b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2f

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 00:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe
Size

468KB
MD5

f0974dd71e39f7f4039fa4dbda5579b0
SHA1

04d5f5d8aec41b352de9d54b2cd4eeb2235aeffd
SHA256

b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2f
SHA512

b538aa6ab86aae52e344a6532c9c01b1e660344d5bb10c4f8bf9c15f6e743b101040f05b83acd57fc4c11f73f40bd5db2f5bae2bc502a2e661fb137faf3326a7
SSDEEP

3072:HbAaogIdIq5UtbYCPzxjcf8/kCtlPip2hmHeLVmftei8JIxuHml0:HbBowuUttPVjcf8qmOteTWxuH

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2484	Unicorn-64988.exe
2820	Unicorn-13344.exe
2864	Unicorn-8964.exe
2668	Unicorn-48968.exe
1976	Unicorn-46124.exe
992	Unicorn-15938.exe
2072	Unicorn-39958.exe
2220	Unicorn-6107.exe
2128	Unicorn-27213.exe
2420	Unicorn-21244.exe
2580	Unicorn-47917.exe
2824	Unicorn-39626.exe
2076	Unicorn-19760.exe
1440	Unicorn-39361.exe
2788	Unicorn-7067.exe
1052	Unicorn-6977.exe
2036	Unicorn-7517.exe
864	Unicorn-9053.exe
2372	Unicorn-26236.exe
1728	Unicorn-53189.exe
1660	Unicorn-46335.exe
2100	Unicorn-19913.exe
2260	Unicorn-26044.exe
832	Unicorn-25971.exe
3064	Unicorn-20105.exe
3004	Unicorn-6370.exe
2908	Unicorn-6370.exe
1600	Unicorn-57427.exe
2840	Unicorn-57427.exe
2940	Unicorn-48751.exe
3056	Unicorn-1039.exe
2640	Unicorn-14774.exe
2192	Unicorn-14184.exe
2284	Unicorn-48263.exe
2456	Unicorn-2591.exe
2688	Unicorn-13037.exe
2660	Unicorn-47080.exe
2064	Unicorn-59265.exe
2024	Unicorn-10292.exe
2124	Unicorn-45560.exe
2972	Unicorn-53407.exe
1944	Unicorn-62337.exe
1724	Unicorn-56207.exe
1792	Unicorn-7656.exe
2988	Unicorn-7921.exe
2424	Unicorn-4802.exe
808	Unicorn-24668.exe
1100	Unicorn-831.exe
2008	Unicorn-25628.exe
1856	Unicorn-6961.exe
2232	Unicorn-49528.exe
2204	Unicorn-52611.exe
848	Unicorn-19549.exe
2304	Unicorn-56598.exe
1900	Unicorn-57174.exe
2892	Unicorn-65499.exe
2860	Unicorn-29344.exe
2884	Unicorn-23223.exe
484	Unicorn-16538.exe
320	Unicorn-54494.exe
540	Unicorn-8822.exe
2852	Unicorn-11370.exe
2188	Unicorn-5240.exe
1736	Unicorn-60654.exe

Loads dropped DLL 64 IoCs

pid	Process
2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe
2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe
2484	Unicorn-64988.exe
2484	Unicorn-64988.exe
2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe
2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe
2820	Unicorn-13344.exe
2820	Unicorn-13344.exe
2484	Unicorn-64988.exe
2484	Unicorn-64988.exe
2864	Unicorn-8964.exe
2864	Unicorn-8964.exe
2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe
2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe
2820	Unicorn-13344.exe
2668	Unicorn-48968.exe
2668	Unicorn-48968.exe
2820	Unicorn-13344.exe
1976	Unicorn-46124.exe
1976	Unicorn-46124.exe
2484	Unicorn-64988.exe
2484	Unicorn-64988.exe
992	Unicorn-15938.exe
2072	Unicorn-39958.exe
2864	Unicorn-8964.exe
2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe
2072	Unicorn-39958.exe
2864	Unicorn-8964.exe
992	Unicorn-15938.exe
2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe
2072	Unicorn-39958.exe
2072	Unicorn-39958.exe
1440	Unicorn-39361.exe
992	Unicorn-15938.exe
2580	Unicorn-47917.exe
2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe
2580	Unicorn-47917.exe
992	Unicorn-15938.exe
1440	Unicorn-39361.exe
2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe
2220	Unicorn-6107.exe
2220	Unicorn-6107.exe
2484	Unicorn-64988.exe
2484	Unicorn-64988.exe
2864	Unicorn-8964.exe
2820	Unicorn-13344.exe
2076	Unicorn-19760.exe
2864	Unicorn-8964.exe
2820	Unicorn-13344.exe
2076	Unicorn-19760.exe
1976	Unicorn-46124.exe
2668	Unicorn-48968.exe
1976	Unicorn-46124.exe
2668	Unicorn-48968.exe
2824	Unicorn-39626.exe
2788	Unicorn-7067.exe
2824	Unicorn-39626.exe
2788	Unicorn-7067.exe
1052	Unicorn-6977.exe
1052	Unicorn-6977.exe
2128	Unicorn-27213.exe
2128	Unicorn-27213.exe
2072	Unicorn-39958.exe
2072	Unicorn-39958.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4900	4252	WerFault.exe	361

