19ed6bba2189a7d6dc70c2dc223bdf5c748fda5b2f3a7a6c1ef686cc5f3f2aa6

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c53ee7101f46528e3adda23490503720N.exe
Size

468KB
MD5

c53ee7101f46528e3adda23490503720
SHA1

d5ae561fd223ce2bb59f22b45a74508d519690f3
SHA256

19ed6bba2189a7d6dc70c2dc223bdf5c748fda5b2f3a7a6c1ef686cc5f3f2aa6
SHA512

894beb998c4738f19e3a08b9d646572571ffea53d7bf70de44df70aaab8fc4c791570cbfdba00895b5acb8b31c5d4dfbfc39d697520bc868dc8df34a7030a5f4
SSDEEP

3072:WAoCogudjx8U2bYwPz538f5EChjWIpzEmHevVpUVAM3XHM0DQlC:WANoFyU2HP138fs06cVACXM0D

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2416	Unicorn-48272.exe
2376	Unicorn-55117.exe
2820	Unicorn-39335.exe
3012	Unicorn-58473.exe
812	Unicorn-3150.exe
2288	Unicorn-60519.exe
2636	Unicorn-4089.exe
2572	Unicorn-18932.exe
1812	Unicorn-5838.exe
2940	Unicorn-6103.exe
2012	Unicorn-32698.exe
2696	Unicorn-32144.exe
1988	Unicorn-30590.exe
2036	Unicorn-16855.exe
2684	Unicorn-16301.exe
2192	Unicorn-11889.exe
1712	Unicorn-27847.exe
1692	Unicorn-30316.exe
1788	Unicorn-30831.exe
336	Unicorn-50182.exe
1796	Unicorn-34339.exe
632	Unicorn-28208.exe
2348	Unicorn-9642.exe
1776	Unicorn-3565.exe
892	Unicorn-3565.exe
1720	Unicorn-3512.exe
1504	Unicorn-5558.exe
1476	Unicorn-3565.exe
1148	Unicorn-23166.exe
2132	Unicorn-23431.exe
1600	Unicorn-23431.exe
2700	Unicorn-18963.exe
2620	Unicorn-36777.exe
2608	Unicorn-45844.exe
2596	Unicorn-61603.exe
1924	Unicorn-25.exe
1740	Unicorn-54972.exe
1124	Unicorn-36581.exe
944	Unicorn-41027.exe
1084	Unicorn-39579.exe
2020	Unicorn-21589.exe
1140	Unicorn-21589.exe
2556	Unicorn-22466.exe
2948	Unicorn-2600.exe
1696	Unicorn-42886.exe
1172	Unicorn-3005.exe
3056	Unicorn-34915.exe
1608	Unicorn-64821.exe
1068	Unicorn-3389.exe
1704	Unicorn-49061.exe
1544	Unicorn-24556.exe
2260	Unicorn-44157.exe
884	Unicorn-41262.exe
2500	Unicorn-13934.exe
2964	Unicorn-40093.exe
2336	Unicorn-40093.exe
912	Unicorn-22414.exe
2740	Unicorn-14278.exe
2804	Unicorn-18787.exe
2788	Unicorn-19341.exe
2632	Unicorn-54967.exe
1348	Unicorn-11941.exe
2544	Unicorn-11941.exe
1208	Unicorn-31213.exe

