236ab4c29fc671aabea4878c19806296acc4130b7c2960448d1af902df9e1094

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-10-2024 03:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe
Size

184KB
MD5

55462a0935da6711ebcd1a0af0f6714d
SHA1

85e0b85d3f506b3c2a25f1f5561f7176b0136d09
SHA256

236ab4c29fc671aabea4878c19806296acc4130b7c2960448d1af902df9e1094
SHA512

4f2025bba6893ce48e53dc74ab599370796b34e0a97135a1f0366cf6aa3ca2f916921aa8e58b3299299dd7b61d20f2018a6ac9bb269197b5c132b734b36886fc
SSDEEP

3072:gqrmo/7x4zAHtQjyMVrNi8nMS4uM8yZUkrSxQxcZUylPrpFY:gq6oCsHtjMxNi8wGGjylPrpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2552	Unicorn-17047.exe
2696	Unicorn-51634.exe
2848	Unicorn-5962.exe
2912	Unicorn-61629.exe
2144	Unicorn-61629.exe
2460	Unicorn-25619.exe
3012	Unicorn-51326.exe
332	Unicorn-11917.exe
484	Unicorn-31783.exe
2796	Unicorn-47221.exe
2972	Unicorn-1549.exe
1728	Unicorn-16952.exe
2428	Unicorn-53023.exe
2764	Unicorn-56360.exe
1588	Unicorn-4014.exe
1456	Unicorn-23880.exe
2056	Unicorn-6967.exe
2068	Unicorn-55976.exe
2864	Unicorn-3630.exe
2880	Unicorn-59837.exe
444	Unicorn-7491.exe
704	Unicorn-62525.exe
2280	Unicorn-61949.exe
1288	Unicorn-61949.exe
976	Unicorn-41699.exe
1316	Unicorn-61565.exe
2248	Unicorn-31389.exe
920	Unicorn-31389.exe
784	Unicorn-61793.exe
2396	Unicorn-12400.exe
2360	Unicorn-28736.exe
2184	Unicorn-18577.exe
2708	Unicorn-48104.exe
644	Unicorn-2432.exe
2728	Unicorn-51934.exe
2668	Unicorn-65125.exe
2576	Unicorn-35022.exe
2504	Unicorn-14637.exe
2472	Unicorn-14637.exe
2512	Unicorn-37518.exe
1916	Unicorn-14253.exe
1612	Unicorn-1446.exe
608	Unicorn-30397.exe
668	Unicorn-33351.exe
996	Unicorn-63755.exe
2736	Unicorn-4243.exe
2964	Unicorn-4243.exe
2216	Unicorn-49723.exe
2168	Unicorn-4051.exe
1780	Unicorn-16299.exe
340	Unicorn-16491.exe
2072	Unicorn-2650.exe
1716	Unicorn-49199.exe
2860	Unicorn-64466.exe
1928	Unicorn-51768.exe
3028	Unicorn-51768.exe
1136	Unicorn-43695.exe
1488	Unicorn-41688.exe
2144	Unicorn-38350.exe
2032	Unicorn-26591.exe
2276	Unicorn-46457.exe
2560	Unicorn-62985.exe
2432	Unicorn-42543.exe
280	Unicorn-62637.exe