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43769.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42382.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28022.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40658.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12563.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28464.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26189.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14117.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37356.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12563.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8467.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53263.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12563.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11370.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37826.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32767.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-84.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14129.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49904.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62589.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12166.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50461.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51390.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3480.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe
2484	Unicorn-64988.exe
2820	Unicorn-13344.exe
2864	Unicorn-8964.exe
2668	Unicorn-48968.exe
1976	Unicorn-46124.exe
992	Unicorn-15938.exe
2072	Unicorn-39958.exe
2580	Unicorn-47917.exe
2420	Unicorn-21244.exe
1440	Unicorn-39361.exe
2824	Unicorn-39626.exe
2788	Unicorn-7067.exe
2220	Unicorn-6107.exe
2128	Unicorn-27213.exe
2076	Unicorn-19760.exe
1052	Unicorn-6977.exe
2036	Unicorn-7517.exe
864	Unicorn-9053.exe
2372	Unicorn-26236.exe
832	Unicorn-25971.exe
1728	Unicorn-53189.exe
2908	Unicorn-6370.exe
1660	Unicorn-46335.exe
2100	Unicorn-19913.exe
3064	Unicorn-20105.exe
3004	Unicorn-6370.exe
2260	Unicorn-26044.exe
2840	Unicorn-57427.exe
1600	Unicorn-57427.exe
2940	Unicorn-48751.exe
3056	Unicorn-1039.exe
2640	Unicorn-14774.exe
2192	Unicorn-14184.exe
2456	Unicorn-2591.exe
2284	Unicorn-48263.exe
2688	Unicorn-13037.exe
2660	Unicorn-47080.exe
2972	Unicorn-53407.exe
1724	Unicorn-56207.exe
1944	Unicorn-62337.exe
2064	Unicorn-59265.exe
1792	Unicorn-7656.exe
2988	Unicorn-7921.exe
2424	Unicorn-4802.exe
2024	Unicorn-10292.exe
2124	Unicorn-45560.exe
808	Unicorn-24668.exe
1856	Unicorn-6961.exe
2008	Unicorn-25628.exe
1100	Unicorn-831.exe
2232	Unicorn-49528.exe
2204	Unicorn-52611.exe
848	Unicorn-19549.exe
1900	Unicorn-57174.exe
2304	Unicorn-56598.exe
2892	Unicorn-65499.exe
2860	Unicorn-29344.exe
2884	Unicorn-23223.exe
484	Unicorn-16538.exe
540	Unicorn-8822.exe
2852	Unicorn-11370.exe
1736	Unicorn-60654.exe
2188	Unicorn-5240.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2484	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	30
PID 2880 wrote to memory of 2484	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	30
PID 2880 wrote to memory of 2484	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	30
PID 2880 wrote to memory of 2484	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	30
PID 2484 wrote to memory of 2820	2484	Unicorn-64988.exe	31
PID 2484 wrote to memory of 2820	2484	Unicorn-64988.exe	31
PID 2484 wrote to memory of 2820	2484	Unicorn-64988.exe	31
PID 2484 wrote to memory of 2820	2484	Unicorn-64988.exe	31
PID 2880 wrote to memory of 2864	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	32
PID 2880 wrote to memory of 2864	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	32
PID 2880 wrote to memory of 2864	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	32
PID 2880 wrote to memory of 2864	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	32
PID 2820 wrote to memory of 2668	2820	Unicorn-13344.exe	33
PID 2820 wrote to memory of 2668	2820	Unicorn-13344.exe	33
PID 2820 wrote to memory of 2668	2820	Unicorn-13344.exe	33
PID 2820 wrote to memory of 2668	2820	Unicorn-13344.exe	33
PID 2484 wrote to memory of 1976	2484	Unicorn-64988.exe	34
PID 2484 wrote to memory of 1976	2484	Unicorn-64988.exe	34
PID 2484 wrote to memory of 1976	2484	Unicorn-64988.exe	34
PID 2484 wrote to memory of 1976	2484	Unicorn-64988.exe	34
PID 2864 wrote to memory of 992	2864	Unicorn-8964.exe	35
PID 2864 wrote to memory of 992	2864	Unicorn-8964.exe	35
PID 2864 wrote to memory of 992	2864	Unicorn-8964.exe	35
PID 2864 wrote to memory of 992	2864	Unicorn-8964.exe	35
PID 2880 wrote to memory of 2072	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	36
PID 2880 wrote to memory of 2072	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	36
PID 2880 wrote to memory of 2072	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	36
PID 2880 wrote to memory of 2072	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	36
PID 2668 wrote to memory of 2220	2668	Unicorn-48968.exe	37
PID 2668 wrote to memory of 2220	2668	Unicorn-48968.exe	37
PID 2668 wrote to memory of 2220	2668	Unicorn-48968.exe	37
PID 2668 wrote to memory of 2220	2668	Unicorn-48968.exe	37
PID 2820 wrote to memory of 2420	2820	Unicorn-13344.exe	38
PID 2820 wrote to memory of 2420	2820	Unicorn-13344.exe	38
PID 2820 wrote to memory of 2420	2820	Unicorn-13344.exe	38
PID 2820 wrote to memory of 2420	2820	Unicorn-13344.exe	38
PID 1976 wrote to memory of 2128	1976	Unicorn-46124.exe	39
PID 1976 wrote to memory of 2128	1976	Unicorn-46124.exe	39
PID 1976 wrote to memory of 2128	1976	Unicorn-46124.exe	39
PID 1976 wrote to memory of 2128	1976	Unicorn-46124.exe	39
PID 2484 wrote to memory of 2580	2484	Unicorn-64988.exe	40
PID 2484 wrote to memory of 2580	2484	Unicorn-64988.exe	40
PID 2484 wrote to memory of 2580	2484	Unicorn-64988.exe	40
PID 2484 wrote to memory of 2580	2484	Unicorn-64988.exe	40
PID 2072 wrote to memory of 2824	2072	Unicorn-39958.exe	42
PID 2072 wrote to memory of 2824	2072	Unicorn-39958.exe	42
PID 2072 wrote to memory of 2824	2072	Unicorn-39958.exe	42
PID 2072 wrote to memory of 2824	2072	Unicorn-39958.exe	42
PID 2864 wrote to memory of 2076	2864	Unicorn-8964.exe	43
PID 2864 wrote to memory of 2076	2864	Unicorn-8964.exe	43
PID 2864 wrote to memory of 2076	2864	Unicorn-8964.exe	43
PID 2864 wrote to memory of 2076	2864	Unicorn-8964.exe	43
PID 992 wrote to memory of 2788	992	Unicorn-15938.exe	41
PID 992 wrote to memory of 2788	992	Unicorn-15938.exe	41
PID 992 wrote to memory of 2788	992	Unicorn-15938.exe	41
PID 992 wrote to memory of 2788	992	Unicorn-15938.exe	41
PID 2880 wrote to memory of 1440	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	44
PID 2880 wrote to memory of 1440	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	44
PID 2880 wrote to memory of 1440	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	44
PID 2880 wrote to memory of 1440	2880	b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe	44
PID 2072 wrote to memory of 1052	2072	Unicorn-39958.exe	45
PID 2072 wrote to memory of 1052	2072	Unicorn-39958.exe	45
PID 2072 wrote to memory of 1052	2072	Unicorn-39958.exe	45
PID 2072 wrote to memory of 1052	2072	Unicorn-39958.exe	45