Loads dropped DLL 64 IoCs

pid	Process
1960	c53ee7101f46528e3adda23490503720N.exe
1960	c53ee7101f46528e3adda23490503720N.exe
2416	Unicorn-48272.exe
2416	Unicorn-48272.exe
1960	c53ee7101f46528e3adda23490503720N.exe
1960	c53ee7101f46528e3adda23490503720N.exe
2820	Unicorn-39335.exe
2820	Unicorn-39335.exe
1960	c53ee7101f46528e3adda23490503720N.exe
1960	c53ee7101f46528e3adda23490503720N.exe
2376	Unicorn-55117.exe
2376	Unicorn-55117.exe
2416	Unicorn-48272.exe
2416	Unicorn-48272.exe
3012	Unicorn-58473.exe
3012	Unicorn-58473.exe
1960	c53ee7101f46528e3adda23490503720N.exe
812	Unicorn-3150.exe
1960	c53ee7101f46528e3adda23490503720N.exe
812	Unicorn-3150.exe
2820	Unicorn-39335.exe
2820	Unicorn-39335.exe
2288	Unicorn-60519.exe
2288	Unicorn-60519.exe
2416	Unicorn-48272.exe
2416	Unicorn-48272.exe
2376	Unicorn-55117.exe
2636	Unicorn-4089.exe
2636	Unicorn-4089.exe
2376	Unicorn-55117.exe
1812	Unicorn-5838.exe
1812	Unicorn-5838.exe
1960	c53ee7101f46528e3adda23490503720N.exe
1960	c53ee7101f46528e3adda23490503720N.exe
2572	Unicorn-18932.exe
2572	Unicorn-18932.exe
3012	Unicorn-58473.exe
2012	Unicorn-32698.exe
3012	Unicorn-58473.exe
2012	Unicorn-32698.exe
2036	Unicorn-16855.exe
2820	Unicorn-39335.exe
2036	Unicorn-16855.exe
2820	Unicorn-39335.exe
2376	Unicorn-55117.exe
2940	Unicorn-6103.exe
2684	Unicorn-16301.exe
2940	Unicorn-6103.exe
2376	Unicorn-55117.exe
2684	Unicorn-16301.exe
2636	Unicorn-4089.exe
2288	Unicorn-60519.exe
812	Unicorn-3150.exe
812	Unicorn-3150.exe
2288	Unicorn-60519.exe
2416	Unicorn-48272.exe
2416	Unicorn-48272.exe
2696	Unicorn-32144.exe
1988	Unicorn-30590.exe
2696	Unicorn-32144.exe
1988	Unicorn-30590.exe
2192	Unicorn-11889.exe
2192	Unicorn-11889.exe
1812	Unicorn-5838.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3540	4024	WerFault.exe	288