Loads dropped DLL 64 IoCs

pid	Process
2132	55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe
2132	55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe
2132	55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe
2552	Unicorn-17047.exe
2132	55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe
2552	Unicorn-17047.exe
2848	Unicorn-5962.exe
2696	Unicorn-51634.exe
2696	Unicorn-51634.exe
2848	Unicorn-5962.exe
2552	Unicorn-17047.exe
2552	Unicorn-17047.exe
2144	Unicorn-61629.exe
2144	Unicorn-61629.exe
2696	Unicorn-51634.exe
2912	Unicorn-61629.exe
2696	Unicorn-51634.exe
2912	Unicorn-61629.exe
2848	Unicorn-5962.exe
2848	Unicorn-5962.exe
2460	Unicorn-25619.exe
2460	Unicorn-25619.exe
3012	Unicorn-51326.exe
3012	Unicorn-51326.exe
2144	Unicorn-61629.exe
2144	Unicorn-61629.exe
2972	Unicorn-1549.exe
2972	Unicorn-1549.exe
2796	Unicorn-47221.exe
2796	Unicorn-47221.exe
2460	Unicorn-25619.exe
2460	Unicorn-25619.exe
332	Unicorn-11917.exe
332	Unicorn-11917.exe
484	Unicorn-31783.exe
484	Unicorn-31783.exe
2912	Unicorn-61629.exe
2912	Unicorn-61629.exe
1728	Unicorn-16952.exe
1728	Unicorn-16952.exe
3012	Unicorn-51326.exe
3012	Unicorn-51326.exe
2428	Unicorn-53023.exe
2428	Unicorn-53023.exe
1456	Unicorn-23880.exe
1588	Unicorn-4014.exe
1456	Unicorn-23880.exe
1588	Unicorn-4014.exe
2796	Unicorn-47221.exe
2864	Unicorn-3630.exe
2796	Unicorn-47221.exe
2864	Unicorn-3630.exe
2068	Unicorn-55976.exe
2068	Unicorn-55976.exe
2764	Unicorn-56360.exe
2764	Unicorn-56360.exe
332	Unicorn-11917.exe
332	Unicorn-11917.exe
2972	Unicorn-1549.exe
2972	Unicorn-1549.exe
484	Unicorn-31783.exe
484	Unicorn-31783.exe
2880	Unicorn-59837.exe
2880	Unicorn-59837.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
2372	2784	WerFault.exe	107
1924	2248	WerFault.exe	140
772	1836	WerFault.exe	482
2560	540	WerFault.exe	483
956	1484	WerFault.exe	480