C:\Users\Admin\AppData\Local\Temp\b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe
"C:\Users\Admin\AppData\Local\Temp\b066d07f6f1b0cd4ac33382f61e4e144cb1d99327b0becfcc601a8dd1009db2fN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64988.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48968.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26236.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16538.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48820.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        8⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4679.exe
        8⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
        8⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        8⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
        7⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33292.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
        7⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33631.exe
        7⤵
        
        PID:6620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62589.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        8⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        7⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        7⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
        6⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31799.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60151.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        7⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
        6⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
        6⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        6⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5359.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6370.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37768.exe
        6⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15450.exe
        7⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
        7⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
        7⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        7⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22998.exe
        7⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53197.exe
        6⤵
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        6⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        6⤵
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64398.exe
        6⤵
        
        PID:5980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
        6⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53263.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        7⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        6⤵
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        6⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
        6⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54043.exe
        5⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        6⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        6⤵
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49501.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        6⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
        6⤵
        
        PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20099.exe
        5⤵
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
        5⤵
        
        PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
        5⤵
        
        PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15516.exe
        5⤵
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19549.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64720.exe
        6⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        6⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        6⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14956.exe
        6⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29998.exe
        5⤵
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31702.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26189.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14000.exe
        5⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
        5⤵
        
        PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20105.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
        6⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        7⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44342.exe
        7⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13612.exe
        7⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7789.exe
        6⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18146.exe
        6⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        6⤵
        
        PID:4808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        6⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35456.exe
        6⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47331.exe
        5⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5919.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        6⤵
        
        PID:4584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        6⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35723.exe
        5⤵
        
        PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56702.exe
        5⤵
        
        PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7656.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        6⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
        6⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        5⤵
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        5⤵
        
        PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13612.exe
        5⤵
        
        PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe
      4⤵
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
        5⤵
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        5⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        5⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
        5⤵
        
        PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
      4⤵
      PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
      4⤵
      PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55706.exe
      4⤵
      PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
      4⤵
      PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19716.exe
      4⤵
      PID:6048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1039.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8822.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16774.exe
        7⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7093.exe
        7⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63064.exe
        7⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        6⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46032.exe
        6⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        6⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14956.exe
        6⤵
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14713.exe
        6⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9694.exe
        6⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        6⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        6⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35227.exe
        5⤵
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        5⤵
        
        PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60172.exe
        5⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30280.exe
        5⤵
        
        PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6370.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27223.exe
        6⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53386.exe
        7⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        7⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        7⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63868.exe
        7⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
        6⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26742.exe
        6⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
        6⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        6⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65406.exe
        5⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        6⤵
        
        PID:3768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe
        6⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        6⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        6⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        5⤵
        
        PID:4152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        5⤵
        
        PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-831.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        5⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        5⤵
        
        PID:4160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
        5⤵
        
        PID:5084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        5⤵
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45483.exe
      4⤵
      PID:300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19390.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        5⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
        5⤵
        
        PID:6780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64348.exe
      4⤵
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
      4⤵
      PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52788.exe
      4⤵
      PID:5656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47917.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21854.exe
        6⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51471.exe
        7⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30147.exe
        7⤵
        
        PID:6380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        6⤵
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        6⤵
        
        PID:4920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        6⤵
        
        PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        5⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        6⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5368.exe
        6⤵
        
        PID:5748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21524.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28464.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46701.exe
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27806.exe
        5⤵
        
        PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30678.exe
        5⤵
        
        PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48263.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
        7⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        7⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
        7⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42147.exe
        6⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        6⤵
        
        PID:4144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        6⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46569.exe
        5⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41097.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        6⤵
        
        PID:4624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10998.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10043.exe
        6⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35135.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60444.exe
        5⤵
        
        PID:6164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54000.exe
      4⤵
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62793.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7810.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8429.exe
        5⤵
        
        PID:5968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17149.exe
        5⤵
        
        PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
      4⤵
      PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42958.exe
      4⤵
      PID:4884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
      4⤵
      PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
      4⤵
      PID:5992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25971.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54308.exe
        5⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6395.exe
        6⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        6⤵
        
        PID:7152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7810.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60151.exe
        5⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        5⤵
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
      4⤵
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
        5⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        5⤵
        
        PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48114.exe
        5⤵
        
        PID:6812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
      4⤵
      PID:600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51897.exe
      4⤵
      PID:3304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
      4⤵
      PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5208.exe
      4⤵
      PID:6564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53407.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
      4⤵
      PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
      4⤵
      PID:4644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
    3⤵
    PID:2528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
    3⤵
    PID:3492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12292.exe
    3⤵
    PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
    3⤵
    PID:4716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
    3⤵
    PID:5828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56598.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        7⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
        7⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        7⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        7⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16906.exe
        7⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63182.exe
        6⤵
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        6⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
        6⤵
        
        PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65499.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
        6⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        7⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
        7⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        7⤵
        
        PID:5760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
        6⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60151.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        6⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11311.exe
        5⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57798.exe
        6⤵
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29263.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        6⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26359.exe
        6⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
        5⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
        5⤵
        
        PID:4252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 188
        6⤵
        Program crash
        
        PID:4900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21805.exe
        5⤵
        
        PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17325.exe
        5⤵
        
        PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36608.exe
        6⤵
        
        PID:3704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53306.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        6⤵
        
        PID:4696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
        6⤵
        
        PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
        5⤵
        
        PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
        5⤵
        
        PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        5⤵
        
        PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29351.exe
        5⤵
        
        PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
        5⤵
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
        6⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        6⤵
        
        PID:5624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21399.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        5⤵
        
        PID:4216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
        5⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        5⤵
        
        PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
      4⤵
      PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        5⤵
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        5⤵
        
        PID:5884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
      4⤵
      PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6963.exe
      4⤵
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
      4⤵
      PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3964.exe
      4⤵
      PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
      4⤵
      PID:6840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26044.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7921.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
        6⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32164.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28418.exe
        7⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14117.exe
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
        7⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        6⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        6⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        6⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29019.exe
        6⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
        5⤵
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
        6⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40064.exe
        7⤵
        
        PID:6884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54220.exe
        5⤵
        
        PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
        5⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42725.exe
        5⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60151.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
        5⤵
        
        PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4802.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25092.exe
        5⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23189.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12190.exe
        5⤵
        
        PID:4284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        5⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21891.exe
      4⤵
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48804.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22357.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        5⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55756.exe
        5⤵
        
        PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11883.exe
      4⤵
      PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
      4⤵
      PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8590.exe
      4⤵
      PID:6760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1659.exe
        5⤵
        
        PID:984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        6⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        6⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54370.exe
        6⤵
        
        PID:5368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
        5⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
        5⤵
        
        PID:4292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24964.exe
        5⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        5⤵
        
        PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47331.exe
      4⤵
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40633.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13949.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
        5⤵
        
