8af816b62ef04e9d79c8ab328f62c7bce391d736e397a7bdc300a02ea35e4ece

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-10-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe
Size

184KB
MD5

426bac0627db6b58e0ea86c6970916f0
SHA1

935a3bbd219a2c314437b46798068112f0fc1e4a
SHA256

8af816b62ef04e9d79c8ab328f62c7bce391d736e397a7bdc300a02ea35e4ece
SHA512

af04576d82fe4ceb894acd2f6a85781c591e7b0acedb5e3647a92afb755c64507454d5c921120421861c72b5849c1c176f8e119777a48f3b0e6ed37fa9ffcdda
SSDEEP

3072:5PQ6ozmOfYA0r9j0dTntV8NmFvF6dPfV3DEx8sPpV6lPvpFy:5PhoD50r2dbtV8j9P26lPvpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2748	Unicorn-8598.exe
2676	Unicorn-16056.exe
2928	Unicorn-32754.exe
1600	Unicorn-43705.exe
2624	Unicorn-27923.exe
1384	Unicorn-51873.exe
2908	Unicorn-60399.exe
2648	Unicorn-24197.exe
2216	Unicorn-52231.exe
2444	Unicorn-27343.exe
856	Unicorn-7477.exe
1372	Unicorn-59652.exe
340	Unicorn-27150.exe
1416	Unicorn-6175.exe
2228	Unicorn-59460.exe
2176	Unicorn-28494.exe
716	Unicorn-8074.exe
408	Unicorn-19772.exe
2620	Unicorn-1188.exe
1712	Unicorn-22355.exe
1980	Unicorn-25885.exe
828	Unicorn-63388.exe
2428	Unicorn-59901.exe
1664	Unicorn-51733.exe
2520	Unicorn-31867.exe
1956	Unicorn-39843.exe
1012	Unicorn-47457.exe
1932	Unicorn-27037.exe
1504	Unicorn-14784.exe
1520	Unicorn-61141.exe
2828	Unicorn-45594.exe
3064	Unicorn-33896.exe
2688	Unicorn-33342.exe
2664	Unicorn-22242.exe
2596	Unicorn-15142.exe
1724	Unicorn-35240.exe
2756	Unicorn-52091.exe
2180	Unicorn-15505.exe
112	Unicorn-6782.exe
1608	Unicorn-39647.exe
1728	Unicorn-11229.exe
1216	Unicorn-35179.exe
2728	Unicorn-44094.exe
584	Unicorn-22735.exe
1224	Unicorn-11037.exe
2960	Unicorn-55599.exe
1852	Unicorn-55599.exe
2532	Unicorn-23624.exe
2392	Unicorn-2924.exe
1544	Unicorn-20007.exe
1988	Unicorn-10900.exe
1272	Unicorn-64185.exe
2980	Unicorn-48212.exe
1896	Unicorn-2540.exe
1476	Unicorn-15539.exe
2452	Unicorn-39489.exe
3044	Unicorn-57724.exe
1940	Unicorn-57169.exe
900	Unicorn-28197.exe
1528	Unicorn-56977.exe
2632	Unicorn-32473.exe
2908	Unicorn-41003.exe
2576	Unicorn-19645.exe
2248	Unicorn-35658.exe