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52902.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60154.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18983.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11316.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19523.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11708.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40050.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54023.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18169.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46661.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45774.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2141.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58856.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63938.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2132	55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe
2552	Unicorn-17047.exe
2848	Unicorn-5962.exe
2696	Unicorn-51634.exe
2144	Unicorn-61629.exe
2912	Unicorn-61629.exe
2460	Unicorn-25619.exe
3012	Unicorn-51326.exe
332	Unicorn-11917.exe
2796	Unicorn-47221.exe
2972	Unicorn-1549.exe
484	Unicorn-31783.exe
1728	Unicorn-16952.exe
2428	Unicorn-53023.exe
1588	Unicorn-4014.exe
2764	Unicorn-56360.exe
1456	Unicorn-23880.exe
2056	Unicorn-6967.exe
2864	Unicorn-3630.exe
2068	Unicorn-55976.exe
2880	Unicorn-59837.exe
444	Unicorn-7491.exe
704	Unicorn-62525.exe
1288	Unicorn-61949.exe
2280	Unicorn-61949.exe
976	Unicorn-41699.exe
1316	Unicorn-61565.exe
920	Unicorn-31389.exe
784	Unicorn-61793.exe
2248	Unicorn-31389.exe
2396	Unicorn-12400.exe
2360	Unicorn-28736.exe
2184	Unicorn-18577.exe
2708	Unicorn-48104.exe
644	Unicorn-2432.exe
2728	Unicorn-51934.exe
2668	Unicorn-65125.exe
2504	Unicorn-14637.exe
2576	Unicorn-35022.exe
2472	Unicorn-14637.exe
2512	Unicorn-37518.exe
1916	Unicorn-14253.exe
1612	Unicorn-1446.exe
608	Unicorn-30397.exe
668	Unicorn-33351.exe
2964	Unicorn-4243.exe
2736	Unicorn-4243.exe
996	Unicorn-63755.exe
2216	Unicorn-49723.exe
2168	Unicorn-4051.exe
1780	Unicorn-16299.exe
340	Unicorn-16491.exe
2072	Unicorn-2650.exe
1716	Unicorn-49199.exe
2860	Unicorn-64466.exe
3028	Unicorn-51768.exe
1928	Unicorn-51768.exe
1136	Unicorn-43695.exe
2144	Unicorn-38350.exe
1488	Unicorn-41688.exe
2276	Unicorn-46457.exe
2032	Unicorn-26591.exe
2560	Unicorn-62985.exe
2432	Unicorn-42543.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2552	2132	55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe	28
PID 2132 wrote to memory of 2552	2132	55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe	28
PID 2132 wrote to memory of 2552	2132	55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe	28
PID 2132 wrote to memory of 2552	2132	55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe	28
PID 2132 wrote to memory of 2696	2132	55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe	29
PID 2132 wrote to memory of 2696	2132	55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe	29
PID 2132 wrote to memory of 2696	2132	55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe	29
PID 2132 wrote to memory of 2696	2132	55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe	29
PID 2552 wrote to memory of 2848	2552	Unicorn-17047.exe	30
PID 2552 wrote to memory of 2848	2552	Unicorn-17047.exe	30
PID 2552 wrote to memory of 2848	2552	Unicorn-17047.exe	30
PID 2552 wrote to memory of 2848	2552	Unicorn-17047.exe	30
PID 2696 wrote to memory of 2144	2696	Unicorn-51634.exe	32
PID 2696 wrote to memory of 2144	2696	Unicorn-51634.exe	32
PID 2696 wrote to memory of 2144	2696	Unicorn-51634.exe	32
PID 2696 wrote to memory of 2144	2696	Unicorn-51634.exe	32
PID 2848 wrote to memory of 2912	2848	Unicorn-5962.exe	31
PID 2848 wrote to memory of 2912	2848	Unicorn-5962.exe	31
PID 2848 wrote to memory of 2912	2848	Unicorn-5962.exe	31
PID 2848 wrote to memory of 2912	2848	Unicorn-5962.exe	31
PID 2552 wrote to memory of 2460	2552	Unicorn-17047.exe	33
PID 2552 wrote to memory of 2460	2552	Unicorn-17047.exe	33
PID 2552 wrote to memory of 2460	2552	Unicorn-17047.exe	33
PID 2552 wrote to memory of 2460	2552	Unicorn-17047.exe	33
PID 2144 wrote to memory of 3012	2144	Unicorn-61629.exe	34
PID 2144 wrote to memory of 3012	2144	Unicorn-61629.exe	34
PID 2144 wrote to memory of 3012	2144	Unicorn-61629.exe	34
PID 2144 wrote to memory of 3012	2144	Unicorn-61629.exe	34
PID 2696 wrote to memory of 332	2696	Unicorn-51634.exe	36
PID 2696 wrote to memory of 332	2696	Unicorn-51634.exe	36
PID 2696 wrote to memory of 332	2696	Unicorn-51634.exe	36
PID 2696 wrote to memory of 332	2696	Unicorn-51634.exe	36
PID 2912 wrote to memory of 484	2912	Unicorn-61629.exe	35
PID 2912 wrote to memory of 484	2912	Unicorn-61629.exe	35
PID 2912 wrote to memory of 484	2912	Unicorn-61629.exe	35
PID 2912 wrote to memory of 484	2912	Unicorn-61629.exe	35
PID 2848 wrote to memory of 2796	2848	Unicorn-5962.exe	37
PID 2848 wrote to memory of 2796	2848	Unicorn-5962.exe	37
PID 2848 wrote to memory of 2796	2848	Unicorn-5962.exe	37
PID 2848 wrote to memory of 2796	2848	Unicorn-5962.exe	37
PID 2460 wrote to memory of 2972	2460	Unicorn-25619.exe	38
PID 2460 wrote to memory of 2972	2460	Unicorn-25619.exe	38
PID 2460 wrote to memory of 2972	2460	Unicorn-25619.exe	38
PID 2460 wrote to memory of 2972	2460	Unicorn-25619.exe	38
PID 3012 wrote to memory of 1728	3012	Unicorn-51326.exe	39
PID 3012 wrote to memory of 1728	3012	Unicorn-51326.exe	39
PID 3012 wrote to memory of 1728	3012	Unicorn-51326.exe	39
PID 3012 wrote to memory of 1728	3012	Unicorn-51326.exe	39
PID 2144 wrote to memory of 2428	2144	Unicorn-61629.exe	40
PID 2144 wrote to memory of 2428	2144	Unicorn-61629.exe	40
PID 2144 wrote to memory of 2428	2144	Unicorn-61629.exe	40
PID 2144 wrote to memory of 2428	2144	Unicorn-61629.exe	40
PID 2972 wrote to memory of 2764	2972	Unicorn-1549.exe	41
PID 2972 wrote to memory of 2764	2972	Unicorn-1549.exe	41
PID 2972 wrote to memory of 2764	2972	Unicorn-1549.exe	41
PID 2972 wrote to memory of 2764	2972	Unicorn-1549.exe	41
PID 2796 wrote to memory of 1456	2796	Unicorn-47221.exe	42
PID 2796 wrote to memory of 1456	2796	Unicorn-47221.exe	42
PID 2796 wrote to memory of 1456	2796	Unicorn-47221.exe	42
PID 2796 wrote to memory of 1456	2796	Unicorn-47221.exe	42
PID 2460 wrote to memory of 1588	2460	Unicorn-25619.exe	43
PID 2460 wrote to memory of 1588	2460	Unicorn-25619.exe	43
PID 2460 wrote to memory of 1588	2460	Unicorn-25619.exe	43
PID 2460 wrote to memory of 1588	2460	Unicorn-25619.exe	43