        PID:7112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46427.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64411.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47661.exe
      4⤵
      PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14117.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
      4⤵
      PID:6652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10081.exe
      4⤵
      PID:316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1030.exe
      4⤵
      PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
      4⤵
      PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
      4⤵
      PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
      4⤵
      PID:6596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
    3⤵
    PID:3852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20308.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20308.exe
    3⤵
    PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23341.exe
    3⤵
    PID:5740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3812.exe
    3⤵
    PID:6352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39958.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39958.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57174.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6158.exe
        6⤵
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7810.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36857.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        6⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
        6⤵
        
        PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37356.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        5⤵
        
        PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        5⤵
        
        PID:4720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48145.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29344.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35492.exe
        5⤵
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65327.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
        5⤵
        
        PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
        5⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        5⤵
        
        PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
      4⤵
      PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
      4⤵
      PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
      4⤵
      PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52788.exe
      4⤵
      PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
      4⤵
      PID:6668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23223.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45748.exe
        6⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35192.exe
        6⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13612.exe
        6⤵
        
        PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13469.exe
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        5⤵
        
        PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        5⤵
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
      4⤵
      Executes dropped EXE
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4143.exe
        5⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        5⤵
        
        PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
      4⤵
      PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11170.exe
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
      4⤵
      PID:5220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30678.exe
      4⤵
      PID:6236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53585.exe
      4⤵
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29030.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
        5⤵
        
        PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        5⤵
        
        PID:5512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32691.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
      4⤵
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54681.exe
      4⤵
      PID:4356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
      4⤵
      PID:5816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27125.exe
      4⤵
      PID:6408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34976.exe
    3⤵
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
      4⤵
      PID:4568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13587.exe
      4⤵
      PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
      4⤵
      PID:6604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
    3⤵
    PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26189.exe
    3⤵
    PID:4192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11679.exe
    3⤵
    PID:4668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
    3⤵
    PID:5932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39361.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39361.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11370.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        6⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
        6⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-985.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24585.exe
        6⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16619.exe
        6⤵
        
        PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4563.exe
        5⤵
        
        PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51562.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13063.exe
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        5⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        5⤵
        
        PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39304.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        5⤵
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        5⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14129.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26627.exe
      4⤵
      PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
      4⤵
      PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
      4⤵
      PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3480.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13037.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60099.exe
      4⤵
      PID:292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
        5⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24964.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-84.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40658.exe
      4⤵
      PID:1344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26298.exe
      4⤵
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
      4⤵
      PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45106.exe
    3⤵
    PID:988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
      4⤵
      PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37826.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
      4⤵
      PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1647.exe
      4⤵
      PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16906.exe
      4⤵
      PID:5772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55658.exe
    3⤵
    PID:680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11154.exe
    3⤵
    PID:3432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
    3⤵
    PID:4124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37259.exe
    3⤵
    PID:5352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12100.exe
    3⤵
    PID:6576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6961.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3791.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45525.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
      4⤵
      PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
      4⤵
      PID:5904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55732.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
    3⤵
    PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51390.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
    3⤵
    PID:2280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
    3⤵
    PID:6084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49528.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49528.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
    3⤵
    PID:1680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe
    3⤵
    PID:3932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2094.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2094.exe
    3⤵
    PID:6980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26931.exe
  2⤵
  PID:620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23959.exe
  2⤵
  PID:3140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50371.exe
  2⤵
  PID:4872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe
  2⤵
  PID:4700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57517.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57517.exe
  2⤵
  PID:5960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe

Filesize
468KB

MD5
f2897e1083216ccab27e5197974ee980

SHA1
571eac25d90aa9f508bc4bc40ce29e0c602cbe15

SHA256
c2d66200b9d7d334e7feaf6510d30548c08cf94a284bc70a3d047fbe2a7d912a

SHA512
e7b14d608c5c2f4581a0d7f53632407c47315d354f1e3f10bf4858f0c9111289c367a8509dbb5c9c5fc8448c0f565190bcbf69bc9ffc3f86f8926f87638dedc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18292.exe

Filesize
468KB

MD5
3d8bcdd06ada3590cf695a0657207e6e

SHA1
0b3a08909697ed7bb4715c3138a3cccfe8aa10a5

SHA256
1e016c5d420d554dde4afd374691159b6a91150b37019f0506b9b8de54213f28

SHA512
a4c32a35ef70a3d7efc6579359e68e28f79aeb8e4ddd1cfb30f8f34d13ba9d3fdafe66d9d3144532d119781f5b8863106e4f8c283184d72334c4799129aa472c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe

Filesize
468KB

MD5
6a234d4768eb3b38e0a30774efdacec2

SHA1
1990a10230f97a29249a616d852693c7907c045e

SHA256
023f0b779b83687dc9411c8088ffc1f3f554ccd59331c2d6a8860057a483268c

SHA512
3e3ea0c092720ca958304c87bb2449a5aa272061bff5969c1e700b6dec5ad9d5c95e4d467df2a94fa63651d9214512b91fd590a55c78060c1984efa81c1e2d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26044.exe

