2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8f

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe
Size

468KB
MD5

f2d1d125dc87d1c8923ea276fe234b00
SHA1

7442d4dfe1b812dd4a231cf7bd98547226c34161
SHA256

2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8f
SHA512

abe430f65defae9a53363aae90565c26330bc958febdf5daccdac8c874bc07b4743cdff945077b5f3f57a772ef46de32525f2137f1859902a52e4eefcc10be09
SSDEEP

3072:pFW7ogI5Iu5UtnYVHzci7f8/KCqCPIpHnLHewVUiPhvLzavuMQlE:pFyocaUtOH4i7fw0qIPhTOvuM

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3004	Unicorn-51544.exe
2688	Unicorn-51710.exe
2100	Unicorn-18523.exe
2832	Unicorn-18135.exe
2284	Unicorn-26303.exe
2416	Unicorn-55446.exe
2744	Unicorn-3644.exe
2212	Unicorn-33532.exe
1512	Unicorn-15010.exe
1288	Unicorn-38960.exe
632	Unicorn-59935.exe
548	Unicorn-13998.exe
1884	Unicorn-8133.exe
1528	Unicorn-14263.exe
2192	Unicorn-21913.exe
3024	Unicorn-27620.exe
2920	Unicorn-55462.exe
1600	Unicorn-35596.exe
356	Unicorn-33955.exe
1532	Unicorn-64590.exe
2448	Unicorn-23558.exe
2436	Unicorn-17427.exe
1784	Unicorn-23558.exe
2132	Unicorn-39132.exe
1044	Unicorn-48062.exe
776	Unicorn-28196.exe
1052	Unicorn-48062.exe
1756	Unicorn-56785.exe
2216	Unicorn-10848.exe
2712	Unicorn-54715.exe
2792	Unicorn-42825.exe
2240	Unicorn-1238.exe
2768	Unicorn-25743.exe
2964	Unicorn-19612.exe
2620	Unicorn-46163.exe
2636	Unicorn-23504.exe
2532	Unicorn-26297.exe
1268	Unicorn-14642.exe
1696	Unicorn-59302.exe
1952	Unicorn-30787.exe
3040	Unicorn-27942.exe
1332	Unicorn-15410.exe
2924	Unicorn-3273.exe
2076	Unicorn-14241.exe
2676	Unicorn-20372.exe
2312	Unicorn-24456.exe
2472	Unicorn-33178.exe
1408	Unicorn-45431.exe
908	Unicorn-20180.exe
2652	Unicorn-15134.exe
316	Unicorn-44684.exe
2176	Unicorn-48768.exe
552	Unicorn-44684.exe
2088	Unicorn-42446.exe
2692	Unicorn-28710.exe
1704	Unicorn-4730.exe
2716	Unicorn-50667.exe
600	Unicorn-21140.exe
2788	Unicorn-38030.exe
2684	Unicorn-335.exe
2660	Unicorn-2042.exe
1664	Unicorn-34160.exe
2008	Unicorn-13547.exe
2092	Unicorn-7417.exe