Loads dropped DLL 64 IoCs

pid	Process
2268	426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe
2268	426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe
2748	Unicorn-8598.exe
2748	Unicorn-8598.exe
2268	426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe
2268	426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe
2676	Unicorn-16056.exe
2676	Unicorn-16056.exe
2748	Unicorn-8598.exe
2748	Unicorn-8598.exe
2928	Unicorn-32754.exe
2928	Unicorn-32754.exe
1600	Unicorn-43705.exe
1600	Unicorn-43705.exe
2676	Unicorn-16056.exe
2676	Unicorn-16056.exe
1384	Unicorn-51873.exe
1384	Unicorn-51873.exe
2624	Unicorn-27923.exe
2928	Unicorn-32754.exe
2624	Unicorn-27923.exe
2928	Unicorn-32754.exe
2908	Unicorn-60399.exe
2908	Unicorn-60399.exe
1600	Unicorn-43705.exe
1600	Unicorn-43705.exe
2648	Unicorn-24197.exe
2648	Unicorn-24197.exe
856	Unicorn-7477.exe
856	Unicorn-7477.exe
2624	Unicorn-27923.exe
2216	Unicorn-52231.exe
2624	Unicorn-27923.exe
2216	Unicorn-52231.exe
1384	Unicorn-51873.exe
1384	Unicorn-51873.exe
1372	Unicorn-59652.exe
1372	Unicorn-59652.exe
2908	Unicorn-60399.exe
2908	Unicorn-60399.exe
340	Unicorn-27150.exe
340	Unicorn-27150.exe
2444	Unicorn-27343.exe
2444	Unicorn-27343.exe
1416	Unicorn-6175.exe
1416	Unicorn-6175.exe
2228	Unicorn-59460.exe
2648	Unicorn-24197.exe
2228	Unicorn-59460.exe
2648	Unicorn-24197.exe
856	Unicorn-7477.exe
856	Unicorn-7477.exe
2176	Unicorn-28494.exe
2176	Unicorn-28494.exe
716	Unicorn-8074.exe
716	Unicorn-8074.exe
408	Unicorn-19772.exe
408	Unicorn-19772.exe
2216	Unicorn-52231.exe
2216	Unicorn-52231.exe
2620	Unicorn-1188.exe
2620	Unicorn-1188.exe
1372	Unicorn-59652.exe
1372	Unicorn-59652.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2700	3064	WerFault.exe	62
2548	2404	WerFault.exe	149
2728	1000	WerFault.exe	167
1784	1880	WerFault.exe	532

