	Unicorn-24222.exe
552	Unicorn-24222.exe
3008	Unicorn-1245.exe
3008	Unicorn-1245.exe
1908	Unicorn-24776.exe
1908	Unicorn-24776.exe
2860	Unicorn-21098.exe
2860	Unicorn-21098.exe
1684	Unicorn-46554.exe
1684	Unicorn-46554.exe
556	Unicorn-7885.exe
2148	Unicorn-45602.exe
556	Unicorn-7885.exe
2148	Unicorn-45602.exe
1840	Unicorn-26688.exe
1840	Unicorn-26688.exe
2380	Unicorn-1245.exe
2380	Unicorn-1245.exe
1132	Unicorn-42264.exe
1132	Unicorn-42264.exe
1000	Unicorn-13367.exe
1000	Unicorn-13367.exe
2168	Unicorn-17568.exe
2168	Unicorn-17568.exe
1704	Unicorn-25457.exe
1704	Unicorn-25457.exe

Program crash 24 IoCs

pid	pid_target	Process	procid_target
2516	2524	WerFault.exe	143
1912	2172	WerFault.exe	181
2292	1160	WerFault.exe	162
1344	1708	WerFault.exe	249
2720	2508	WerFault.exe	287
740	2460	WerFault.exe	325
2344	1904	WerFault.exe	327
1492	1552	WerFault.exe	326
1760	1004	WerFault.exe	347
1856	1688	WerFault.exe	371
2260	2844	WerFault.exe	375
1600	2064	WerFault.exe	388
2640	2072	WerFault.exe	398
2788	1048	WerFault.exe	423
1692	664	WerFault.exe	450
552	2812	WerFault.exe	453
2748	1860	WerFault.exe	448
2772	900	WerFault.exe	495
1680	3000	WerFault.exe	491
940	1776	WerFault.exe	465
2808	2976	WerFault.exe	498
3048	2520	WerFault.exe	542
2232	736	WerFault.exe	541
1592	2592	WerFault.exe	509