Filesize
468KB

MD5
847f0726cfbc0fa9847dd219ae497c9f

SHA1
21dbc985572408211da7bafff06ee756d2a5f98c

SHA256
e76e9794e80398a8bb6b705f34e8a41fcdc39d29dc027b50ffc477fa1dedf8af

SHA512
2208023a4883a0b05dbc56fc66a8d5fcde341a0e3ab54c07325224407f423cce56df27a80492472a7568fdb93cae734f197a411708ddee5b1fe06984a34b4f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39361.exe

Filesize
468KB

MD5
367234d7f90b9a9dc4de4ed9797c77b5

SHA1
99c8bea898b89d7ffd0af34d828aae1ab44d9f28

SHA256
fef4d51a730908ee18e1fcf89abd1e369817aa0689cefd7e4fc93333b295d929

SHA512
bc54eddef242444141e5403a6f46e5b2d752856cbe79a78c0b488545090e39ecf0a309b853d31aaf4307321f48ac785e8643baf2f6ec7a3511be86a8545c5b16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47917.exe

Filesize
468KB

MD5
91806e3b879f4c73ce905ee255a1dd3f

SHA1
d1fe60003cbec9689f2e87f45590f837e34baab7

SHA256
49b47c99e3ec5597675461e09bb4af182d4d74bee417d410a66ea61e3fcc0dd0

SHA512
aa3882f02ef6e8853dc1b1212cd659a6352aca82fb628dd0378eba114d90ccd4f50eba10c1a433d2078c0856add24d6d149e4c124047200db2c92e958f8a0f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54308.exe

Filesize
468KB

MD5
1f4159fa64394c87cb1467655738756d

SHA1
9207fdc275353e7c326a653b84e32047f1636beb

SHA256
bcf8f0e38cfb65a0cec4ed2c697ff685b1605f05beb23db7f998a616af7ed33f

SHA512
0f5f5ca2c13177f396494667482b6189ea33cbbfc6e346952ad4c8316608ca07d06fed30788a7f20ea8d4c804eeb2f0daa96bffa0e6f3e5a0bbae76d1b9a06e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe

Filesize
468KB

MD5
b5bdda6862b515eb4c523868ec884406

SHA1
6a55a367f02f02a77234681c6ac27383810eb3be

SHA256
c363d389b47ba1bc97da56d394c34fe97eb73007d86bf986be297a402e87e8aa

SHA512
1c9736079817a0522eaf536b8337ce7c331c680c61326a4d43a4db7218ed74b7114279fb26c6205d3b363a4fd6d59c28514af24ecd9a8cd053fb1ca3b85f5bc7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe

Filesize
468KB

MD5
f09e87fdf7a4d85527b0229c723f67eb

SHA1
8e1072f6d191896fe5148335721fc6e18d3813b0

SHA256
478f5298097a8cee41a02350faabf47451b900052f0f506789d7ba1e7c19f70f

SHA512
1a1a46dd9123b7236c3bb09208835d5634c16ac420670f852e6347dede0277502b8b60c40686d72906ba72aa8e02ac709ee6e9fbd694265782c268d45be693eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe

Filesize
468KB

MD5
87042a5b873da2bbad0e69d1016614fb

SHA1
c1dcf7a33b17769d9beb7abe36f983cdac3d858d

SHA256
3f8bd899a5d2a6ab68cb190d2afcdcc3cb7364b139a1f5fe3faa41bdb7bc812a

SHA512
5764b2d079bf4d0bccf855a90e5549ee6c4e1bb5d9b82bc7f54819696d2b4a20c5969104e89554eea2fd41140fc91ba92437e671ea5ead35bcf27b8eb5abbd83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe

Filesize
468KB

MD5
f100a9577c52a10d67a5c0b4a6bc050e

SHA1
797a9902230a0993dac95bb07247e3efe71bd8ca

SHA256
a29c78e99dc3e86dfb3e036143e9db5ef2707c3e2f3052764ebf80d8a318fa7b

SHA512
b5f45155cdc896968f3aa4a7cffdfe69b73db04926695e88fab73e30d8eea909cc150678be1ba9ec2845b4bf1514b77040482718a55be7cad77ba892c4883961

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe

Filesize
468KB

MD5
b0d9b6e68faade072a8e41b326d6fc19

SHA1
e74b91c6e26bc2068b48042d88f7851822b6250f

SHA256
af09640541ccdbd0e135acec2f3229911a40166c96b3ed7046fc0ce45631c44c

SHA512
f33e04dbbfe7b295a3134c5eb0bf54f21ed148868adf0f54bca560a68d3cd37583c7850f2443dce2faebe2ede9ccd15c911e9345d1cd46a7715153123bdccceb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39958.exe