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54849.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45909.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43705.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55599.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12798.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40341.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22355.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60942.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46681.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50682.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52784.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23630.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14544.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13831.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44906.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2483.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-230.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53390.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2268	426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe
2748	Unicorn-8598.exe
2676	Unicorn-16056.exe
2928	Unicorn-32754.exe
1600	Unicorn-43705.exe
2624	Unicorn-27923.exe
1384	Unicorn-51873.exe
2908	Unicorn-60399.exe
2648	Unicorn-24197.exe
2216	Unicorn-52231.exe
2444	Unicorn-27343.exe
856	Unicorn-7477.exe
1372	Unicorn-59652.exe
340	Unicorn-27150.exe
1416	Unicorn-6175.exe
2228	Unicorn-59460.exe
2176	Unicorn-28494.exe
716	Unicorn-8074.exe
408	Unicorn-19772.exe
2620	Unicorn-1188.exe
1712	Unicorn-22355.exe
1980	Unicorn-25885.exe
828	Unicorn-63388.exe
2428	Unicorn-59901.exe
1664	Unicorn-51733.exe
2520	Unicorn-31867.exe
1956	Unicorn-39843.exe
1012	Unicorn-47457.exe
1932	Unicorn-27037.exe
1520	Unicorn-61141.exe
1504	Unicorn-14784.exe
2828	Unicorn-45594.exe
3064	Unicorn-33896.exe
2596	Unicorn-15142.exe
2664	Unicorn-22242.exe
2688	Unicorn-33342.exe
1724	Unicorn-35240.exe
2756	Unicorn-52091.exe
2180	Unicorn-15505.exe
112	Unicorn-6782.exe
1608	Unicorn-39647.exe
1728	Unicorn-11229.exe
1216	Unicorn-35179.exe
2728	Unicorn-44094.exe
584	Unicorn-22735.exe
1224	Unicorn-11037.exe
2960	Unicorn-55599.exe
1852	Unicorn-55599.exe
2532	Unicorn-23624.exe
2392	Unicorn-2924.exe
1544	Unicorn-20007.exe
1272	Unicorn-64185.exe
1988	Unicorn-10900.exe
2980	Unicorn-48212.exe
1896	Unicorn-2540.exe
1476	Unicorn-15539.exe
2452	Unicorn-39489.exe
3044	Unicorn-57724.exe
1940	Unicorn-57169.exe
900	Unicorn-28197.exe
2632	Unicorn-32473.exe
1528	Unicorn-56977.exe
2908	Unicorn-41003.exe
2576	Unicorn-19645.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2748	2268	426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe	31
PID 2268 wrote to memory of 2748	2268	426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe	31
PID 2268 wrote to memory of 2748	2268	426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe	31
PID 2268 wrote to memory of 2748	2268	426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe	31
PID 2748 wrote to memory of 2676	2748	Unicorn-8598.exe	32
PID 2748 wrote to memory of 2676	2748	Unicorn-8598.exe	32
PID 2748 wrote to memory of 2676	2748	Unicorn-8598.exe	32
PID 2748 wrote to memory of 2676	2748	Unicorn-8598.exe	32
PID 2268 wrote to memory of 2928	2268	426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe	33
PID 2268 wrote to memory of 2928	2268	426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe	33
PID 2268 wrote to memory of 2928	2268	426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe	33
PID 2268 wrote to memory of 2928	2268	426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe	33
PID 2676 wrote to memory of 1600	2676	Unicorn-16056.exe	34
PID 2676 wrote to memory of 1600	2676	Unicorn-16056.exe	34
PID 2676 wrote to memory of 1600	2676	Unicorn-16056.exe	34
PID 2676 wrote to memory of 1600	2676	Unicorn-16056.exe	34
PID 2748 wrote to memory of 2624	2748	Unicorn-8598.exe	35
PID 2748 wrote to memory of 2624	2748	Unicorn-8598.exe	35
PID 2748 wrote to memory of 2624	2748	Unicorn-8598.exe	35
PID 2748 wrote to memory of 2624	2748	Unicorn-8598.exe	35
PID 2928 wrote to memory of 1384	2928	Unicorn-32754.exe	36
PID 2928 wrote to memory of 1384	2928	Unicorn-32754.exe	36
PID 2928 wrote to memory of 1384	2928	Unicorn-32754.exe	36
PID 2928 wrote to memory of 1384	2928	Unicorn-32754.exe	36
PID 1600 wrote to memory of 2908	1600	Unicorn-43705.exe	37
PID 1600 wrote to memory of 2908	1600	Unicorn-43705.exe	37
PID 1600 wrote to memory of 2908	1600	Unicorn-43705.exe	37
PID 1600 wrote to memory of 2908	1600	Unicorn-43705.exe	37
PID 2676 wrote to memory of 2648	2676	Unicorn-16056.exe	38
PID 2676 wrote to memory of 2648	2676	Unicorn-16056.exe	38
PID 2676 wrote to memory of 2648	2676	Unicorn-16056.exe	38
PID 2676 wrote to memory of 2648	2676	Unicorn-16056.exe	38
PID 1384 wrote to memory of 2216	1384	Unicorn-51873.exe	39
PID 1384 wrote to memory of 2216	1384	Unicorn-51873.exe	39
PID 1384 wrote to memory of 2216	1384	Unicorn-51873.exe	39
PID 1384 wrote to memory of 2216	1384	Unicorn-51873.exe	39
PID 2624 wrote to memory of 2444	2624	Unicorn-27923.exe	40
PID 2624 wrote to memory of 2444	2624	Unicorn-27923.exe	40
PID 2624 wrote to memory of 2444	2624	Unicorn-27923.exe	40
PID 2624 wrote to memory of 2444	2624	Unicorn-27923.exe	40
PID 2928 wrote to memory of 856	2928	Unicorn-32754.exe	41
PID 2928 wrote to memory of 856	2928	Unicorn-32754.exe	41
PID 2928 wrote to memory of 856	2928	Unicorn-32754.exe	41
PID 2928 wrote to memory of 856	2928	Unicorn-32754.exe	41
PID 2908 wrote to memory of 1372	2908	Unicorn-60399.exe	42
PID 2908 wrote to memory of 1372	2908	Unicorn-60399.exe	42
PID 2908 wrote to memory of 1372	2908	Unicorn-60399.exe	42
PID 2908 wrote to memory of 1372	2908	Unicorn-60399.exe	42
PID 1600 wrote to memory of 340	1600	Unicorn-43705.exe	43
PID 1600 wrote to memory of 340	1600	Unicorn-43705.exe	43
PID 1600 wrote to memory of 340	1600	Unicorn-43705.exe	43
PID 1600 wrote to memory of 340	1600	Unicorn-43705.exe	43
PID 2648 wrote to memory of 1416	2648	Unicorn-24197.exe	44
PID 2648 wrote to memory of 1416	2648	Unicorn-24197.exe	44
PID 2648 wrote to memory of 1416	2648	Unicorn-24197.exe	44
PID 2648 wrote to memory of 1416	2648	Unicorn-24197.exe	44
PID 856 wrote to memory of 2228	856	Unicorn-7477.exe	45
PID 856 wrote to memory of 2228	856	Unicorn-7477.exe	45
PID 856 wrote to memory of 2228	856	Unicorn-7477.exe	45
PID 856 wrote to memory of 2228	856	Unicorn-7477.exe	45
PID 2624 wrote to memory of 2176	2624	Unicorn-27923.exe	46
PID 2624 wrote to memory of 2176	2624	Unicorn-27923.exe	46
PID 2624 wrote to memory of 2176	2624	Unicorn-27923.exe	46
PID 2624 wrote to memory of 2176	2624	Unicorn-27923.exe	46