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13235.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18717.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16147.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35384.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51252.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41424.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53672.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25939.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60686.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9643.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50256.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42595.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30585.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60989.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62501.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25937.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51242.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36006.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25457.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40270.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45602.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12613.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3044	3adf16d963630195a130405ad0150255_JaffaCakes118.exe
1288	Unicorn-31894.exe
3012	Unicorn-22787.exe
2672	Unicorn-60290.exe
2544	Unicorn-13331.exe
2212	Unicorn-5163.exe
2908	Unicorn-50835.exe
3008	Unicorn-1245.exe
1000	Unicorn-13367.exe
1840	Unicorn-26688.exe
2380	Unicorn-1245.exe
1684	Unicorn-46554.exe
552	Unicorn-24222.exe
1908	Unicorn-24776.exe
556	Unicorn-7885.exe
2860	Unicorn-21098.exe
2148	Unicorn-45602.exe
2168	Unicorn-17568.exe
1344	Unicorn-45602.exe
1132	Unicorn-42264.exe
1704	Unicorn-25457.exe
864	Unicorn-22119.exe
1508	Unicorn-54237.exe
1772	Unicorn-47029.exe
2512	Unicorn-60028.exe
2476	Unicorn-30693.exe
1800	Unicorn-34969.exe
2472	Unicorn-35523.exe
352	Unicorn-17865.exe
1996	Unicorn-43691.exe
2884	Unicorn-6167.exe
1556	Unicorn-34393.exe
2156	Unicorn-10511.exe
2764	Unicorn-6982.exe
2668	Unicorn-60480.exe
2428	Unicorn-56396.exe
2680	Unicorn-3858.exe
2540	Unicorn-40252.exe
1988	Unicorn-28554.exe
2508	Unicorn-3303.exe
1564	Unicorn-39676.exe
2352	Unicorn-10573.exe
1396	Unicorn-52675.exe
2828	Unicorn-26547.exe
2796	Unicorn-46967.exe
2436	Unicorn-51798.exe
2028	Unicorn-35675.exe
1228	Unicorn-56842.exe
1640	Unicorn-11170.exe
2888	Unicorn-56479.exe
1760	Unicorn-36613.exe
2264	Unicorn-19915.exe
2892	Unicorn-8108.exe
1524	Unicorn-61201.exe
1752	Unicorn-44118.exe
1376	Unicorn-35950.exe
2208	Unicorn-64730.exe
988	Unicorn-44865.exe
2076	Unicorn-17044.exe
1928	Unicorn-28742.exe
2460	Unicorn-45270.exe
2736	Unicorn-46017.exe
2228	Unicorn-57138.exe
3052	Unicorn-45078.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 1288	3044	3adf16d963630195a130405ad0150255_JaffaCakes118.exe	31
PID 3044 wrote to memory of 1288	3044	3adf16d963630195a130405ad0150255_JaffaCakes118.exe	31
PID 3044 wrote to memory of 1288	3044	3adf16d963630195a130405ad0150255_JaffaCakes118.exe	31
PID 3044 wrote to memory of 1288	3044	3adf16d963630195a130405ad0150255_JaffaCakes118.exe	31
PID 1288 wrote to memory of 3012	1288	Unicorn-31894.exe	32
PID 1288 wrote to memory of 3012	1288	Unicorn-31894.exe	32
PID 1288 wrote to memory of 3012	1288	Unicorn-31894.exe	32
PID 1288 wrote to memory of 3012	1288	Unicorn-31894.exe	32
PID 3044 wrote to memory of 2672	3044	3adf16d963630195a130405ad0150255_JaffaCakes118.exe	33
PID 3044 wrote to memory of 2672	3044	3adf16d963630195a130405ad0150255_JaffaCakes118.exe	33
PID 3044 wrote to memory of 2672	3044	3adf16d963630195a130405ad0150255_JaffaCakes118.exe	33
PID 3044 wrote to memory of 2672	3044	3adf16d963630195a130405ad0150255_JaffaCakes118.exe	33
PID 3012 wrote to memory of 2544	3012	Unicorn-22787.exe	34
PID 3012 wrote to memory of 2544	3012	Unicorn-22787.exe	34
PID 3012 wrote to memory of 2544	3012	Unicorn-22787.exe	34
PID 3012 wrote to memory of 2544	3012	Unicorn-22787.exe	34
PID 2672 wrote to memory of 2212	2672	Unicorn-60290.exe	35
PID 2672 wrote to memory of 2212	2672	Unicorn-60290.exe	35
PID 2672 wrote to memory of 2212	2672	Unicorn-60290.exe	35
PID 2672 wrote to memory of 2212	2672	Unicorn-60290.exe	35
PID 1288 wrote to memory of 2908	1288	Unicorn-31894.exe	36
PID 1288 wrote to memory of 2908	1288	Unicorn-31894.exe	36
PID 1288 wrote to memory of 2908	1288	Unicorn-31894.exe	36
PID 1288 wrote to memory of 2908	1288	Unicorn-31894.exe	36
PID 2212 wrote to memory of 2380	2212	Unicorn-5163.exe	38
PID 2212 wrote to memory of 2380	2212	Unicorn-5163.exe	38
PID 2212 wrote to memory of 2380	2212	Unicorn-5163.exe	38
PID 2212 wrote to memory of 2380	2212	Unicorn-5163.exe	38
PID 2544 wrote to memory of 3008	2544	Unicorn-13331.exe	37
PID 2544 wrote to memory of 3008	2544	Unicorn-13331.exe	37
PID 2544 wrote to memory of 3008	2544	Unicorn-13331.exe	37
PID 2544 wrote to memory of 3008	2544	Unicorn-13331.exe	37
PID 3012 wrote to memory of 1000	3012	Unicorn-22787.exe	39
PID 3012 wrote to memory of 1000	3012	Unicorn-22787.exe	39
PID 3012 wrote to memory of 1000	3012	Unicorn-22787.exe	39
PID 3012 wrote to memory of 1000	3012	Unicorn-22787.exe	39
PID 2672 wrote to memory of 1840	2672	Unicorn-60290.exe	40
PID 2672 wrote to memory of 1840	2672	Unicorn-60290.exe	40
PID 2672 wrote to memory of 1840	2672	Unicorn-60290.exe	40
PID 2672 wrote to memory of 1840	2672	Unicorn-60290.exe	40
PID 2908 wrote to memory of 1684	2908	Unicorn-50835.exe	41
PID 2908 wrote to memory of 1684	2908	Unicorn-50835.exe	41
PID 2908 wrote to memory of 1684	2908	Unicorn-50835.exe	41
PID 2908 wrote to memory of 1684	2908	Unicorn-50835.exe	41
PID 3008 wrote to memory of 552	3008	Unicorn-1245.exe	42
PID 3008 wrote to memory of 552	3008	Unicorn-1245.exe	42
PID 3008 wrote to memory of 552	3008	Unicorn-1245.exe	42
PID 3008 wrote to memory of 552	3008	Unicorn-1245.exe	42
PID 2544 wrote to memory of 1908	2544	Unicorn-13331.exe	43
PID 2544 wrote to memory of 1908	2544	Unicorn-13331.exe	43
PID 2544 wrote to memory of 1908	2544	Unicorn-13331.exe	43
PID 2544 wrote to memory of 1908	2544	Unicorn-13331.exe	43
PID 1840 wrote to memory of 556	1840	Unicorn-26688.exe	44
PID 1840 wrote to memory of 556	1840	Unicorn-26688.exe	44
PID 1840 wrote to memory of 556	1840	Unicorn-26688.exe	44
PID 1840 wrote to memory of 556	1840	Unicorn-26688.exe	44
PID 1684 wrote to memory of 2860	1684	Unicorn-46554.exe	45
PID 1684 wrote to memory of 2860	1684	Unicorn-46554.exe	45
PID 1684 wrote to memory of 2860	1684	Unicorn-46554.exe	45
PID 1684 wrote to memory of 2860	1684	Unicorn-46554.exe	45
PID 2908 wrote to memory of 2168	2908	Unicorn-50835.exe	46
PID 2908 wrote to memory of 2168	2908	Unicorn-50835.exe	46
PID 2908 wrote to memory of 2168	2908	Unicorn-50835.exe	46
PID 2908 wrote to memory of 2168	2908	Unicorn-50835.exe	46