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28246.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60314.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34339.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13178.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14921.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19386.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60519.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1976.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42886.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17478.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46663.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60572.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22414.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31213.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30162.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36777.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62571.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33009.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48516.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23481.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2600.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32962.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19386.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1960	c53ee7101f46528e3adda23490503720N.exe
2416	Unicorn-48272.exe
2376	Unicorn-55117.exe
2820	Unicorn-39335.exe
3012	Unicorn-58473.exe
812	Unicorn-3150.exe
2636	Unicorn-4089.exe
2288	Unicorn-60519.exe
2572	Unicorn-18932.exe
1812	Unicorn-5838.exe
2940	Unicorn-6103.exe
2012	Unicorn-32698.exe
2036	Unicorn-16855.exe
2684	Unicorn-16301.exe
1988	Unicorn-30590.exe
2696	Unicorn-32144.exe
2192	Unicorn-11889.exe
1712	Unicorn-27847.exe
1692	Unicorn-30316.exe
1796	Unicorn-34339.exe
336	Unicorn-50182.exe
632	Unicorn-28208.exe
2348	Unicorn-9642.exe
1504	Unicorn-5558.exe
1720	Unicorn-3512.exe
1148	Unicorn-23166.exe
1476	Unicorn-3565.exe
2132	Unicorn-23431.exe
1788	Unicorn-30831.exe
892	Unicorn-3565.exe
1600	Unicorn-23431.exe
2700	Unicorn-18963.exe
2620	Unicorn-36777.exe
2608	Unicorn-45844.exe
2596	Unicorn-61603.exe
1924	Unicorn-25.exe
1124	Unicorn-36581.exe
1740	Unicorn-54972.exe
944	Unicorn-41027.exe
1084	Unicorn-39579.exe
1140	Unicorn-21589.exe
2020	Unicorn-21589.exe
2556	Unicorn-22466.exe
2948	Unicorn-2600.exe
1696	Unicorn-42886.exe
1172	Unicorn-3005.exe
3056	Unicorn-34915.exe
1608	Unicorn-64821.exe
1068	Unicorn-3389.exe
1704	Unicorn-49061.exe
1544	Unicorn-24556.exe
2260	Unicorn-44157.exe
2500	Unicorn-13934.exe
884	Unicorn-41262.exe
2336	Unicorn-40093.exe
2740	Unicorn-14278.exe
2964	Unicorn-40093.exe
912	Unicorn-22414.exe
2804	Unicorn-18787.exe
2788	Unicorn-19341.exe
2544	Unicorn-11941.exe
2936	Unicorn-17478.exe
2032	Unicorn-23045.exe
2632	Unicorn-54967.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2416	1960	c53ee7101f46528e3adda23490503720N.exe	31
PID 1960 wrote to memory of 2416	1960	c53ee7101f46528e3adda23490503720N.exe	31
PID 1960 wrote to memory of 2416	1960	c53ee7101f46528e3adda23490503720N.exe	31
PID 1960 wrote to memory of 2416	1960	c53ee7101f46528e3adda23490503720N.exe	31
PID 2416 wrote to memory of 2376	2416	Unicorn-48272.exe	32
PID 2416 wrote to memory of 2376	2416	Unicorn-48272.exe	32
PID 2416 wrote to memory of 2376	2416	Unicorn-48272.exe	32
PID 2416 wrote to memory of 2376	2416	Unicorn-48272.exe	32
PID 1960 wrote to memory of 2820	1960	c53ee7101f46528e3adda23490503720N.exe	33
PID 1960 wrote to memory of 2820	1960	c53ee7101f46528e3adda23490503720N.exe	33
PID 1960 wrote to memory of 2820	1960	c53ee7101f46528e3adda23490503720N.exe	33
PID 1960 wrote to memory of 2820	1960	c53ee7101f46528e3adda23490503720N.exe	33
PID 2820 wrote to memory of 812	2820	Unicorn-39335.exe	34
PID 2820 wrote to memory of 812	2820	Unicorn-39335.exe	34
PID 2820 wrote to memory of 812	2820	Unicorn-39335.exe	34
PID 2820 wrote to memory of 812	2820	Unicorn-39335.exe	34
PID 1960 wrote to memory of 3012	1960	c53ee7101f46528e3adda23490503720N.exe	35
PID 1960 wrote to memory of 3012	1960	c53ee7101f46528e3adda23490503720N.exe	35
PID 1960 wrote to memory of 3012	1960	c53ee7101f46528e3adda23490503720N.exe	35
PID 1960 wrote to memory of 3012	1960	c53ee7101f46528e3adda23490503720N.exe	35
PID 2376 wrote to memory of 2288	2376	Unicorn-55117.exe	36
PID 2376 wrote to memory of 2288	2376	Unicorn-55117.exe	36
PID 2376 wrote to memory of 2288	2376	Unicorn-55117.exe	36
PID 2376 wrote to memory of 2288	2376	Unicorn-55117.exe	36
PID 2416 wrote to memory of 2636	2416	Unicorn-48272.exe	37
PID 2416 wrote to memory of 2636	2416	Unicorn-48272.exe	37
PID 2416 wrote to memory of 2636	2416	Unicorn-48272.exe	37
PID 2416 wrote to memory of 2636	2416	Unicorn-48272.exe	37
PID 3012 wrote to memory of 2572	3012	Unicorn-58473.exe	38
PID 3012 wrote to memory of 2572	3012	Unicorn-58473.exe	38
PID 3012 wrote to memory of 2572	3012	Unicorn-58473.exe	38
PID 3012 wrote to memory of 2572	3012	Unicorn-58473.exe	38
PID 1960 wrote to memory of 1812	1960	c53ee7101f46528e3adda23490503720N.exe	39
PID 1960 wrote to memory of 1812	1960	c53ee7101f46528e3adda23490503720N.exe	39
PID 1960 wrote to memory of 1812	1960	c53ee7101f46528e3adda23490503720N.exe	39
PID 1960 wrote to memory of 1812	1960	c53ee7101f46528e3adda23490503720N.exe	39
PID 812 wrote to memory of 2940	812	Unicorn-3150.exe	40
PID 812 wrote to memory of 2940	812	Unicorn-3150.exe	40
PID 812 wrote to memory of 2940	812	Unicorn-3150.exe	40
PID 812 wrote to memory of 2940	812	Unicorn-3150.exe	40
PID 2820 wrote to memory of 2012	2820	Unicorn-39335.exe	41
PID 2820 wrote to memory of 2012	2820	Unicorn-39335.exe	41
PID 2820 wrote to memory of 2012	2820	Unicorn-39335.exe	41
PID 2820 wrote to memory of 2012	2820	Unicorn-39335.exe	41
PID 2288 wrote to memory of 2696	2288	Unicorn-60519.exe	42
PID 2288 wrote to memory of 2696	2288	Unicorn-60519.exe	42
PID 2288 wrote to memory of 2696	2288	Unicorn-60519.exe	42
PID 2288 wrote to memory of 2696	2288	Unicorn-60519.exe	42
PID 2416 wrote to memory of 1988	2416	Unicorn-48272.exe	43
PID 2416 wrote to memory of 1988	2416	Unicorn-48272.exe	43
PID 2416 wrote to memory of 1988	2416	Unicorn-48272.exe	43
PID 2416 wrote to memory of 1988	2416	Unicorn-48272.exe	43
PID 2376 wrote to memory of 2036	2376	Unicorn-55117.exe	44
PID 2376 wrote to memory of 2036	2376	Unicorn-55117.exe	44
PID 2376 wrote to memory of 2036	2376	Unicorn-55117.exe	44
PID 2376 wrote to memory of 2036	2376	Unicorn-55117.exe	44
PID 2636 wrote to memory of 2684	2636	Unicorn-4089.exe	45
PID 2636 wrote to memory of 2684	2636	Unicorn-4089.exe	45
PID 2636 wrote to memory of 2684	2636	Unicorn-4089.exe	45
PID 2636 wrote to memory of 2684	2636	Unicorn-4089.exe	45
PID 1812 wrote to memory of 2192	1812	Unicorn-5838.exe	46
PID 1812 wrote to memory of 2192	1812	Unicorn-5838.exe	46
PID 1812 wrote to memory of 2192	1812	Unicorn-5838.exe	46
PID 1812 wrote to memory of 2192	1812	Unicorn-5838.exe	46