C:\Users\Admin\AppData\Local\Temp\426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\426bac0627db6b58e0ea86c6970916f0_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2924.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        10⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15835.exe
        12⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35224.exe
        13⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29547.exe
        14⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        16⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        17⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13831.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        19⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        20⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        21⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58789.exe
        15⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62933.exe
        16⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11766.exe
        18⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
        19⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
        20⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        11⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        12⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        13⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8628.exe
        14⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
        15⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
        16⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
        18⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        19⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4875.exe
        20⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
        15⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        16⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51346.exe
        17⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42057.exe
        18⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
        19⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
        20⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
        17⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
        9⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        10⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        11⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
        12⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        13⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25160.exe
        14⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
        15⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9332.exe
        16⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        17⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22151.exe
        18⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        19⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34765.exe
        17⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        18⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35348.exe
        10⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20346.exe
        11⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        12⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        13⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        14⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
        15⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
        16⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        17⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        18⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
        19⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33896.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 220
        8⤵
        Program crash
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
        9⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36053.exe
        11⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
        12⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14544.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27568.exe
        15⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        16⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22135.exe
        17⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
        18⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35628.exe
        19⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35658.exe
        7⤵
        Executes dropped EXE
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
        9⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        10⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        11⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53911.exe
        12⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
        13⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        14⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
        15⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        16⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        17⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25885.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39489.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        9⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48223.exe
        10⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35255.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        12⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        13⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        15⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
        16⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37454.exe
        17⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53733.exe
        18⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15549.exe
        19⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32141.exe
        9⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        10⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
        11⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        12⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40341.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53172.exe
        14⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
        15⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60650.exe
        16⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
        17⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15954.exe
        18⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57724.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        9⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
        10⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11269.exe
        11⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43849.exe
        12⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        13⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        15⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23920.exe
        16⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
        17⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
        18⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
        19⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35240.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
        7⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        9⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39583.exe
        10⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
        11⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe
        12⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
        13⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27895.exe
        14⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2399.exe
        15⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
        16⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35820.exe
        17⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50459.exe
        18⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
        17⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54371.exe
        14⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24197.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2540.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        9⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        10⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51783.exe
        11⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
        12⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
        13⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61145.exe
        14⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4739.exe
        15⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        16⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        18⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        19⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
        20⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15893.exe
        21⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54491.exe
        8⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        9⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        10⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33386.exe
        12⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53172.exe
        13⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
        14⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        15⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3380.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15539.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        8⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        9⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
        10⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        12⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39925.exe
        8⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        11⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        8⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
        9⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        10⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
        11⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47876.exe
        12⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
        13⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
        14⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61216.exe
        15⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5949.exe
        16⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16272.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43916.exe
        10⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
        12⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60216.exe
        13⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        14⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        15⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24470.exe
        16⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
        17⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        18⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48159.exe
        14⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48315.exe
        15⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        16⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        17⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        18⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50682.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23527.exe
        8⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        10⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28643.exe
        11⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        12⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28886.exe
        13⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        14⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16842.exe
        15⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12233.exe
        16⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        17⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        18⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52212.exe
        13⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41813.exe
        14⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
        15⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51533.exe
        16⤵
        
        PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32473.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        8⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11995.exe
        9⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
        10⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8685.exe
        11⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32173.exe
        12⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28255.exe
        13⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
        14⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
        15⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
        16⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
        17⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        18⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38321.exe
        12⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17542.exe
        13⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        14⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53214.exe
        15⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
        17⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46598.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        9⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43859.exe
        10⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40533.exe
        11⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
        12⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29701.exe
        14⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54724.exe
        15⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 220
        17⤵
        Program crash
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        17⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41003.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
        7⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        8⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19604.exe
        9⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
        10⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
        11⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
        12⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        14⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        15⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58668.exe
        16⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        17⤵
        
        PID:2396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15142.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17118.exe
        8⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48358.exe
        10⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
        11⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        12⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11612.exe
        13⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
        14⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        15⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        16⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        17⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60625.exe
        18⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
        6⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43900.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        10⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37217.exe
        11⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
        13⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
        14⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        15⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41076.exe
        7⤵
        
        PID:1000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 220
        8⤵
        Program crash
        
        PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30138.exe
        8⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        9⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55623.exe
        10⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        11⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45385.exe
        12⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        11⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        12⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53857.exe
        13⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
        14⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        15⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
        16⤵
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
        6⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        7⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60335.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36053.exe
        9⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28774.exe
        10⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62079.exe
        11⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8631.exe
        12⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
        13⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        14⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55715.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
        16⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46106.exe
        10⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
        11⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        12⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9332.exe
        13⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        14⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30345.exe
        15⤵
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11751.exe
        6⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48560.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
        8⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        10⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        11⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        12⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7775.exe
        13⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
        14⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
        15⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        16⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
        13⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        14⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42597.exe
        15⤵
        
        PID:1868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52231.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        9⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
        10⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        11⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
        12⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
        13⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60704.exe
        14⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
        15⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        16⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        17⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        18⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
        16⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
        17⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        18⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
        19⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
        17⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        18⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32534.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48477.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        9⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4668.exe
        10⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
        11⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        12⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
        13⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24667.exe
        14⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        15⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        16⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        17⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43858.exe
        18⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11233.exe
        12⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20666.exe
        13⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65258.exe
        14⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        15⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        16⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18093.exe
        17⤵
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43734.exe
        9⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1601.exe
        10⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        11⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
        12⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        13⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40616.exe
        14⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26203.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
        16⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
        17⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21943.exe
        18⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6390.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11808.exe
        20⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14910.exe
        15⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42507.exe
        16⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
        17⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62607.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        19⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe
        20⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1601.exe
        9⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
        10⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
        11⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45193.exe
        12⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
        13⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
        15⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5715.exe
        16⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8699.exe
        17⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        18⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        12⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        13⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        14⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35539.exe
        15⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14340.exe
        16⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        17⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9457.exe
        7⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53651.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27196.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        10⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19547.exe
        11⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19153.exe
        12⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        13⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        14⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53390.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20433.exe
        16⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
        17⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        18⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56110.exe
        19⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30153.exe
        18⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        16⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
        17⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7340.exe
        18⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
        9⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        10⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2208.exe
        8⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20474.exe
        6⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7626.exe
        9⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49157.exe
        10⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36510.exe
        11⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        12⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11973.exe
        13⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9332.exe
        14⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54968.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        16⤵
        
        PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8074.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        7⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19827.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        11⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        12⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
        13⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27297.exe
        14⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
        15⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        16⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62711.exe
        18⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        17⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11037.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11751.exe
        6⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36023.exe
        9⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        11⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        12⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18310.exe
        13⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        14⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        15⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50033.exe
        16⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
        17⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
        18⤵
        
        PID:776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
        8⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44009.exe
        9⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1601.exe
        10⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
        11⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21466.exe
        12⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47611.exe
        13⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
        14⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60216.exe
        14⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35305.exe
        15⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18575.exe
        16⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
        17⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34180.exe
        18⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        19⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38265.exe
        10⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14663.exe
        11⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62619.exe
        12⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
        13⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50121.exe
        14⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        15⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59384.exe
        16⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42057.exe
        17⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43147.exe
        18⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19053.exe
        19⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23172.exe
        17⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        18⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11850.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62478.exe
        9⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42541.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        11⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8052.exe
        12⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
        13⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
        14⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
        15⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27179.exe
        16⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48440.exe
        17⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        18⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44414.exe
        10⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64762.exe
        11⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
        12⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36696.exe
        13⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40723.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11382.exe
        15⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
        16⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
        6⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
        7⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        8⤵
        Program crash
        
        PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11229.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56977.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
        7⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1601.exe
        8⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20154.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
        10⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
        11⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
        12⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
        13⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44532.exe
        14⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6857.exe
        16⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
        17⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5654.exe
        9⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
        10⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        11⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
        12⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4158.exe
        13⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
        15⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25488.exe
        16⤵
        
        PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22735.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
        6⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20403.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24321.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27845.exe
        9⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8820.exe
        10⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65315.exe
        11⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
        12⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6597.exe
        13⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54501.exe
        14⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54849.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
        5⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30330.exe
        6⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1601.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        8⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43558.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13978.exe
        10⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29215.exe
        11⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
        12⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        13⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
        15⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
        16⤵
        
        PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe

Filesize
184KB

MD5
29a616f27cf109b5a645feb4f7be2fe0

SHA1
920d16839f857bc8341468a8f7e3899193b744f7

SHA256
99fee3901b8aed0ac8441c7911101ee139e64d062c921495b5bb898818c58f99

SHA512
ffdd09aa1d65ecf0d37522b62ae0cc96f27286596adbdbf23ceb8f57432344c2deda0393b5c44cb962c64b94706bd28fdd44265ef07ebea3ffd014a8463f65ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41003.exe