C:\Users\Admin\AppData\Local\Temp\3adf16d963630195a130405ad0150255_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3adf16d963630195a130405ad0150255_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10511.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19915.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
        10⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58005.exe
        11⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
        12⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        13⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
        14⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        15⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
        16⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45975.exe
        17⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
        18⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
        19⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
        20⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61980.exe
        10⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42494.exe
        11⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29360.exe
        12⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38094.exe
        13⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2510.exe
        14⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27302.exe
        15⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
        16⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7827.exe
        17⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
        18⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30288.exe
        19⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        20⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7533.exe
        13⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64578.exe
        14⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34880.exe
        10⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
        11⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59173.exe
        12⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31443.exe
        13⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18388.exe
        14⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51351.exe
        15⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        16⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
        17⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        18⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47556.exe
        19⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
        9⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
        11⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
        12⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
        13⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        14⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9643.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41517.exe
        16⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
        17⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
        18⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        19⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38892.exe
        20⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
        14⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33432.exe
        15⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        16⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        18⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        19⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        20⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51150.exe
        11⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        12⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        13⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        14⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        15⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        16⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56245.exe
        17⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe
        18⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42595.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        9⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
        10⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
        11⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
        12⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
        13⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52435.exe
        14⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18196.exe
        15⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1382.exe
        16⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22217.exe
        17⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-225.exe
        18⤵
        