C:\Users\Admin\AppData\Local\Temp\c53ee7101f46528e3adda23490503720N.exe
"C:\Users\Admin\AppData\Local\Temp\c53ee7101f46528e3adda23490503720N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48272.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48272.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60519.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23431.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        7⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23803.exe
        6⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50556.exe
        6⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
        7⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
        7⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1516.exe
        6⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53687.exe
        6⤵
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
        6⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        5⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
        6⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        6⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
        6⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18760.exe
        5⤵
        
        PID:308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16474.exe
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49046.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24827.exe
        5⤵
        
        PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16855.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34339.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46641.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
        7⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        7⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61322.exe
        7⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        6⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
        6⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        6⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
        6⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41027.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59430.exe
        6⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        6⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60810.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35485.exe
        5⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        6⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        6⤵
        
        PID:3572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
        6⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14100.exe
        5⤵
        
        PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41599.exe
        5⤵
        
        PID:4076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        5⤵
        
        PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe
        5⤵
        
        PID:832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        5⤵
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        5⤵
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44157.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40641.exe
        5⤵
        
        PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30805.exe
      4⤵
      PID:112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
      4⤵
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42450.exe
      4⤵
      PID:3140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3005.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
        7⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57804.exe
        8⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
        8⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33074.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
        7⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
        7⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        6⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32962.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7332.exe
        6⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
        6⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64821.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23746.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        6⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        6⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13393.exe
        5⤵
        
        PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18022.exe
        5⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
        5⤵
        
        PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
      4⤵
      Executes dropped EXE
      PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
        5⤵
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe
        5⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        5⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
      4⤵
      PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
      4⤵
      PID:624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
      4⤵
      PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31174.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23431.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3389.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
        6⤵
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        6⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42423.exe
        5⤵
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37051.exe
        5⤵
        
        PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33009.exe
        5⤵
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31980.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34456.exe
        5⤵
        
        PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49061.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        5⤵
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35810.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64894.exe
        5⤵
        
        PID:1304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30274.exe
      4⤵
      PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
      4⤵
      PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36452.exe
      4⤵
      PID:4184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23166.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
        5⤵
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49844.exe
        5⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30643.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52251.exe
        5⤵
        
        PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
      4⤵
      Executes dropped EXE
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26611.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
        5⤵
        
        PID:4668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65522.exe
      4⤵
      PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
      4⤵
      PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20091.exe
      4⤵
      PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34915.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34915.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16735.exe
      4⤵
      PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41835.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59595.exe
    3⤵
    PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
    3⤵
    PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28070.exe
    3⤵
    PID:4044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9642.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22466.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
        8⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        8⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44583.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31411.exe
        7⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        7⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21749.exe
        6⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        6⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        6⤵
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22074.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        6⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe
        6⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        5⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11312.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        5⤵
        
        PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3565.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
        5⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        5⤵
        
        PID:436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31213.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5164.exe
      4⤵
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26882.exe
      4⤵
      PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
      4⤵
      PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1034.exe
      4⤵
      PID:4464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32698.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        5⤵
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38940.exe
        5⤵
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        5⤵
        
        PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12490.exe
      4⤵
      PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
        5⤵
        
        PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18022.exe
      4⤵
      PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42312.exe
      4⤵
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19171.exe
      4⤵
      PID:4332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26244.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39232.exe
      4⤵
      PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20822.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
      4⤵
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35921.exe
      4⤵
      PID:4192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
    3⤵
    PID:2424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33540.exe
    3⤵
    PID:3648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27515.exe
    3⤵
    PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18932.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe
        6⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
        5⤵
        
        PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32734.exe
        5⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22707.exe
        5⤵
        
        PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44583.exe
        5⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        5⤵
        
        PID:604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58848.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        5⤵
        
        PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16024.exe
      4⤵
      PID:1956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
      4⤵
      PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12460.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47785.exe
      4⤵
      PID:960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54972.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43898.exe
        5⤵
        
        PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
      4⤵
      PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33289.exe
      4⤵
      PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
      4⤵
      PID:4136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39579.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13934.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64292.exe
      4⤵
      PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9816.exe
      4⤵
      PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe
      4⤵
      PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55569.exe
      4⤵
      PID:4612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
      4⤵
      PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
      4⤵
      PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33443.exe
      4⤵
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11914.exe
      4⤵
      PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
    3⤵
    PID:2520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60314.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
    3⤵
    PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42746.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42746.exe
    3⤵
    PID:3500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21589.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14365.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        6⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21749.exe
        5⤵
        
        PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        5⤵
        
        PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50032.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
        5⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
        5⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        5⤵
        
        PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
      4⤵
      PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13739.exe
      4⤵
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30598.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36777.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
      4⤵
      PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54609.exe
      4⤵
      PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
      4⤵
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48516.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
      4⤵
      PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23045.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
      4⤵
      PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
      4⤵
      PID:4816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
    3⤵
    PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50887.exe
    3⤵
    PID:512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
    3⤵
    PID:3496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45844.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18787.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57624.exe
        5⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        5⤵
        
        PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51871.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23015.exe
        5⤵
        
        PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14112.exe
      4⤵
      PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
      4⤵
      PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41651.exe
      4⤵
      PID:4776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
    3⤵
    PID:3852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
    3⤵
    PID:3824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
    3⤵
    PID:4824
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23995.exe
    3⤵
    PID:2356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
    3⤵
    PID:1052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
    3⤵
    PID:3380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
    3⤵
    PID:3264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
    3⤵
    PID:4024
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 188
      4⤵
      Program crash
      PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
    3⤵
    PID:4712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1368
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50513.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50513.exe
  2⤵
  PID:1480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10599.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10599.exe
  2⤵
  PID:4084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe
  2⤵
  PID:3804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16024.exe

Filesize
468KB

MD5
37b87d4f6656c3d64fcb1db9867ac71a

SHA1
96c798728453e1a4620f367309b8845c2afaddb0

SHA256
6369a42ebd47f93f6d9e627a3d555889f10c31d6d95f36a7fd7305fe19a834e8

SHA512
471d861da72a77b051fdbc7d1ddfeadce058983fd7b3e54dcca825dc55fff9daefb212a2a4e1c2712bb7917079ec81e24d0f5ae804bf6a6776103d97b39c9074

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe

Filesize
468KB

MD5
8b0c8a570104b4d063fd09571b1114f7

SHA1
973646584eb4af358ed16e97f9205314d9afd413

SHA256
0b45890946f85d8c5e91dfa3abeb528aad728a40436132a7efbf632fa0519f80

SHA512
9ae3a42a7f18c84b947e41188c958346c9b29d9156403520c2ab519835d996d1a74224d33a54fb3d8df1684730d5868643df69146297348e659d9572779c2164

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26244.exe

Filesize
468KB

MD5
a4e254bc1452bf63dc62e53c1b45994b

SHA1
f7aa8dd2d08246a8ac8b5cbda2001f424271fe8c

SHA256
94d8e9b8914c2712d69bbb791b62408f6599b7fa7eacba2442606b6a6664cd47

SHA512
a9fbf04498a2aeae469181e968d15357d4a9a7d3a25de2ff270ada85684fa3ddf5affbfbee64359b281331b6f7c779120e479a3de4f36f6f817adae52716c67d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30590.exe

Filesize
468KB

MD5
9d62b913793cef49e816c13320e75cc8

SHA1
44e04af63e2249669db6eab46c5ec8828500d63d

SHA256
5c8f289fa8601a3ddbc089e23105aea88b1adc0be818c9189db4044b9258283e

SHA512
38f61886320c99f827aa0671fecbc00ef1da704e21f662230983c21cc0ac3f6c0fa5e1419768d33f2968e3c514f7a059eb77b444bf9aee31325dc8b1084921fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5558.exe

Filesize
468KB

MD5
c0e19af57fd9a6b2eb49339e047c63d5

SHA1
ac76201ea768df363fca28c037ff5e79b8f71685

SHA256
96fb213d82231800d7d67afcfc2abcc7046d6eaad509fa84bd3b3f84f34a2f3a

SHA512
549de70489a99728e7f7c0d40ae5933c9bee77d1413057ba3a4bfccbd5928bcf0548cc656c9408bc0cdc9d27f861a134af0247a88c9d0fb5782c650c87e7a3ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60519.exe