Filesize
184KB

MD5
aff45a916f8271cc064137fed13c3a69

SHA1
e10eb4cc96ffde93664a33d3fe11f4859ece8982

SHA256
2ce4eb9a513b98333af968e971d18ab8c6d9dd1ec9de8efea8a34737d3f469ac

SHA512
0eb814f9c9ecf49404904ee4baf3ff60cb5402dbb5cbe0c3ac7ed62a1e624f8c75da72f27a630c14f52e8e46396956a407f4c40921015a71cc7e94f3ee232947

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe

Filesize
184KB

MD5
5869359d73e0dec6d5c2ee76bc953101

SHA1
9f3b70ccc97981bc94d6153b9c73ffde8422318d

SHA256
148feb41b6b7e3e585f84a92de8c0676b12edb42c77ad5ef0399ec341dea65f4

SHA512
d0c0662e92081eecd74c9e43fd112477c4ea09fe8fe751748923008eb3ced9df4aa3a6b1e29112fca8591394b8f743510cc3390e053420adec3f98f4e9acc1cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5949.exe

Filesize
184KB

MD5
dcabca07e3338239554f8efe4608a920

SHA1
b1438d40046bfb60dc49cd423916555b4f2e7065

SHA256
56fb7eb478140b5036e5013960920972e8742bf49f3d65d5702af68120982db5

SHA512
4b4a24bbd88be0f64789327c043af75a24b350242715d82aa80fec79f51a8a9f565fe7a99dc0180220fa5da44ab03049d945c9b1f5d8beab86ab88065204fe88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe

Filesize
184KB

MD5
b6b7b72393c190f41d45db4354a516af

SHA1
2870b3216f2c02b34bffcc7740f2139a7da4f013

SHA256
b131fb610cfad6df6525231329631435e9f6a20422f10857a50f5b4eab273902

SHA512
f386de54cbc68fedfa43e4d916a0d73af9db7e6619cadec54b7d4c836d400c1ac032c8a753b6083d7c582006a95cbd96a548209b67d5c61bf0e65d9a5cadf9cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6175.exe

Filesize
184KB

MD5
212c9e201357f20a47ac3b90a96e827f

SHA1
81607b3ac2f137b3e3115ac4bad57b574aa1812b

SHA256
a1686f3d3a161fa599866db5a7d795986effb6853c56e1681721e3f0167bdf7b

SHA512
ef896af9a01230b4faba01c8ffd1c9d08286c78508628c871f339a3ddf8e16741b5d9f4f6b304b1ee9dd855f95dac9cdaff58c48b69b71faf261fa28ecb3bf7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6390.exe

Filesize
184KB

MD5
8eda0257cdd07cb60224c21b31af3f30

SHA1
c28535171ebba28457ebc6b151a0ec5fd3ac4e3a

SHA256
a9f032b1b83778b106743d0c8cff9679f40aa1679154846ecf840c4f82559944

SHA512
19c2824eed5705e1f822156d4a80b3db915d8ba96e16e10e859456243dd801b509db373590939b95b737be386212b3d401270ba1a06da9e47974cdc17ba80f44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe

Filesize
184KB

MD5
f357e6398cd139a73dccdaf30d9cd09d

SHA1
57ee9bd16c162573e054e66597877895c4319b14

SHA256
6012bc3c0c13a5bc5d82e25ae03ba4249ea7664bd9fed605a232c2887f73835a

SHA512
67cf9ef290f7506b8b50bbb61a34a1791aee0c66efcb02a663d691be00eb6c7c08bad824b883cac09e532e05454f1b6bf471ac269605620034d71eb3e0df15e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe

Filesize
184KB

MD5
58d6bf7494d252507b825adf4375adf4

SHA1
d3e5f42739537a3c04c7e64b3fbbfdcb4c03d36c

SHA256
4ed3eb1dec1b3acaa40582253bb327cb1d12ad434db8fcad71d2f9beb608ea39

SHA512
73976b8c06337d3e17338c38e7f07a32ff4843bf76df22b7bbc1deca362ea60ccd955319f6e593d5535715c07ea4c2085320087f4ad16905b4e333a54772efb9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe

Filesize
184KB

MD5
bdb1564507b36915a9b49e2e328ae34f

SHA1
cd8cb52bbd49c9d6a8f090de0bf95290c0a04cbf

SHA256
c94a88cfd5512cad880ffa5a30958a221824aeb6846580ed8e7212201cbba39d

SHA512
5a0e6d314113c0bc145e3a4dac07ee7fe8b252fe327933596f4bf76b3536f61915187efca3506931f8f568008f302a5a421368a887e05fa75153bd66c331ba6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe

Filesize
184KB

MD5
af371c30d1bf748f3e341e4e3a298059

SHA1
a919515c2a5b048a0dd8697887bb2ae0f062bb5a

SHA256
9ad4bf6be60bbf9d1da3fe398eaa0390767767c233907f96b2029c007feb6df6

SHA512
7be272a70c501e2dc3e70136bb8d5d4e9a706397d1f80ad108a6efebcbfa36ab9fdb5f2e4e98b8a17a7b5026eacaf6b2a0a03702b4cb5bc624f4a1358a9d0a7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24197.exe

Filesize
184KB

MD5
547d3713f5b5ca367eec20762d9635d5

SHA1
8f6cd259be0eac80e97a4c9efa0bcbd1c0b26da4

SHA256
b7c51f81eefe1556a12262c780628326b0aa5448aa0c8b483cbf8a6e3492777a

SHA512
44754274b639293e177ec5d82e7bef07eb2ab4991b635abb39441a08b3c45dae2707b9e15e8fb378ee68265652e0d9a9024231ab6057288486da3dad0ba3ed20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe

Filesize
184KB

MD5
f51528ae59f54206b9e4cfb9e773b891

SHA1
c8b21a1f2be0559fb222c0f49b16ad76b503a6ad

SHA256
b3cdb83ffd08220e7563df65c8ab13abfbd3f2fdcfa2a2d5533c643975eca8f9

SHA512
75c523906852299821cf1761c6dc80c0126258b524b33414621caa04ec7af193d3ca0285dad55a6c6c003fa2c2863235efeca3083813915a1fc29e15c838ac47

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27343.exe

Filesize
184KB

MD5
0e211bd6daf910c2c22a629a878ac826

SHA1
62995d78958b53dc8145cb131a9f55dc0f43159b

SHA256
09a0b439e1a1b0ff863e4ff1937df21da3d000cac39b5d597c694a523df2190c

SHA512
eaa79aa1418c922cf2d1f72e30c9c0923a7cbe249fc74841f49b24e964466e214d4bb69d6ef64df2a78c78f1d38ba8ca639681508e58d36cb847d5deda6e99f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27923.exe

Filesize
184KB

MD5
66e6bb1115021b8e96393b323b28911b

SHA1
90fa77e2ef566141743757021073657a9e016a4f

SHA256
1e6ff9ddd88bfe36a60064e39b9d71a182e35b11a34385e53f149494f7282b4b

SHA512
44020dda0c4c076ff7273ac688e2088c748796860333969c154018d61f188df5a160bf677ee8a7b1b7b909dd7e67772563126e9a2852dc0e81fadddb4d80554e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28494.exe

Filesize
184KB

MD5
979be0c0f5387ce2947ade77132ae966

SHA1
1d1072becc62cb3cd88f8de1cf1c82b7522f2fd0

SHA256
4c08be5bd5983fb88206a342bc00fbd968524c71e03bd68c5e75559b5e0c089f

SHA512
c3f25f4966bb0b7ef281c7431f9124ab1022c59a3d60f4de17c81f5a7c97d393265e7811f545680478f3ef742c07cf6474aa5447bbe0f57968f203a223f1b212

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe

Filesize
184KB

MD5
cf9a61ab2a76d8fadb41875b91b74735

SHA1
6244eb6ab4622af0034bdd5ee997a4c39cf90fdc

SHA256
1011336f30fd15454e7d18d2be4ce275be090b02df0419c955277401b7b6da55

SHA512
327fc1f3ec55e29e8fcbfcd337600bc8f21eb2761e1da6126698ac56695d0a2059dd86fc1ee44fb19fa8d39866cf8b3428c4a22171df7b458484ed1e9002c992

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe

Filesize
184KB

MD5
a1552eeee9b53beeae06a3789086a6ac

SHA1
dfb8fc043dcae5f398d9064b1d40aa94e67e1fa6

SHA256
747b7958cd99f5af657ef875dca1c219cb49ffcddf543e3c3bb9512287858077

SHA512
a410d62ca7d7aa75e88db1d4524accbcda69e1db2e439a8a0b2dd39ae45833c127537a2cfba7836aaabfbe5c1ee74c555ec49b023d6e510ec4391dc2e8463f0d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe

Filesize
184KB

MD5
be47fa85c41158ac0bdeb1ab4456f1cd

SHA1
455d527e9576abc39865480690e2ae94cc449ddd

SHA256
27ef67c8977954f4ea9396d196ed8dd67b3e0ee36b7b8aff88a75eea6ad7d5d4

SHA512
7c7ed8d9e7a631d9ce36ef850bbad0e1863c262fb93bc15069dd38168d693ca3d0b84b3f381f7a20dca8f28c841d63f71884be0523734a6abe9047d1173b3ec0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52231.exe

Filesize
184KB

MD5
193cc75c11fbc94e0336a94dba10ac08

SHA1
500cc434587cdaa32326ab320da3568450e8329f

SHA256
d15531de27f5be965e56a76e9592de37cbf3b1bd391f250e834d50b78993c441

SHA512
363c4a1307d2cf8775259009b58807d23cae504048738aead22da0fe7d19099f3edba8cf8515562ea1efc1fe52c9d53113e41ecabf75f204741537dc4a01ff85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59652.exe

Filesize
184KB

MD5
b800c10f5bfab972be9721a21921a3cd

SHA1
7c2cbf5f0a8ba38e079aa7d3c0d4b73c263015d5

SHA256
5fdb0a9ba88e243cbf3f2e48c30a07d73699fb26d0435cc3b31eba90220d9c76

SHA512
8b98a38e95baf52c45585ebbe818aeab77d1dcf21370e2bfcf1b37620833b494e9090f7890b0d0285e885923447ee0faf3efe4e8f545d271edd3714e481f001c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60399.exe

Filesize
184KB

MD5
b3460fe3755c5dcc75467ed4dbb3acbb

SHA1
84c3d0b5b2743b67788a5f68a786951b17415c3d

SHA256
4623e4525b2a997691d74a49cbf8e7fd71288211a2ef04916ed66c605b14d0a5

SHA512
7fc8719fa15cd2d6fe0c74a6e46c6746e1deba742d5ea010049af7399697f6df93e824c9bfda34d373fb6e48b7a61a82acf64731d2ae79911aad4a26879ca52b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7477.exe

Filesize
184KB

MD5
ed27245738633526325d3479c23a8410

SHA1
9ea9494e2d55d46a6abe343fe545fa7b7e444021

SHA256
62435f728ea8f5155b21d336d8d3364c3ed2f3a2d74f663abb4c07fd322836e1

SHA512
4e602a69cd2f276c0947a6a6f6a322806e650612de9fef6387ca8b6b0f3b3ed17e0270cc822d4608aae799eccebef5caa02c3bcacadee0c9c1fe26bbc0503718

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8074.exe

Filesize
184KB

MD5
4223d76aef42da9fc80e3fa1dfe76ef0

SHA1
e8b4663d3f1d3c880bb77019b8f4ed47b661845e

SHA256
2fde587668a4b2fa0730fba1b9b49b9a102dd86b072314f552039effc841f2e4

SHA512
ee8282d906ca6676628308dfee7efa6a9c08432e98a5c7ee5efab0f297e722b62e2fa8015e10e951f8310494e54991340b4c0ba15b5a71d8f83fbe752a49115e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe

Filesize
184KB

MD5
f061a9d06edc1ad8897e54db9af8cc56

SHA1
cafdbb50870db5bc78997a2bbb388d5cd83aa978

SHA256
62e8280498881367c79ff1c88cc23e203cec73e1766b022cd5de3b82a471a663

SHA512
26c7696cff0202bdbdb91cffcabef642099bbefc0f92dbf536115f01d501c8a20e14798ef0a828f4c6c2786d611ddc85841508bdcf02ebf1cd6b7088a4fa75a5

Download Submit
memory/2396-2021-0x0000000001EA0000-0x0000000001FB0000-memory.dmp

Filesize
1.1MB

Download
memory/2396-2020-0x0000000001EA0000-0x0000000001FFC000-memory.dmp

Filesize
1.4MB

Download
memory/2396-2019-0x0000000077370000-0x000000007746A000-memory.dmp

Filesize
1000KB

Download
memory/2396-2018-0x0000000077470000-0x000000007758F000-memory.dmp

Filesize
1.1MB

Download