Loads dropped DLL 64 IoCs

pid	Process
2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe
2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe
3004	Unicorn-51544.exe
3004	Unicorn-51544.exe
2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe
2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe
2688	Unicorn-51710.exe
2688	Unicorn-51710.exe
2100	Unicorn-18523.exe
2100	Unicorn-18523.exe
2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe
3004	Unicorn-51544.exe
3004	Unicorn-51544.exe
2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe
2832	Unicorn-18135.exe
2832	Unicorn-18135.exe
2688	Unicorn-51710.exe
2688	Unicorn-51710.exe
2284	Unicorn-26303.exe
2284	Unicorn-26303.exe
2100	Unicorn-18523.exe
2100	Unicorn-18523.exe
2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe
2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe
3004	Unicorn-51544.exe
2744	Unicorn-3644.exe
3004	Unicorn-51544.exe
2744	Unicorn-3644.exe
2212	Unicorn-33532.exe
2212	Unicorn-33532.exe
2832	Unicorn-18135.exe
2832	Unicorn-18135.exe
1512	Unicorn-15010.exe
1512	Unicorn-15010.exe
2416	Unicorn-55446.exe
2416	Unicorn-55446.exe
2688	Unicorn-51710.exe
2688	Unicorn-51710.exe
632	Unicorn-59935.exe
632	Unicorn-59935.exe
1528	Unicorn-14263.exe
548	Unicorn-13998.exe
2100	Unicorn-18523.exe
1528	Unicorn-14263.exe
2100	Unicorn-18523.exe
548	Unicorn-13998.exe
2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe
1288	Unicorn-38960.exe
1884	Unicorn-8133.exe
2744	Unicorn-3644.exe
2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe
1288	Unicorn-38960.exe
1884	Unicorn-8133.exe
2744	Unicorn-3644.exe
2284	Unicorn-26303.exe
2284	Unicorn-26303.exe
3004	Unicorn-51544.exe
3004	Unicorn-51544.exe
2192	Unicorn-21913.exe
2192	Unicorn-21913.exe
2212	Unicorn-33532.exe
2212	Unicorn-33532.exe
3024	Unicorn-27620.exe
3024	Unicorn-27620.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
3496	2480	WerFault.exe	121
3288	1992	WerFault.exe	125
5288	1292	WerFault.exe	126
5496	2820	WerFault.exe	132