Filesize
468KB

MD5
e4e2b363f74c7a45181862ea1ccff551

SHA1
0f08e2ea73d2780ec8be34e7f0ac8f65a53a0fc1

SHA256
efd597dcfade55f9b65067dbb7780f1f1764fda80dd5c2093a8f7b62c45c1a97

SHA512
9e79800a6ab690f4cebda1e301e81e3304381ea49dc670afea9e8ffad464dfdd8d10db61204a7848bcb37fe2156473ff72f472775a0cf5b7fca1b9a2999762e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe

Filesize
468KB

MD5
90f6699e5bee61298bacaa30bb3b3bc1

SHA1
d22f18a15304fcbd3cb90f6e4a5e07e96ac36b5d

SHA256
38ef4d9a549102540d8fa7c77ecc85229d9a12add6cb1c127ba2592a207fcfef

SHA512
720132f70867250327a302831228315171d6d99603b9b592676d4b0cc0eeae8e4a69443f7d4616154e097fb8f096f24fbfddf3c6e91d155cbc77b5a6d0bbbaac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48968.exe

Filesize
468KB

MD5
36403753c72463ccc78a917514b28f7c

SHA1
0585b526125da49a51d85a933012981a56d5c5f1

SHA256
70f254416170adae43ef4911504df90aebb32a242ad507def7258c55d0c06be5

SHA512
9080d11935e29b2293f539fada5abefbdb0de7daeb1d0be6e2ce6e5b30fc3c308e44d3aebe431be074ef6138019efbd868e78856fdd0a9839a16a166b0e06ef1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe

Filesize
468KB

MD5
0f0d38f4dedac5ab9fc1386ecb68f073

SHA1
56f118c703e1318bc1bda4f6608949e04c403c17

SHA256
9baefc662344ac184fd1ed63848bb42d076a734e52cb972b317e0a8df34ae3a3

SHA512
4b9feedcfef74b7ee86810e0c64601772b50d920e86fb49ae88e0162951aebaef55b90acdaa2af4a38cc2c85ab0613a1f09664828311622386ab3148576b5ef2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64988.exe

Filesize
468KB

MD5
a3501166607f3f56da6cbef33390ee75

SHA1
724c146e8cfc5ab16311ba69f230af846f6aa6ca

SHA256
bd31bd07599f14b0bce5f275036b8a49a78c3e4b0572c2c26abf114d4d03b6ac

SHA512
145d9c047df3f84bd62e33d639a9fd46b538b969e8628a9efa7185e07c663c6c898a1f30cf9ad500a4cb7aaf8695c1620286b8f08249a9b7ff343f3772f3af5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6977.exe

Filesize
468KB

MD5
2d43e5be980e3461f43f2150192d6dcb

SHA1
35ec0a1fbca6865340390739bdc8d30d69ed8c72

SHA256
b290b7b984e8cd3f0b2a3f38b7f14cced29cd0ffe4049335047974c784236500

SHA512
ec1001a9c04c912876ff7c03b5a4a8ce169cea86e9aa1e46c64538067c4c068f02662ade675eeabc7bacb3cd854f36e94b79d56e04aaa248a99b48ef292e6191

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7067.exe

Filesize
468KB

MD5
30b4cbcc2c815dcb8e3b085378d40e73

SHA1
e4ea965ea64a785b98b32dfbc3b184c1e2fc9e56

SHA256
087da1ff5bb49ac2fad6a95d9fb63be95942245cbb67c3d0d1636a2ef2b43f56

SHA512
815324f3b6bbbf3fe2de95d16e69e98dc971e9cd2024769ac7b2d406934bb22cb122ec541c3968fbb74fde1446697f910748e99901a1ec8dab2a4160bd2227cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7517.exe

Filesize
468KB

MD5
049bdd130d4adebddd5beb21b3b5c180

SHA1
aa8422b43a726651a6c0bd0718f64d91b99c375f

SHA256
8d53f341e842e36b3089eab405405db05778ec761fbf414f1877a96bb80f7b0a

SHA512
4b9bae52e37d5446d337bda6390c6ab3085401e159a73159bccc061281d324c75b48cd1dd08c44969523f262139882fed839731407a52cbf09ce80cfbd04306e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8964.exe

Filesize
468KB

MD5
b2c31845ad8c209a9189a5bce5a6fe9b

SHA1
996a1b2d8f1febe8d7d28232bc4ffad60a22ce8e

SHA256
912374cecead9f6f90fabf65345a550e1a8b835ffc18afb0cc2e4b5d9927fbff

SHA512
089f4ec4a59899425bf719cd0d011a4325247fc2100e7aafb8b7c73620b47431aeb00541e2dab81fa1e63e93a0ed2efb09fc4a29f94071ad430519187e828c94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe

Filesize
468KB

MD5
998722c15cfd3b2dfa143b2a2343e199

SHA1
9bc2acba44e88d410040a992a3e57d636092f379

SHA256
50ca0dc43d7241dc6fe4ec78dbeb6143bb5159ff9801395f327cfac81e895ccf

SHA512
388a341cf26eb4a4f2f95e75ef4770b68b27a4e3ad16d7adf5bef0b7153b2eb493eee2e58eccaa3d9022b31db7481ba59bb13eeeddffa5c5419c45c80a69093e