Filesize
468KB

MD5
b2909289b24b08f1648a997172c4cc69

SHA1
90680d150bf00698da4589f338f55ff01182d1ec

SHA256
7e779e9c11bf4380df438d3f392d5ef18568cd6cb9f391e4874799f9ee677007

SHA512
e572169dafa7180cda112908cf61d871cf488e5b340e18d021e19c2472efbd2292533a5bd6ae524e916709e966216f93e23a9d1e8575c78e4f9783ba2ccdabf0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe

Filesize
468KB

MD5
93e621909729fb6ed29ac69b7f59db46

SHA1
02e267c676a617a04b511d6a981d5299adcc0cf9

SHA256
4f61969d861c986e59c783eae334eebdcb4379d885c9fc76153dddc2d5287c1b

SHA512
392407848be1edc49a4250f6ef8a22f59d615bb87542e2fbf7c136e63eed8808aca017dc57f9293e5dc665ff408c99fa96ec9ae8f972e6a95ea4441d62e81f98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe

Filesize
468KB

MD5
b8e38010c3b42dd5e46e1ee66844984a

SHA1
97d837c46a2a7aeb9635c2dc597c8e881ad5ce56

SHA256
63ccb55aba222b3ebbacf7abb6f39bbecab01ab2469f9a2c5fe86d82cdda64cf

SHA512
df009fe2384413d299c1751aa30ea005a43c8bdcf5dc270740bc184a35fdab679049cf4c9e32c5ce43a3ac38813c52a0e4b43f34bc939b15f661fd954c43f932

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16855.exe

Filesize
468KB

MD5
3d1d9f57d6305c1f27f7fa76a83750e1

SHA1
11771bbf97b43c120fec095d6946faead3c07b3f

SHA256
bb72f5913547a5455c94dc848acf4866056041e5f03b3a3f09b7ed966cb8218d

SHA512
bc89aef59a970bfbbdcbb42564a0e7f77220f807559b86034ac95dbd6a36788863d2cbf7a808283787f72cf33e42b1e2c6022347b00062b237a3a73874b4a3df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18932.exe

Filesize
468KB

MD5
9c871088b01655e51ba47ad57c9205c1

SHA1
953e09e85ed0bbc197022ee3b03425d7e0f327d7

SHA256
9423049bc56b4d533ca80543ad2c36d7cf09c97380030d767b7baa5ebb695fef

SHA512
c55b9a644aec155cf5356ea3d2aef322b0535f975debbadea27a9969db686e33b68a8556bc3a5ab4a120fee72f6aff7c3127983ae9ea6f505e8a0398332beae2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe

Filesize
468KB

MD5
4b3bb9a05f221bbf38c54e9f8d2ca9fb

SHA1
4f87a2393fa8eb092fd1146e82574184f1514d15

SHA256
f0008f4f4c0528a4dc94149a345eba5b0ef1eef3b85f36ddae94087d9b1c9975

SHA512
1f3ffed8b3af999f5d097786e2be9da2897351723756f789d2d4aae7682cd999ecf26aef143f386fce77ab89df2094ea54480bc16071262677ecf655e06da370

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30316.exe

Filesize
468KB

MD5
262ea0c2507a21142f277a2f1e897b04

SHA1
daa351865cf1669c3b3edea10ff5382b4963a30f

SHA256
700b023d7c507f7545bc8e23dc9c194f972abc56759908d964f198e17488f412

SHA512
1ac570beae9119b870aff8378a8148d1cd7ffe033c0de0ffb9cc3e006a9bc4fece1aa0c9dcd29022c76a499928565431d3b37c3d83b9e69f92fbb9cf313bb124

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30831.exe

Filesize
468KB

MD5
aa39005eacab2186f67202fa77e9a119

SHA1
bad09c9ccf27139163d83917cac7e74f547e37c7

SHA256
c4be50aef15d2da2e1f94141d927e1892ce7bf67c406d50ceabfa80e3f6389d4

SHA512
d1791f7714c1c18330b59903a77c6b32bcb568d324bff49cad233452ca1fce5af5b833c21219e881d3667fc07e7d0cbc0f807daa636b2096a9920b5ca18e5ed3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe

Filesize
468KB

MD5
884cb645068d174c60e89849cba1dbe4

SHA1
6e599cff5841ead1ef2e85f416f741b5d32c1516

SHA256
6adbef1e44ac14713171f9b90aac7152b189fed06384ff99b568742ad8833138

SHA512
01e52a8a576622b43f5e344c749d103afee1f57ce2d7c1c24230bd6f2cc2a143f209b12f25df91d8c055d931fb250738328266c4d4b8ab1677bf9799fd038e9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32144.exe