        PID:900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        19⤵
        Program crash
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56396.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
        9⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
        10⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40407.exe
        11⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2105.exe
        12⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        13⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        14⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
        15⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
        16⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
        17⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6743.exe
        18⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44655.exe
        19⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21936.exe
        20⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58461.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        8⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62748.exe
        9⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21815.exe
        10⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
        11⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60136.exe
        12⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
        13⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe
        14⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        15⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
        16⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35384.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54237.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        9⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12971.exe
        10⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
        11⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34394.exe
        12⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21042.exe
        13⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
        14⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        15⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        16⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
        17⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13235.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6139.exe
        19⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22711.exe
        8⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65296.exe
        9⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
        10⤵
        Program crash
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44865.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9136.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        9⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31602.exe
        11⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
        12⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        13⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        14⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61911.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45975.exe
        16⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48383.exe
        17⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49058.exe
        18⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
        19⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61414.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39069.exe
        8⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        9⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
        10⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
        11⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        12⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
        13⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe
        14⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
        16⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6826.exe
        17⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        18⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55275.exe
        7⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        9⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38587.exe
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
        11⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5201.exe
        12⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        13⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
        14⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15352.exe
        15⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        16⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        17⤵
        
        PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59276.exe
        7⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57621.exe
        8⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20040.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe
        10⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
        11⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51309.exe
        12⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51252.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56836.exe
        15⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3759.exe
        16⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        17⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        18⤵
        
        PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
        8⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 200
        9⤵
        Program crash
        
        PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40252.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        10⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
        11⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
        12⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
        13⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30256.exe
        14⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7827.exe
        16⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47869.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27216.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        20⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56936.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
        10⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8270.exe
        11⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
        12⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60686.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        14⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10401.exe
        15⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
        16⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16370.exe
        17⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
        18⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
        19⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
        18⤵
        Program crash
        
        PID:2808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        17⤵
        Program crash
        
        PID:552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 216
        16⤵
        Program crash
        
        PID:2788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        15⤵
        Program crash
        
        PID:2260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
        14⤵
        Program crash
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61969.exe
        7⤵
        Executes dropped EXE
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40517.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        9⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        10⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6127.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
        12⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5668.exe
        13⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        14⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30407.exe
        15⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        16⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        17⤵
        
        PID:2520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        18⤵
        Program crash
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61970.exe
        11⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28123.exe
        12⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59119.exe
        13⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        14⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
        15⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5186.exe
        16⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25898.exe
        17⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62501.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44118.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        9⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        10⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40407.exe
        11⤵
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60028.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3303.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33693.exe
        9⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
        10⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
        11⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62515.exe
        12⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27700.exe
        13⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13369.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        15⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        16⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
        17⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
        18⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        19⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
        10⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53537.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15681.exe
        9⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
        10⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        11⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        13⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63027.exe
        14⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18491.exe
        15⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7573.exe
        16⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1450.exe
        17⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13220.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33693.exe
        8⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15873.exe
        9⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12271.exe
        10⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
        11⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37189.exe
        12⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        13⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
        14⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        15⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53126.exe
        16⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        17⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        18⤵
        
        PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
        7⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33693.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53096.exe
        9⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
        10⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        11⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        12⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51351.exe
        13⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        14⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
        15⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44185.exe
        16⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
        17⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48040.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        15⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        16⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
        6⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
        7⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        8⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
        9⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13672.exe
        10⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        13⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
        14⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32348.exe
        15⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
        16⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37146.exe
        17⤵
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        6⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27834.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
        8⤵
        
        PID:2172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 200
        9⤵
        Program crash
        
        PID:1912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5163.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51108.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33693.exe
        9⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
        11⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18061.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        13⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
        14⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31149.exe
        15⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3043.exe
        16⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61074.exe
        17⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46017.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26023.exe
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        9⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        10⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32967.exe
        11⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
        12⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
        13⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
        14⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17662.exe
        16⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
        18⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
        19⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        13⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21611.exe
        14⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe
        15⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
        16⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38150.exe
        17⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        18⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24508.exe
        9⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        10⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23891.exe
        11⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60686.exe
        12⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53743.exe
        14⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42659.exe
        15⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61595.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        17⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
        18⤵
        