Download Submit
memory/832-290-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/832-418-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/832-428-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/864-251-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/864-376-0x0000000001DC0000-0x0000000001E35000-memory.dmp

Filesize
468KB

Download
memory/992-240-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/992-68-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/992-217-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/992-160-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/1052-331-0x0000000002340000-0x00000000023B5000-memory.dmp

Filesize
468KB

Download
memory/1052-209-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1052-327-0x0000000002340000-0x00000000023B5000-memory.dmp

Filesize
468KB

Download
memory/1440-243-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/1440-171-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1440-391-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/1440-390-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/1440-206-0x0000000001D60000-0x0000000001DD5000-memory.dmp

Filesize
468KB

Download
memory/1600-320-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1660-256-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1728-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1976-289-0x0000000001D10000-0x0000000001D85000-memory.dmp

Filesize
468KB

Download
memory/1976-60-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1976-292-0x0000000001D10000-0x0000000001D85000-memory.dmp

Filesize
468KB

Download
memory/2024-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2036-360-0x00000000026F0000-0x0000000002765000-memory.dmp

Filesize
468KB

Download
memory/2036-359-0x00000000026F0000-0x0000000002765000-memory.dmp

Filesize
468KB

Download
memory/2036-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2064-413-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2072-202-0x0000000002980000-0x00000000029F5000-memory.dmp

Filesize
468KB

Download
memory/2072-159-0x0000000002980000-0x00000000029F5000-memory.dmp

Filesize
468KB

Download
memory/2072-349-0x0000000002980000-0x00000000029F5000-memory.dmp

Filesize
468KB

Download
memory/2072-203-0x0000000002980000-0x00000000029F5000-memory.dmp

Filesize
468KB

Download
memory/2072-76-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2072-145-0x0000000002980000-0x00000000029F5000-memory.dmp

Filesize
468KB

Download
memory/2072-347-0x0000000002980000-0x00000000029F5000-memory.dmp

Filesize
468KB

Download
memory/2076-272-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2076-285-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2076-164-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2100-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2100-410-0x0000000002620000-0x0000000002695000-memory.dmp

Filesize
468KB

Download
memory/2128-346-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2128-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2192-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2220-248-0x0000000002770000-0x00000000027E5000-memory.dmp

Filesize
468KB

Download
memory/2220-120-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2220-396-0x0000000002770000-0x00000000027E5000-memory.dmp

Filesize
468KB

Download
memory/2220-249-0x0000000002770000-0x00000000027E5000-memory.dmp

Filesize
468KB

Download
memory/2260-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2284-374-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2372-253-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2420-125-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2456-375-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2484-366-0x0000000002520000-0x0000000002595000-memory.dmp

Filesize
468KB

Download
memory/2484-22-0x0000000002520000-0x0000000002595000-memory.dmp

Filesize
468KB

Download
memory/2484-258-0x0000000002520000-0x0000000002595000-memory.dmp

Filesize
468KB

Download
memory/2484-119-0x0000000002520000-0x0000000002595000-memory.dmp

Filesize
468KB

Download
memory/2484-266-0x0000000002520000-0x0000000002595000-memory.dmp

Filesize
468KB

Download
memory/2484-23-0x0000000002520000-0x0000000002595000-memory.dmp

Filesize
468KB

Download
memory/2484-121-0x0000000002520000-0x0000000002595000-memory.dmp

Filesize
468KB

Download
memory/2484-345-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2580-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2580-242-0x0000000001D30000-0x0000000001DA5000-memory.dmp

Filesize
468KB

Download
memory/2580-220-0x0000000001D30000-0x0000000001DA5000-memory.dmp

Filesize
468KB

Download
memory/2640-350-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2660-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2668-293-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2668-419-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2688-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2788-321-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2788-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2788-318-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2820-412-0x0000000001CE0000-0x0000000001D55000-memory.dmp

Filesize
468KB

Download
memory/2820-270-0x0000000001CE0000-0x0000000001D55000-memory.dmp

Filesize
468KB

Download
memory/2820-281-0x0000000001CE0000-0x0000000001D55000-memory.dmp

Filesize
468KB

Download
memory/2820-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2820-48-0x0000000001EE0000-0x0000000001F55000-memory.dmp

Filesize
468KB

Download
memory/2820-108-0x0000000001EE0000-0x0000000001F55000-memory.dmp

Filesize
468KB

Download
memory/2820-25-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2824-162-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2824-317-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2824-319-0x0000000000560000-0x00000000005D5000-memory.dmp

Filesize
468KB

Download
memory/2840-322-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2864-276-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2864-144-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2864-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2864-268-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2880-146-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2880-34-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2880-169-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2880-310-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2880-222-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2880-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2880-6-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2940-332-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3056-348-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3064-291-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download