Filesize
468KB

MD5
53d00088152b1b766dc5d6f73df05273

SHA1
80c0dcf87cebc8abaf998c7d579d2eb346630d69

SHA256
806734ce82b5b511133b71913f82bf4e0869a0100203ac2f976a8da608359352

SHA512
2138ae881f8670d3de299d64873a1d346e9ea0a3b6d13cee0a27ba156bbdde232f14d317d989a823a50ac71c0147eef9d601fb12208362878f688339dd5b74ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32698.exe

Filesize
468KB

MD5
528fdf32a6c2cddf921b704e992ff640

SHA1
0a9c3f5a4b3e0b603ff815a2e19fa98888073073

SHA256
548a6d7c2d157ddacb457282ee948ba4f247da8c7dfdb04ca2bb0a1129f5605a

SHA512
2f62bcc1da995208268f7ef7d13503987c367f93c9bd788a8a04a38d277c5fdc7dc5f25cbbcea899228dad569f1013c59109ed224480c9346d3bd1624df2392f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe

Filesize
468KB

MD5
8838d1a3cf326e592f1999a0d0ba893f

SHA1
e7a1c463d8ad137704f2dbb9334ad733d193bd95

SHA256
bc7737282a97522fd114e29b8aa78e5303a7977ec88a08f6f97c06633e6fa081

SHA512
4b0c96b083dc71f4b8aaa7cf4d1ee5cc7792fc1849e1c5abcf44397a6dd9db37ba1ac5c41f7f19a119a58688e7dd3cf1a3f004337031dd245217a02324053c81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe

Filesize
468KB

MD5
1881f1b676ce8a448482bdeaeb1a4540

SHA1
df5a2c286e4176faf6fc01cec0a8ef31e9c7cdb7

SHA256
b90880da91985bc17ce8453a25fdbe90af40dc072c26c04f976155ca0bfccd10

SHA512
c8184e8327619d79d798f0df11b064039a107a55670505bb1f54d4f84415d9d22b3e11ae00b09303133e85162ab9dad640f1ef9f22cc9fa29b3f0e734a9f92dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48272.exe

Filesize
468KB

MD5
d7b99f9be606f171918f2357277312a3

SHA1
30aee014a607c880bf69b8a84ed8caff8b0b848c

SHA256
dc3c482043eebfdc3ee399b4bd0e4570eade1b6f6b5336a235e3efe1cf0f3cb0

SHA512
66f1d41a01ecf06ccfcd20b9cbcb18bba9bdef3c16a1dab5dbf19bcfe94a7ad65fb1da3d9e19b61770f01a8cff21c278b03bfe788ef5252b6672932644ed7a45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe

Filesize
468KB

MD5
dc407e29ce1b729597849e20e02a6d59

SHA1
8efbe557f550413d3acc405602ba99faffee47f2

SHA256
caa437efacb8b47942b2b514d31d917783c575d1a0909ad162c4ba2ebfe666c5

SHA512
b512c37a89725ee9358dd4add350b08d19cac3e050c8662f537cb7a0037bbc2c3432c837d08ac1931d5b724a3f11f75c7d82cee07dbab0581dcab1579f4ed2fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5838.exe

Filesize
468KB

MD5
6519357f09a139cf7479f497fccae137

SHA1
66e27f0d4988353b3a827804e994171e6f664b90

SHA256
006f136660352969da92e8f94ab425d9fceba95c21b1afbd3e078e33ccaeac2f

SHA512
96017795553d26a56cff2c2de1167a955f0a78bb92cebb714569e8c5edb979ab435362bcac4dfb089ee997d78f5ef63d9897d24237454d4981f3c758a7fe3ac3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe

Filesize
468KB

MD5
abbacb5135bb78e02b3a59286a95c187

SHA1
253a46b78047caa405a5a03c0c1e21a74fc47b33

SHA256
267b2a90c1ed70baa6b01fe751d40adfe5ca651f5b68bfc90ceb764382b71857

SHA512
ac9e9683afd4d21b69f99d77cf12606a5a65186e98029c7fe1438e82f675bbba5151e8847fc06e81ea63f3dcb977cb315f414892e4c9fa390811e9818bbe0b03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe

Filesize
468KB

MD5
c200d55e8d7c5df72f9c96ef8f271e15

SHA1
96c13acd5badf23d9a3515931378749ea6b41f62

SHA256
8522a83f0b02a94e03142542cdaaf3a78832690ab2862ba24e1e704d0b1c7100

SHA512
b5b8b87f851d941ba927f03bb95c69c8ce970ccbd4988cacd03d6385c46827598eb10cb95da059e5e47d192298bcfbb884b9c1741d62024711a10205754fa169