        PID:1312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 236
        16⤵
        Program crash
        
        PID:1692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        15⤵
        Program crash
        
        PID:2640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
        14⤵
        Program crash
        
        PID:1856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        13⤵
        Program crash
        
        PID:2344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
        12⤵
        Program crash
        
        PID:2720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
        11⤵
        Program crash
        
        PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56479.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41653.exe
        7⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53345.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48353.exe
        9⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe
        10⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41628.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
        12⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8405.exe
        13⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1667.exe
        14⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
        15⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20272.exe
        16⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22789.exe
        17⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11595.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
        19⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17895.exe
        6⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
        7⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8280.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
        10⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25238.exe
        11⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
        12⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        13⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        14⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63645.exe
        15⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40651.exe
        16⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
        17⤵
        
        PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42264.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17865.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32333.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        10⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24467.exe
        11⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55061.exe
        12⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20883.exe
        13⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        14⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
        15⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50256.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49250.exe
        17⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        18⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38357.exe
        14⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
        15⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        16⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
        6⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24181.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
        9⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
        10⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
        11⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49218.exe
        12⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30308.exe
        13⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61351.exe
        14⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32514.exe
        15⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8985.exe
        16⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65049.exe
        17⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59643.exe
        12⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28830.exe
        15⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25937.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45078.exe
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30408.exe
        7⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47180.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        10⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16255.exe
        12⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6986.exe
        13⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        14⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22706.exe
        15⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9675.exe
        16⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40187.exe
        17⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60703.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42318.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
        9⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        10⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
        11⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29047.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39250.exe
        14⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
        15⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
        16⤵
        
        PID:1700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30693.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45078.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5135.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33392.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
        10⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42837.exe
        11⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        12⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64910.exe
        13⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
        14⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64314.exe
        15⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51564.exe
        16⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3095.exe
        17⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        18⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 376
        17⤵
        Program crash
        
        PID:1592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 380
        16⤵
        Program crash
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        8⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9022.exe
        9⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25074.exe
        10⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        11⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        12⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18679.exe
        13⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
        14⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
        15⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
        16⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
        17⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
        6⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25556.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        9⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30585.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
        11⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        12⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        13⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21661.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61829.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
        8⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40407.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40253.exe
        10⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60686.exe
        11⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
        12⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
        13⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58995.exe
        14⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
        15⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44434.exe
        16⤵
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
        17⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        18⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 216
        17⤵
        Program crash
        
        PID:2232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
        16⤵
        Program crash
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 216
        15⤵
        Program crash
        
        PID:2748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
        14⤵
        Program crash
        
        PID:1600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 236
        13⤵
        Program crash
        
        PID:1760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 216
        12⤵
        Program crash
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30500.exe
        12⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54527.exe
        13⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37942.exe
        14⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        15⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
        16⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26023.exe
        7⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49344.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
        9⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
        10⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18061.exe
        11⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22280.exe
        12⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42441.exe
        14⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
        15⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31025.exe
        16⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38511.exe
        17⤵
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15997.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53537.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44160.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
        9⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        10⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50785.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28772.exe
        12⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
        13⤵
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        5⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        6⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        7⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe
        10⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57030.exe
        11⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        12⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49659.exe
        13⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
        14⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40241.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31165.exe
        16⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
        17⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
        18⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29037.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50154.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58901.exe
        10⤵
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48919.exe
        8⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
        9⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        10⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
        11⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59135.exe
        12⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41891.exe
        13⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
        14⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29982.exe
        15⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46824.exe
        16⤵
        
        PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19915.exe

Filesize
184KB

MD5
7a1b90bae270925986bd79f7694369af

SHA1
1560b1492fa2e1edbd34ab3bbc6926a49a5fd308

SHA256
319092850b56a41e2e4f46e6dc39b790583e6bb873d067ba0fe7b38fb7b616f6

SHA512
d6ebc2a0211f84da66b3da53a33dcdaccd28af93cee10147c37ab7c18494c86550d13c2066305d75d006bfea43c4f686f73c8c341aebb24586df00abbe538504

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21098.exe

Filesize
184KB

MD5
45b75bc2d1fb4cfa0e76112b41b65a1e

SHA1
eba0b7cb30bb3455862f5101c43d59125299834d

SHA256
58350a63362d64cc4c6ee390d0c9f4858d2db59ae27d6f265f8ed3bc118ec3b6

SHA512
5fe59a79b8cdea5c47d37afc1ca5e8403fe3c823346c85e96af7f905217cc773982b096494e44e74bb9d89968c384248c2b7523e583dcea255ec636eca9a2b22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2510.exe

Filesize
184KB

MD5
3340302f2229d1333c648127a6b1c766

SHA1
222a532bf77f3505112a83e4373372ae5d63c6e2

SHA256
3c71dde1665316c5dd9876027830a504556026f440da67feb4231b0512161351

SHA512
ad2a61c6f4417606ce5491304fec9260c9290b9451b1c2699538aed046af302701272eaa9fd864253d728c8a4ac993ebdc32d48970f50cedede66616159b8387

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe

Filesize
184KB

MD5
ad10b7baaf03455892029bd741fd1d55

SHA1
7b54e680f144c1eca61bf8d80119d7fa48906a97

SHA256
dc638cb2ccca4c3b0d41c8637dfdab078777ebcc655057c982e3e43ad8e40142

SHA512
b064cb78b4b244d8455fe529da834444c43357cdc4f8647a78b5086e8011b26ba9b55e3ce7c8d27e9763a3d058ce6171edaacd1010152a8c8fd24cf1aa77b52b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe

Filesize
184KB

MD5
58054145f0492b8d1490626fb749ddf6

SHA1
dcc9f7efa665acaf7742071ba72cdab55f10c4e8

SHA256
7e4af32fd15b205416d32f997531d4081a7856d69bed15adbacd58368d981f63

SHA512
5f2faa97a666bab42a743a4f100277b168adaddb000cbfad732a72e8608afe22dc5a8f351a3c166792fd743316bd2eebaf37c9a9d56e8596b1c2518a60c9d31d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe

Filesize
184KB

MD5
91899df3057ea927cfa68c5e98387c0d

SHA1
1591c21d107b55fea8c3255bc1c7d383727a97c0

SHA256
3ad4e9070b2c8adc51edc773bb820db706ea8e9e7dae922d8010e949d797efc3

SHA512
f84b5b6d4c3861c1f0c2835e1350c85df9c024b990cb3f0862c29c6f3913dd63b619a1362bb97e5969670bb4f717abbc8d312dca53a095c37a3d126a849fc274

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46554.exe

Filesize
184KB

MD5
e301f78bdb370e923799be563d0df6e7

SHA1
8e11218f73e89c84eeff090bbacc74bca757a28c

SHA256
ba3651ea891af9cba7075bcdb898155217ec9acb459cdb859693b04ac8e5afd5

SHA512
ef635ca1136af3d999483b47345931a766359957b93998c5e497fb10f7b46f5f00e30b469d0fbb149a14d2d9d9552ffea321c28f72e3e50b1a451cb6975bce2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5902.exe

Filesize
184KB

MD5
a200766780aa5c209ae35c76025820f7

SHA1
a50c296579ab13ff7e4c67ed1b576cd3e6d156d5

SHA256
44ff4932eaebb268061028bb6489b7e2f48ffae5d005b6f75499a807d5179681

SHA512
75fcf0ea246b37f0f495e20739b6788b3278468f1f28abb72a9ce9741eb0ca40b044afe1f3889e0b115cfef2523fb7d6c7ea82bcaeceac71acf02740dc986ef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe

Filesize
184KB

MD5
618928cebc3bdfa044f5e6d91ba133e8

SHA1
8aceab303b20d18f60bba00763a645574666034d

SHA256
6978378278802179572423e28a2baf3a74e769a1d79ec1624e29383c12982e90

SHA512
883633b4ea8765e12f7754574acb1eef63b942bfecd5d2323cf6e523618caa06c5186d9613acdfd147afc0760f1d9f112a198b47fd3427abb7d561ebf55197e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6139.exe

Filesize
184KB

MD5
4a21a8ca036cac85daed4abd44bedf0c

SHA1
507cced4c131edc5281e2964454ae16841ff024e

SHA256
62c16b68c83e0fc1db254e5ab06fde532effc66836996b028e10d028f8d04136

SHA512
50f3a993cf06bd104340a56e14cffe0012feb8f0dfe5a19f954ef6ba06f79a21e9550b898edac2f4d91e3bdd5bf743cad6e01d97b63b18987e9b605adf58b06a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1245.exe

Filesize
184KB

MD5
6532e597ad8eeb0fd7fe5441a708fe39

SHA1
0ffbaa6ad7b2df307ddb5707220607e65a1dce03

SHA256
bf9b9cb8e3cbcc5f35f086f4e479fdecb6c928a1bcb6aaf7087d259167fe61bc

SHA512
54de1cc9486d3b5a404fcfea64696675e43bd3e2e8f240321358d784000e231c502ad8e841cc5197e2fda1670c2de8e7a602953901d280ce00e3a826050278f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13331.exe

Filesize
184KB

MD5
c70df70b139e8c93b931f27d915dc499

SHA1
399de6a1453849e9fe09d21556cdef40177cd72f

SHA256
739c410eb85de376be524cfa98517a96cb2995307f2065ddddc851f0035d555d

SHA512
76add7980fff05e78ce1b958211afa95fb962c0cfb23a66120035df803d57efa15bc658e9920ae675d236129f5cafa1a198a0072ee6c65003ff04f81c533ad78

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe

Filesize
184KB

MD5
ea950a47d998b34df5ce90889e7118d7

SHA1
8faa6edb3a981d06d0afad9aa8af4c1eb5b2e759

SHA256
8d510edd4805349af050dff26063b827d2a808a13c654b1c2d32bdbcbee10017

SHA512
2ea86f4f32214bbcb148ffbb5d3d7c08cbe5e89f1195b6ede1b45f6e04b97f01bb5f158ae02277a9d51bc8f934aa9f889ce290563bf14dd0d3ddcbcf096fe269

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17568.exe

Filesize
184KB

MD5
a11082351092005535c9536a199b91ee

SHA1
470b41582622185d28604c9032379be99cf4a882

SHA256
0c36f4daf9285296c28b0996506a12681894dadb246ad85d454007b6a0865329

SHA512
24becfde097e984738f3af364881145e593df3cf407400a6ae0411961f0f808557d84c168918a95665249d56f21c51c4c1d54e6c3cba2005b91cbabaaeb89210

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe

Filesize
184KB

MD5
b9ac9ef254620236bbcb2d580b6ea4a8

SHA1
d2de55c32ee2beedcfcff2294bb17d7d56d18ee3

SHA256
250865f1dd047402fc78f7b798dfe4669b71c6613e6d723b0962123f34697204

SHA512
7f9edc232df8a7275c4162ee4ee6c163b771c4ad60d228b64253dd08e3816a57a2489a162f43d41aac30f43d23e73bf6ac0080248c815bd5208741298559bf90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe

Filesize
184KB

MD5
1ab75d4930f1f847404e0f137e1a20d1

SHA1
4df7245619912d0dae106f8bd6c7dfff147f9e07

SHA256
2ccb09128055b4d51faa08eac00a03c5d4b0479279df0fa99fd7dd5d634edc7e

SHA512
bd04d6f2800d7c83e35639fb3182b7a608fd722511e36a942ff5a2c386a64317795b08e45ef16e045a46c49008d39aba52689f685b0c84aaa26bed9f1e379ca0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe

Filesize
184KB

MD5
4adbe51505aee388d740d44de84f2112

SHA1
28e5e6558f319a4d6fa4694657e0a004a38c45f8

SHA256
add1dc8c54fc0503bef7faa0573d6766f121be069fd99452127e19cbc54b7bdd

SHA512
5778f0b57f5a8dcf3ea3b8ff3ac27f345da761c2cd9c1e1f9b8f46463176e93c57dee588a29c5db64cb6857e87b293f7b4904af059df629330ad48e005bf7e73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe

Filesize
184KB

MD5
33bf98e07c754967178200bd961d4110

SHA1
9e8fbf1c5cc02dfaa960466c027be1aebc5868fa

SHA256
b13477ad1edb8ddb701fd15d67ece77328683a8c02d9e8245202b824dfb4a586

SHA512
20d4ce52e73fa871b8d7a83762e5984795710fbd5110a4f108ee61c60519556cd6dd03e67addf8c7fc809e8a3c9bbe3c03a3ebe512b43e4abd667b4147ea72a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe

Filesize
184KB

MD5
258b3afcb286e760259cad8829bccabb

SHA1
03efe0bc2683754c7c77a7370b7c9aa5fe6a9501

SHA256
a6306f2cdb35e0332bc4887980de94622885a3d743072040ecc253360ec3c868

SHA512
f3408c728680535b73d1bba66a0febab53e32b4b1059dd8f2344f3f58b6cd2adc6b274291c793dadbdfec194a1259a7241f3f7f289ff31cd5356c04df6cd19ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50835.exe

Filesize
184KB

MD5
48de93cf53635458226cc33bc5ca1d24

SHA1
5160ffb8cccf4460cae6f1007a27b9fe441e8fcc

SHA256
65f63506538081335b75da41aa58191c21d099e953017fa1f5e24d8f4cc13996

SHA512
cb4426e44ad34b91bf0195c3f8048e2fee2eb22aa784298b5d231c4544ac4719b1e0b0e18a5136040d95e5ba6702eff1fd83280b47db2b6d12128a0ad7c10db4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5163.exe

Filesize
184KB

MD5
8a26e9f52b387d03d11768e6f204b591

SHA1
f406191736d4d5b5c4478edc997dfd92bb2d71ac

SHA256
e7d9b591196500134e57fabbef3bc2ee7413a92503d78f7dc7d5eb898f4ebd02

SHA512
9f621a41a42ff72773234d849c156ab94af3eca9d569edc24572c9111af6e155ddd82f360a8e4ab81aea96e54e44112a53adcb490e4441901aa6c27f4b25a270

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe

Filesize
184KB

MD5
a674e8ad25d6869bd337e2b09f7d92d9

SHA1
424cce64e3db5b15758388ca7a6fc0bdd552f67b

SHA256
094fb0b321fee532560ef9a76ae5a5a6da7664d302b33bb479a4207f120ac018

SHA512
a26f4abd278320fad96bd831621b1f278900b7d9cb0e3bbfa21549021a7d5e257f3ef30ab6b1a13e26f79f8a6a49961aebf123aaa22efe58a60194cc1df1230d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe

Filesize
184KB

MD5
6f07446b2c6eaee5774c4cae37c5969a

SHA1
49eced4aeede05d8192009ba907eccdeddea992b

SHA256
be454b5fedab8246b4266936ba7df4918f0622a323dfcc5db917a6534af69b6c

SHA512
2bd3db2bb6e86125b7d87090c18d0d5553579bdcab74aaaf20552a84e736f7ddaa115b78131beafb80b9c840514b8da6e5a13a404a88ecf3e1d4a110d0496c27

Download Submit