C:\Users\Admin\AppData\Local\Temp\55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\55462a0935da6711ebcd1a0af0f6714d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
        10⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe
        11⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11708.exe
        12⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        13⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        14⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35831.exe
        15⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19023.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
        17⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        18⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
        19⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        20⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
        21⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
        15⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        16⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46985.exe
        17⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
        18⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30773.exe
        19⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43532.exe
        20⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
        14⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        15⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37304.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31708.exe
        17⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
        18⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45074.exe
        12⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        13⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        14⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61569.exe
        15⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61505.exe
        16⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42543.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35626.exe
        9⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        11⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        12⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        13⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        14⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        15⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6632.exe
        16⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        17⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        18⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15161.exe
        19⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        8⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        9⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1820.exe
        11⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49319.exe
        12⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        13⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
        15⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
        16⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        17⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        18⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
        19⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
        11⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        12⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        13⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        14⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        15⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19960.exe
        16⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
        17⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
        18⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15930.exe
        19⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28736.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4051.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62985.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4319.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19482.exe
        11⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        13⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        14⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
        16⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        17⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
        18⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        19⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18291.exe
        20⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        14⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
        15⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
        16⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10628.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40496.exe
        18⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40192.exe
        19⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        21⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58028.exe
        16⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        17⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
        18⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21119.exe
        19⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3286.exe
        8⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        9⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
        10⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
        11⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27673.exe
        12⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        13⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29576.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        15⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
        16⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
        17⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32598.exe
        18⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58964.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
        9⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38920.exe
        10⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
        11⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        12⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24391.exe
        14⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
        15⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40607.exe
        16⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9183.exe
        17⤵
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3630.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61565.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33351.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16966.exe
        8⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        9⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
        10⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        11⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
        12⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        13⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54658.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63525.exe
        15⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        16⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3571.exe
        17⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38816.exe
        18⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46502.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        20⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14064.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        11⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        12⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34541.exe
        13⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        14⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
        15⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        16⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
        17⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-881.exe
        16⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
        17⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
        18⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64029.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
        9⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3564.exe
        10⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50581.exe
        11⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
        12⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32531.exe
        13⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        14⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        15⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
        16⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        17⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
        18⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49126.exe
        19⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63755.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48590.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
        9⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        10⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        11⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
        12⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
        13⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50704.exe
        14⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48196.exe
        15⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31853.exe
        16⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
        17⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59776.exe
        18⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
        19⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51431.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21808.exe
        11⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        12⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29006.exe
        13⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
        14⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        15⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
        16⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
        17⤵
        
        PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23880.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37518.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        8⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
        9⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9279.exe
        10⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
        11⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        12⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        13⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        14⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53775.exe
        15⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
        16⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20555.exe
        17⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
        7⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22820.exe
        8⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-386.exe
        9⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
        10⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49449.exe
        11⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        12⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54274.exe
        13⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56981.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32997.exe
        15⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2642.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 188
        17⤵
        Program crash
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
        11⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7600.exe
        12⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        13⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
        14⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
        15⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe
        16⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51768.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
        8⤵
        
        PID:2784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        9⤵
        Program crash
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45969.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-272.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50146.exe
        9⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5370.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
        11⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32531.exe
        12⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12669.exe
        13⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        14⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
        15⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5638.exe
        16⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41699.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38350.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51398.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        8⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52331.exe
        9⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17249.exe
        10⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        11⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
        12⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
        13⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20911.exe
        14⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        15⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63938.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
        17⤵
        
        PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56360.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41688.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
        10⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        11⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
        12⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        13⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe
        14⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45949.exe
        15⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32180.exe
        16⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        17⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        18⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        19⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60712.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
        9⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
        10⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        11⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53191.exe
        12⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
        13⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11024.exe
        14⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        15⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        16⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40659.exe
        17⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        18⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        10⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
        11⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        12⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
        13⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
        14⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        15⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56719.exe
        16⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        17⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10003.exe
        18⤵
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        8⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        10⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        11⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40050.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
        13⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5207.exe
        14⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        15⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
        16⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
        17⤵
        
        PID:1532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        9⤵
        Program crash
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-578.exe
        8⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        9⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        10⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18983.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11316.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7443.exe
        13⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10768.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
        15⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
        16⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11824.exe
        17⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4243.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        8⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46378.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        10⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62340.exe
        11⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1835.exe
        12⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
        13⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
        14⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
        15⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        16⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        17⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        18⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36219.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35370.exe
        9⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21774.exe
        10⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        11⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9437.exe
        12⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        13⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14696.exe
        14⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10104.exe
        15⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32065.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
        17⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
        18⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        10⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        11⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51299.exe
        12⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
        13⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36296.exe
        14⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
        15⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35022.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16966.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        8⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
        9⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        10⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48083.exe
        12⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        13⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
        14⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
        15⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
        16⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46469.exe
        17⤵
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe
        6⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18233.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27835.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
        9⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23814.exe
        10⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        11⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        12⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45674.exe
        13⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41606.exe
        14⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56539.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        16⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12677.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        18⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54247.exe
        7⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5237.exe
        8⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
        9⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        10⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7569.exe
        11⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15014.exe
        12⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        13⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        14⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51651.exe
        15⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53419.exe
        16⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18270.exe
        17⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17945.exe
        14⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        15⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        16⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47583.exe
        6⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29829.exe
        8⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
        9⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        10⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
        11⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17563.exe
        12⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22011.exe
        13⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26825.exe
        14⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        15⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
        16⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44845.exe
        17⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1252.exe
        6⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40520.exe
        9⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15328.exe
        10⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        11⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        12⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
        13⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51580.exe
        14⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2642.exe
        15⤵
        
        PID:540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 188
        16⤵
        Program crash
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47160.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21012.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19355.exe
        11⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
        12⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
        13⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53872.exe
        14⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
        15⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13796.exe
        16⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
        7⤵
        
        PID:536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51634.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51634.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59837.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51768.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        9⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        10⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
        11⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        12⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54286.exe
        13⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        14⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61537.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
        9⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18579.exe
        10⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
        11⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        12⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
        13⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5123.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18243.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46077.exe
        16⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        17⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25947.exe
        18⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
        8⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
        9⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3197.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26372.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        12⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29241.exe
        13⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        14⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36212.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24959.exe
        16⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
        17⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58856.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48104.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2650.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22883.exe
        9⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15011.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        11⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
        12⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40370.exe
        13⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11953.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42585.exe
        15⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44825.exe
        16⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        17⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15878.exe
        18⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60826.exe
        7⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe
        8⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17474.exe
        9⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32869.exe
        10⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        13⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        14⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
        15⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        16⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
        17⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        18⤵
        
        PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7491.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
        7⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29125.exe
        8⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61349.exe
        9⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29093.exe
        10⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41364.exe
        11⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        12⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8649.exe
        13⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
        14⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
        15⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7658.exe
        16⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
        17⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51295.exe
        18⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        6⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14848.exe
        7⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        8⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20889.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
        10⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        11⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        12⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60237.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31912.exe
        14⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24391.exe
        15⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12720.exe
        16⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
        17⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        18⤵
        
        PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62525.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51934.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16491.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15866.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        9⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50146.exe
        10⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        11⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
        12⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
        13⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25654.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23582.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
        16⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        7⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6099.exe
        8⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
        10⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        11⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
        12⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        13⤵
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe
        7⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
        8⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23871.exe
        10⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36931.exe
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60154.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
        13⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5278.exe
        14⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37747.exe
        15⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8479.exe
        16⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        17⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65125.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16299.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15040.exe
        7⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46357.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11708.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41224.exe
        10⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        11⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
        11⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
        12⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
        13⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19523.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19171.exe
        15⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63969.exe
        16⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        17⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20183.exe
        14⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
        15⤵
        
        PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50598.exe
        6⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
        9⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
        10⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34053.exe
        11⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14004.exe
        12⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
        13⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26069.exe
        14⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
        15⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31937.exe
        16⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5993.exe
        17⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe
        18⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64618.exe
        14⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65081.exe
        15⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 244
        16⤵
        Program crash
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        6⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        7⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
        8⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2206.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34706.exe
        10⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        11⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
        12⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23126.exe
        13⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        14⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14832.exe
        15⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9387.exe
        16⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34435.exe
        17⤵
        
        PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
        6⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        9⤵
        
        PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe

Filesize
184KB

MD5
5466c4a410352dddc84b71a2646cf21e

SHA1
7d3d0f166355927150edd8c270de1e807cf5ce66

SHA256
b7559b0799425e6a7d60797ae409aa0ac6977efa7305a3b451f688d5eb58bdf0

SHA512
14695dca814121f810ea98d9ba5b143a2ae4540e99d3a3e2ebb6844e4fd7a07ace7b617763b3ae4a7235d9d996068cacde50cf1bba6c7ee0fcb75d240959453a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe

Filesize
184KB

MD5
78aeb00cfcc5d0265803d9bd3eecaa42

SHA1
40bcf55b8beea2aeb491f2693c8e5d2071627645

SHA256
30eea4d2979c3a6a28116cf7b9f3641b3033c510bfd6aad6b55c330d1e2647f3

SHA512
95f98453dde21b23360f0a054d22e6856acb57552c2f2ec2f999ceea4f26acf83976de8993b0d97f7639bf1974a672e0e6482ab5934fc40c6f9324509c861155

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40496.exe

Filesize
184KB

MD5
f52183c48b68b10052ceee64a71fc36a

SHA1
bfae1a92024258ce26468fe0b6428c489b12d0f2

SHA256
df05a945ad335cbc1d1591d8167f548134718705182d6aee59679990b5ce932b

SHA512
d7f53b7662202d55e64f83cc10f9addf0d32ab905a3803ccd0b9d1f7406e0ae47521f796208fc5b5e34c741e914936e46a51e42f794ecd88953c8bcff8fcda39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe

Filesize
184KB

MD5
6bf6a09aaa5908f2a5081f87a85a7690

SHA1
68389e5902dba374c495fa6346fece8d892b50db

SHA256
500ffd0c6742bff209f56bd582cf9929097c17996f3129c88c6423d910849e5b

SHA512
4285b0a2009773e265eeec25f4c4736f700872e0c0aecae2926be6cc2c74ead07ee021391ac843c6a8b216f7cc7f03f9b651bd385b5b2d9020f1a73ee7fa2fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe

Filesize
184KB

MD5
06d958baf44cd72b8698d9fcbed6d1a2

SHA1
d2cc26e18dfadd1724852649c799e98e1a8c3617

SHA256
7a35522d837bd655026e40422c209afd1bf6abbca4038b9ac0c2bc5fbeb88950

SHA512
9ccb3940013adb85ac556cc79d2c248e86a66314c9c69b548d1cc2bc3b37c7ed28423a5b94e4282241e0534aaeca1a64f64525aa375e4a1455e9872428170945

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe

Filesize
184KB

MD5
b79395b60bf40e853f10dd930fa5d607

SHA1
44886218c0ea3634aa8d7a16a24773938a5d2683

SHA256
c1309fea167f9637e1afa847a9023513166941e13bde276bbf1caf17b455f892

SHA512
12488388b54e23799401703889f8bd542507a6725614c323bcc3a26acc6ea957be4e9c0c0e6ac6dd59b5032f0dce49231034e5ac25afe589aea87e932d88af24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6047.exe

Filesize
184KB

MD5
21a3b82d69c3717464f9bfade0d0550c

SHA1
cd8f28c30da0f90c55c61567f620e073ccc9bd26

SHA256
1ceda9908b4858aaebd9a950f514755f35224558056b36ef78b8cfd58f073b76

SHA512
53401bdeb02d7c3d43a26b08626b250e2e9549e24155a58a0d7fef2bd8338893891d4e227d5a20a9839b054ccc4d040325d60e5d02a40d7f60a2cfbb146927d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6099.exe

Filesize
184KB

MD5
e3f8c7e5202fb762055b039addc01c1c

SHA1
54a25274a2930190aed1b56dc53e29a79f972468

SHA256
474f5da5211088fba573fae402770b9b52ef22a0da1597828b34e0434945add0

SHA512
6d9b376aab44dcb4a208b9e8e73b3bdbc464879726b1c2fd2570863dc2ed810089b0b33951d07834630ea5e5a5655ba43a54ba1aedb5d688bb9f6d85fe066724