Download Submit
memory/336-245-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/632-263-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/812-66-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/812-289-0x00000000023D0000-0x0000000002445000-memory.dmp

Filesize
468KB

Download
memory/812-288-0x00000000023D0000-0x0000000002445000-memory.dmp

Filesize
468KB

Download
memory/1148-328-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1476-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1504-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1600-333-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1692-241-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1692-389-0x0000000002880000-0x00000000028F5000-memory.dmp

Filesize
468KB

Download
memory/1692-390-0x0000000002880000-0x00000000028F5000-memory.dmp

Filesize
468KB

Download
memory/1712-356-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1712-213-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1712-357-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1720-337-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1740-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1776-283-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1788-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1796-399-0x0000000001CA0000-0x0000000001D15000-memory.dmp

Filesize
468KB

Download
memory/1812-197-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/1812-345-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/1812-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1812-198-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/1924-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1960-368-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/1960-104-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/1960-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1960-211-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/1960-210-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/1960-358-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/1960-6-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/1960-344-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1960-365-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/1988-331-0x0000000002560000-0x00000000025D5000-memory.dmp

Filesize
468KB

Download
memory/1988-329-0x0000000002560000-0x00000000025D5000-memory.dmp

Filesize
468KB

Download
memory/1988-159-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-239-0x00000000020B0000-0x0000000002125000-memory.dmp

Filesize
468KB

Download
memory/2012-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2012-238-0x00000000020B0000-0x0000000002125000-memory.dmp

Filesize
468KB

Download
memory/2036-248-0x0000000002930000-0x00000000029A5000-memory.dmp

Filesize
468KB

Download
memory/2036-182-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2036-258-0x0000000002930000-0x00000000029A5000-memory.dmp

Filesize
468KB

Download
memory/2132-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2192-335-0x0000000000370000-0x00000000003E5000-memory.dmp

Filesize
468KB

Download
memory/2192-334-0x0000000000370000-0x00000000003E5000-memory.dmp

Filesize
468KB

Download
memory/2192-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2288-136-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2288-290-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2288-72-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2288-141-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2288-284-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2348-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2376-173-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2376-25-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2376-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2376-293-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2376-262-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2376-160-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2416-154-0x0000000002340000-0x00000000023B5000-memory.dmp

Filesize
468KB

Download
memory/2416-155-0x0000000002340000-0x00000000023B5000-memory.dmp

Filesize
468KB

Download
memory/2416-22-0x0000000002340000-0x00000000023B5000-memory.dmp

Filesize
468KB

Download
memory/2416-295-0x0000000002340000-0x00000000023B5000-memory.dmp

Filesize
468KB

Download
memory/2416-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2416-79-0x0000000002340000-0x00000000023B5000-memory.dmp

Filesize
468KB

Download
memory/2416-325-0x0000000002340000-0x00000000023B5000-memory.dmp

Filesize
468KB

Download
memory/2572-220-0x0000000002480000-0x00000000024F5000-memory.dmp

Filesize
468KB

Download
memory/2572-96-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2596-369-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2608-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2620-346-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-281-0x0000000000670000-0x00000000006E5000-memory.dmp

Filesize
468KB

Download
memory/2636-163-0x0000000000670000-0x00000000006E5000-memory.dmp

Filesize
468KB

Download
memory/2636-380-0x0000000000670000-0x00000000006E5000-memory.dmp

Filesize
468KB

Download
memory/2636-172-0x0000000000670000-0x00000000006E5000-memory.dmp

Filesize
468KB

Download
memory/2636-379-0x0000000000670000-0x00000000006E5000-memory.dmp

Filesize
468KB

Download
memory/2636-81-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2684-294-0x00000000020D0000-0x0000000002145000-memory.dmp

Filesize
468KB

Download
memory/2684-183-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2684-267-0x00000000020D0000-0x0000000002145000-memory.dmp

Filesize
468KB

Download
memory/2696-330-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2696-338-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/2696-143-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2700-336-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2820-131-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/2820-259-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/2820-52-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/2820-33-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2820-250-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/2940-117-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2940-265-0x0000000001DC0000-0x0000000001E35000-memory.dmp

Filesize
468KB

Download
memory/2940-278-0x0000000001DC0000-0x0000000001E35000-memory.dmp

Filesize
468KB

Download
memory/3012-94-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3012-60-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3012-237-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3012-240-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download