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5021.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56847.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49033.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13998.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59015.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34326.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30489.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56743.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4604.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2995.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17842.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54388.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57273.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38781.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5622.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53293.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49214.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9075.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35914.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59543.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21926.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58693.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45431.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40977.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4988.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-335.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43013.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32536.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17848.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42701.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17834.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe
3004	Unicorn-51544.exe
2688	Unicorn-51710.exe
2100	Unicorn-18523.exe
2284	Unicorn-26303.exe
2832	Unicorn-18135.exe
2416	Unicorn-55446.exe
2744	Unicorn-3644.exe
2212	Unicorn-33532.exe
1512	Unicorn-15010.exe
632	Unicorn-59935.exe
1884	Unicorn-8133.exe
548	Unicorn-13998.exe
1288	Unicorn-38960.exe
1528	Unicorn-14263.exe
2192	Unicorn-21913.exe
3024	Unicorn-27620.exe
2920	Unicorn-55462.exe
1600	Unicorn-35596.exe
356	Unicorn-33955.exe
1532	Unicorn-64590.exe
1052	Unicorn-48062.exe
2448	Unicorn-23558.exe
2216	Unicorn-10848.exe
1756	Unicorn-56785.exe
2436	Unicorn-17427.exe
776	Unicorn-28196.exe
1784	Unicorn-23558.exe
1044	Unicorn-48062.exe
2132	Unicorn-39132.exe
2712	Unicorn-54715.exe
2792	Unicorn-42825.exe
2240	Unicorn-1238.exe
2768	Unicorn-25743.exe
2636	Unicorn-23504.exe
2532	Unicorn-26297.exe
2620	Unicorn-46163.exe
2964	Unicorn-19612.exe
1268	Unicorn-14642.exe
1696	Unicorn-59302.exe
1952	Unicorn-30787.exe
3040	Unicorn-27942.exe
1332	Unicorn-15410.exe
2924	Unicorn-3273.exe
2076	Unicorn-14241.exe
2676	Unicorn-20372.exe
1408	Unicorn-45431.exe
2472	Unicorn-33178.exe
2312	Unicorn-24456.exe
908	Unicorn-20180.exe
2176	Unicorn-48768.exe
552	Unicorn-44684.exe
316	Unicorn-44684.exe
2652	Unicorn-15134.exe
2088	Unicorn-42446.exe
2692	Unicorn-28710.exe
2716	Unicorn-50667.exe
1704	Unicorn-4730.exe
2788	Unicorn-38030.exe
600	Unicorn-21140.exe
2684	Unicorn-335.exe
2660	Unicorn-2042.exe
1664	Unicorn-34160.exe
2092	Unicorn-7417.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 3004	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	31
PID 2128 wrote to memory of 3004	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	31
PID 2128 wrote to memory of 3004	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	31
PID 2128 wrote to memory of 3004	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	31
PID 3004 wrote to memory of 2688	3004	Unicorn-51544.exe	32
PID 3004 wrote to memory of 2688	3004	Unicorn-51544.exe	32
PID 3004 wrote to memory of 2688	3004	Unicorn-51544.exe	32
PID 3004 wrote to memory of 2688	3004	Unicorn-51544.exe	32
PID 2128 wrote to memory of 2100	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	33
PID 2128 wrote to memory of 2100	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	33
PID 2128 wrote to memory of 2100	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	33
PID 2128 wrote to memory of 2100	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	33
PID 2688 wrote to memory of 2832	2688	Unicorn-51710.exe	34
PID 2688 wrote to memory of 2832	2688	Unicorn-51710.exe	34
PID 2688 wrote to memory of 2832	2688	Unicorn-51710.exe	34
PID 2688 wrote to memory of 2832	2688	Unicorn-51710.exe	34
PID 2100 wrote to memory of 2284	2100	Unicorn-18523.exe	35
PID 2100 wrote to memory of 2284	2100	Unicorn-18523.exe	35
PID 2100 wrote to memory of 2284	2100	Unicorn-18523.exe	35
PID 2100 wrote to memory of 2284	2100	Unicorn-18523.exe	35
PID 3004 wrote to memory of 2416	3004	Unicorn-51544.exe	37
PID 3004 wrote to memory of 2416	3004	Unicorn-51544.exe	37
PID 3004 wrote to memory of 2416	3004	Unicorn-51544.exe	37
PID 3004 wrote to memory of 2416	3004	Unicorn-51544.exe	37
PID 2128 wrote to memory of 2744	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	36
PID 2128 wrote to memory of 2744	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	36
PID 2128 wrote to memory of 2744	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	36
PID 2128 wrote to memory of 2744	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	36
PID 2832 wrote to memory of 2212	2832	Unicorn-18135.exe	38
PID 2832 wrote to memory of 2212	2832	Unicorn-18135.exe	38
PID 2832 wrote to memory of 2212	2832	Unicorn-18135.exe	38
PID 2832 wrote to memory of 2212	2832	Unicorn-18135.exe	38
PID 2688 wrote to memory of 1512	2688	Unicorn-51710.exe	39
PID 2688 wrote to memory of 1512	2688	Unicorn-51710.exe	39
PID 2688 wrote to memory of 1512	2688	Unicorn-51710.exe	39
PID 2688 wrote to memory of 1512	2688	Unicorn-51710.exe	39
PID 2284 wrote to memory of 1288	2284	Unicorn-26303.exe	40
PID 2284 wrote to memory of 1288	2284	Unicorn-26303.exe	40
PID 2284 wrote to memory of 1288	2284	Unicorn-26303.exe	40
PID 2284 wrote to memory of 1288	2284	Unicorn-26303.exe	40
PID 2100 wrote to memory of 632	2100	Unicorn-18523.exe	41
PID 2100 wrote to memory of 632	2100	Unicorn-18523.exe	41
PID 2100 wrote to memory of 632	2100	Unicorn-18523.exe	41
PID 2100 wrote to memory of 632	2100	Unicorn-18523.exe	41
PID 2128 wrote to memory of 548	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	42
PID 2128 wrote to memory of 548	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	42
PID 2128 wrote to memory of 548	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	42
PID 2128 wrote to memory of 548	2128	2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe	42
PID 3004 wrote to memory of 1884	3004	Unicorn-51544.exe	43
PID 3004 wrote to memory of 1884	3004	Unicorn-51544.exe	43
PID 3004 wrote to memory of 1884	3004	Unicorn-51544.exe	43
PID 3004 wrote to memory of 1884	3004	Unicorn-51544.exe	43
PID 2744 wrote to memory of 1528	2744	Unicorn-3644.exe	44
PID 2744 wrote to memory of 1528	2744	Unicorn-3644.exe	44
PID 2744 wrote to memory of 1528	2744	Unicorn-3644.exe	44
PID 2744 wrote to memory of 1528	2744	Unicorn-3644.exe	44
PID 2212 wrote to memory of 2192	2212	Unicorn-33532.exe	45
PID 2212 wrote to memory of 2192	2212	Unicorn-33532.exe	45
PID 2212 wrote to memory of 2192	2212	Unicorn-33532.exe	45
PID 2212 wrote to memory of 2192	2212	Unicorn-33532.exe	45
PID 2832 wrote to memory of 3024	2832	Unicorn-18135.exe	46
PID 2832 wrote to memory of 3024	2832	Unicorn-18135.exe	46
PID 2832 wrote to memory of 3024	2832	Unicorn-18135.exe	46
PID 2832 wrote to memory of 3024	2832	Unicorn-18135.exe	46