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe

Filesize
184KB

MD5
35c72fbce48d462e0e76d6287c1eb98f

SHA1
cbeaabdeb52adb5854ca3b97d06ef4a62cbb7192

SHA256
172a7c1ff66dab853e1693a26f8b6e6cf0c5fa0425afc027e67abe34e6228e58

SHA512
5947a9564570f04802d3dbf08c0741c7f4c73044b014411602e2dc862135d82ea6acd910c59085d23a2b8250192a45b4d6ae73353270e1de640079217cac8050

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe

Filesize
184KB

MD5
f7a04db7fa51c0cedefa05bdb92310bc

SHA1
4193e28e4388ccd37b5f8c94c87430328cfedd8a

SHA256
2809083174c87164be36c8a614cab6fabeb2ad811262d6cc6cd049ebabb6923b

SHA512
a0050686bd09471dbd6243129c703af7cb01e1ac97449f3c102347fec9538393edcce65805b81baed5b241c5840ac81a43191cd16d5af480d86526afa01943f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe

Filesize
184KB

MD5
fd6330f9240fba7f645c4f4b1217c1c0

SHA1
6acf19bbfcda0bab6ed8df8ede20434fabda40a1

SHA256
7bd95877c6b6f05b4b9f7505e6d13463dce7b9006ea169cae097b565112c8300

SHA512
2d618d2b647e3661ca606f83ea6dce4ba920bd54a7fdbce2f1dca0bd5431818fc92f73a561e25a9b186bcf25d95271d8b7957f76db457661d0c782dd3f828b13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe

Filesize
184KB

MD5
0dbf59c2529861db80bc2cf0c25cd306

SHA1
a5ca9458b7db1f654c136b8bcffa89034427b096

SHA256
b6ac0e243d7b3992fc1bd73212c8385f569d54982cc2cacaab7eab0e7be42ad8

SHA512
bde5fa591d513d486e73f537d6976adbf64c2eb0cb47c2e74d63ba7c55ad2cac452ff0fbe2c6c2daf8547bedf3ef396137cb989a574ce025ffbe91d228b1a70f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23880.exe

Filesize
184KB

MD5
a344bc472a31f7f12c210be782df4867

SHA1
0f1a1d54d402742dea809b5e3e83784967d82e04

SHA256
49b9fb4153b4cf35bb73e489a97c062e9c2f6a0d69a4a3eb8e7e3bff6337f30a

SHA512
feb6127fe36c694d10578bf994d87683b4a5753f0f8f645bf3ad91b45e81154fb57354b64793604373e49c0ded48e445ac2fa74e91fd0f5730fcc4979fc8bae0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe

Filesize
184KB

MD5
f60ef28c8ef1745e76a9612e70011ff1

SHA1
1f592193fafcb44f0fb8958993be1fbd9ecc9556

SHA256
1b64a5c228aaf30dab993fef2b014156dcd23f94bbe07525089049932722b013

SHA512
0c9cca04217ecc43437e6a0197e2e48f5637bdcbff7498bfc511794325cf8ba6c52af9980c899bd39625341f17f7994d84e9dea0fe394af11c461b1f5a6444cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe

Filesize
184KB

MD5
1034b98230a0a8e3dcf096a9ee76f8bc

SHA1
9676fe935e6f90df1e6208328459cfdd7b0157fb

SHA256
be7c82182a04c5207c2fe98b19f46d5a92ab8bb82f18cb4e2c94181af9da177e

SHA512
512423d95ea6e84984473a3d92f1377a9f27a702ecae226c0699ae60123c3b08b3f41e3c1e535da6f608adb6ead357ff4b536fef5ba8eb49bc58dc74aeae6666

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4014.exe

Filesize
184KB

MD5
531771e807456c39d7737911a0d4b647

SHA1
00e4509aec4048a765dc9387abc6cb3312cf6bbe

SHA256
d520520ae7f65139d04de15cbce5a0e75458668d8ecb8480df8c46ce3b3a7a92

SHA512
66c9de805c47176b27536bea566a560e49dd15d23ef5019c66b39a8ed41120f38bf579be2a8ff1634c3bfe32bd7ff761a6b2af4d520b319e01e8f089a601ab7c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe

Filesize
184KB

MD5
d9b6fdfe24de1bae3fa26f2fa990bf46

SHA1
2f7b948e390be1831a9a0b778c93fc229bd0b8e6

SHA256
14b17c4855649eb5f9ce7239072874e956b5b850217b4606734b42f13c6c9ec1

SHA512
727a3024d5d66e708509564802493ad30af11bdac711bb035f4f60e40c66f17b042b19db35edfeff4a3441d6f27666317253da0b0ca45ee8d801f55f0fc903bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51634.exe

Filesize
184KB

MD5
0f7bcfc38232055dea45931bac9d09a6

SHA1
4ce66b3a01d427364fc34d112c5b50360f6b267e

SHA256
c688a6e4e7787a1b091c7bca34658bcb6524ddc7140c2bf7cd5ae3070827e79b

SHA512
a801daf6128878ab8aae063aa377019bc37c0c6bd537fad1803b8f7613ef47040c15092aa1e5106f76a55ab339ff58f2d1aa5778cbf467501388d0aa896c2a51

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe

Filesize
184KB

MD5
b2b734f50d5a5d06dfb54deb9057172d

SHA1
5c0755142f206e76823d03fca89d1e6dde125625

SHA256
6bc6903327fccacae7cc7a67935d6c70a212df1be8976ebc7a15d28e6aab7f24

SHA512
23454a234a9803cb64635e513958df2ea35c0e6e0c94d64a47ef4e6bfd261339e1e0c45ef60db4ca6e95174625ff4a84b6dddbb2d90351b8f1ea87b14b5c07ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe

Filesize
184KB

MD5
d666611c15973c8621d03976cfff3cb5

SHA1
7a6e5b29d04dbe39c208bbe822554a96954af715

SHA256
721d6bcdabf72cfd5c94a90fba654692bb31a5008ff9072b9b7dbb407b2395bb

SHA512
122b20e5b719ab99e9d805fd1806b5b2da7468b4ad8c010a908ce0c4d2d6a4226574c67e66440b6a22b954dc8b0e2a501f4fcf741874c2c87a2bb0996968d114

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56360.exe

Filesize
184KB

MD5
bc35f4de9a5ca68b51e67f0c07125fbe

SHA1
b00990447662944a58bbe262138f1a17ecf442b2

SHA256
3b7054497436d4b1d3ac1cd0e95d87c9d5cc544d6509f40cc62bb95b62d270a8

SHA512
0a1b374247ed72c48c11ae451747634664d1b6c8beb7724b71f9926fb07365d142c455a909b94b104b8c771c063b7ca628530d8b85061a230acef0c6d55e1536

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5962.exe

Filesize
184KB

MD5
3aae9f5727653228c830747048a91c09

SHA1
8f6b31846b93fed0803a7593516268b41993d442

SHA256
5f46b6fba604e1b9eb2cb506e62401eedd77a55abeba371e6e254399f314e892

SHA512
fc193bee9151a360622937e850c8308ceab563e1c78f4c0004c7c8aab9b6788f2723698503924e73f9970a0467929a9a80a3059baf9f9c3f8ca082bb8a089de4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe

Filesize
184KB

MD5
83db54d6b4d1e6bf4b4f207a1a1252a6

SHA1
14cf9478f15f28d653b7ecc76b0dbf0c6ec47467

SHA256
592abc610a2841c5c2c4b7c9d26ef9507b1c8b68e2c9106830b5cdd2fe416187

SHA512
7eda04b32848dfafe0ae1ea1118a9c734c0c497482313e8832d6fd3d1ed7130b284719469973795530e4cef390201ac708c8f4f9e105846a3b5a7c09dda7a0dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6967.exe

Filesize
184KB

MD5
eb56cadaaa925621bd01376ec8dfc097

SHA1
5b04284bffd9a07c19c0e53a068d0b4853e10f4c

SHA256
7088c4fd24329fafb14d5a347b659deeb6b9f3906dd4145a5919da60a25d0009

SHA512
a909bb1b59bfcef9d0f061502926e7f3f56430255c2ada9d5d9cbc102c71d044f619dd8b28dcc27f8aaa8118c7ae0c97ab7ce6f21936c7bec6630a1ae83644fb

Download Submit