C:\Users\Admin\AppData\Local\Temp\2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe
"C:\Users\Admin\AppData\Local\Temp\2ae8a374708414eddbbc02310ddb3aa46c958bafb0f42cb4e29eaf8445cc9a8fN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33532.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21913.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54103.exe
        9⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
        9⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        9⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        8⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56847.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
        8⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
        8⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10629.exe
        8⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        8⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29715.exe
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        9⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        8⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
        8⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45633.exe
        8⤵
        
        PID:4968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41290.exe
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        8⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        7⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        7⤵
        
        PID:5744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
        8⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        8⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10776.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19954.exe
        7⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        7⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53522.exe
        7⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
        7⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        7⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        7⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        6⤵
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4654.exe
        6⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12491.exe
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        7⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
        6⤵
        
        PID:3396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19987.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54227.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
        6⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27620.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1238.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
        8⤵
        
        PID:1992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 220
        9⤵
        Program crash
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33028.exe
        8⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37670.exe
        8⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        8⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        8⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        8⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
        7⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
        8⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        8⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        7⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        7⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
        7⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54709.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52720.exe
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        6⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26235.exe
        7⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52629.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
        6⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
        6⤵
        
        PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19612.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        6⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46130.exe
        6⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15446.exe
        6⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        6⤵
        
        PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        5⤵
        
        PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48254.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe
        7⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21377.exe
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40691.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        7⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        7⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        6⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
        6⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19157.exe
        6⤵
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54945.exe
        6⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26297.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
        6⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        7⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51366.exe
        7⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        7⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        7⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
        6⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
        6⤵
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        6⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe
        6⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45838.exe
        6⤵
        
        PID:4080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        6⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        6⤵
        
        PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
        5⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4654.exe
        5⤵
        
        PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21466.exe
        5⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
        5⤵
        
        PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33955.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14642.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe
        8⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        8⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25628.exe
        7⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe
        7⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59015.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59572.exe
        6⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60494.exe
        7⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        7⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        6⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        6⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        6⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
        6⤵
        
        PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19063.exe
        5⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        6⤵
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
        6⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
        6⤵
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        6⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        6⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49208.exe
        5⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
        5⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48073.exe
        5⤵
        
        PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59302.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        5⤵
        Executes dropped EXE
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21945.exe
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30613.exe
        6⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        6⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
        5⤵
        
        PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54695.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36563.exe
        5⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33383.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        5⤵
        
        PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
      4⤵
      PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5184.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
      4⤵
      PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42854.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35596.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46163.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
        7⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46950.exe
        7⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        7⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
        7⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63677.exe
        6⤵
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21111.exe
        6⤵
        
        PID:4280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
        6⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        6⤵
        
        PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61440.exe
        5⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2224.exe
        6⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        7⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35133.exe
        7⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
        6⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        6⤵
        
        PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50687.exe
        5⤵
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42693.exe
        5⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
        5⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43989.exe
        5⤵
        
        PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48441.exe
        5⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
        6⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        6⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        5⤵
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        5⤵
        
        PID:4680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
        5⤵
        
        PID:5968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
      4⤵
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51254.exe
        5⤵
        
        PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27498.exe
        5⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        5⤵
        
        PID:5368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9075.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12976.exe
      4⤵
      PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
      4⤵
      PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42738.exe
      4⤵
      PID:6624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18006.exe
        6⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59256.exe
        6⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
        6⤵
        
        PID:4304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31875.exe
        6⤵
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64990.exe
        6⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42701.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        5⤵
        
        PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
        5⤵
        
        PID:6260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45431.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2940.exe
        5⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe
        6⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        6⤵
        
        PID:5008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        6⤵
        
        PID:5912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
        5⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21111.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
        5⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        5⤵
        
        PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
      4⤵
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        5⤵
        
        PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4654.exe
      4⤵
      PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
      4⤵
      PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
      4⤵
      PID:5220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40294.exe
      4⤵
      PID:1292
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 220
        5⤵
        Program crash
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
      4⤵
      PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
      4⤵
      PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
      4⤵
      PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
      4⤵
      PID:5768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14828.exe
    3⤵
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
      4⤵
      PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59256.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
      4⤵
      PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41020.exe
      4⤵
      PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
      4⤵
      PID:6348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28220.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28220.exe
    3⤵
    PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
    3⤵
    PID:3752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
    3⤵
    PID:4772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62932.exe
    3⤵
    PID:5896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
    3⤵
    PID:6640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26303.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        7⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59256.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31875.exe
        7⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
        6⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
        6⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        6⤵
        
        PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33178.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27632.exe
        6⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
        6⤵
        
        PID:3616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2357.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        6⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53463.exe
        5⤵
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
        5⤵
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56785.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
        6⤵
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23459.exe
        6⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37468.exe
        6⤵
        
        PID:4600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        6⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        5⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        5⤵
        
        PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30763.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17834.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59235.exe
        5⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29715.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        6⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1508.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
        5⤵
        
        PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        5⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        5⤵
        
        PID:6232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
      4⤵
      PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
      4⤵
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54227.exe
      4⤵
      PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
      4⤵
      PID:6180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59935.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64590.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        6⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17848.exe
        6⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        6⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        6⤵
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
        6⤵
        
        PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
        5⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        6⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
        6⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe
        6⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46764.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43535.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53801.exe
        5⤵
        
        PID:4268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24484.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
        5⤵
        
        PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31201.exe
        6⤵
        
        PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
        5⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
        5⤵
        
        PID:4744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
      4⤵
      PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
        5⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55239.exe
      4⤵
      PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
      4⤵
      PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
      4⤵
      PID:5232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17427.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48768.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        5⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42730.exe
        6⤵
        
        PID:4560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12491.exe
        6⤵
        
        PID:5664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12202.exe
        6⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5021.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        5⤵
        
        PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51627.exe
        5⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        5⤵
        
        PID:6148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
      4⤵
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44392.exe
        5⤵
        
        PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18642.exe
        5⤵
        
        PID:6884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
      4⤵
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15382.exe
        5⤵
        
        PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48433.exe
        5⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        5⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        5⤵
        
        PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56743.exe
      4⤵
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
      4⤵
      PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
      4⤵
      PID:5728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4730.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25027.exe
      4⤵
      PID:2820
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 208
        5⤵
        Program crash
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9292.exe
      4⤵
      PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
      4⤵
      PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
      4⤵
      PID:5852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
      4⤵
      PID:6216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
    3⤵
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
      4⤵
      PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64050.exe
    3⤵
    PID:3516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57273.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
    3⤵
    PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
    3⤵
    PID:5684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
    3⤵
    PID:6616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3644.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3644.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33001.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
        6⤵
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12491.exe
        6⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        6⤵
        
        PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30432.exe
        5⤵
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13319.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
        5⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31007.exe
        5⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4067.exe
        5⤵
        
        PID:6652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50667.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48633.exe
        5⤵
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
        6⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59803.exe
        6⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        6⤵
        
        PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5021.exe
        5⤵
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43773.exe
        6⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55719.exe
        6⤵
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25970.exe
        6⤵
        
        PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51627.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40640.exe
      4⤵
      PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        5⤵
        
        PID:3268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54785.exe
        5⤵
        
        PID:5924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
      4⤵
      PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25013.exe
      4⤵
      PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41550.exe
      4⤵
      PID:6080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
        5⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        6⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        6⤵
        
        PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
        5⤵
        
        PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        5⤵
        
        PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        5⤵
        
        PID:4980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
        5⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52539.exe
        5⤵
        
        PID:6688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63469.exe
      4⤵
      PID:2480
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 220
        5⤵
        Program crash
        
        PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
      4⤵
      PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
      4⤵
      PID:5932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20237.exe
      4⤵
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        5⤵
        
        PID:4464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40230.exe
        5⤵
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58498.exe
      4⤵
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe
        5⤵
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        5⤵
        
        PID:5092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50701.exe
        5⤵
        
        PID:6088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21111.exe
      4⤵
      PID:4320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
      4⤵
      PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
      4⤵
      PID:6364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41269.exe
    3⤵
    PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63639.exe
      4⤵
      PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9119.exe
      4⤵
      PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12813.exe
      4⤵
      PID:5316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
    3⤵
    PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
    3⤵
    PID:3108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
    3⤵
    PID:4392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
    3⤵
    PID:5476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38654.exe
    3⤵
    PID:6356
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23558.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4604.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34697.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
        6⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4034.exe
        6⤵
        
        PID:5432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
        5⤵
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25196.exe
        5⤵
        
        PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29670.exe
        5⤵
        
        PID:5320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
        5⤵
        
        PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37319.exe
      4⤵
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35248.exe
        5⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34697.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31567.exe
        5⤵
        
        PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6696.exe
      4⤵
      PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13319.exe
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
      4⤵
      PID:4376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17219.exe
      4⤵
      PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
      4⤵
      PID:6204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
      4⤵
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe
        5⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17842.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46617.exe
        5⤵
        
        PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58498.exe
      4⤵
      PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
      4⤵
      PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
      4⤵
      PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
      4⤵
      PID:6092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
    3⤵
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21133.exe
      4⤵
      PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
      4⤵
      PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
      4⤵
      PID:6284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12561.exe
    3⤵
    PID:1584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
    3⤵
    PID:3776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
    3⤵
    PID:4780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64067.exe
    3⤵
    PID:6044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20180.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
      4⤵
      PID:892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45838.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
      4⤵
      PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
      4⤵
      PID:6012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
    3⤵
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
      4⤵
      PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45838.exe
      4⤵
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
      4⤵
      PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19530.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
    3⤵
    PID:272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
    3⤵
    PID:3824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
    3⤵
    PID:4808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65520.exe
    3⤵
    PID:6324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15134.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15134.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32536.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
    3⤵
    PID:3924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44349.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
    3⤵
    PID:6028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
  2⤵
  PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
    3⤵
    PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
    3⤵
    PID:3376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32861.exe
    3⤵
    PID:4140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
    3⤵
    PID:6100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6689.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6689.exe
  2⤵
  PID:1256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42109.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42109.exe
  2⤵
  PID:3916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
  2⤵
  PID:6128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62455.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62455.exe
  2⤵
  PID:6252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13998.exe

Filesize
468KB

MD5
0a91ee48101d928fefb253f76fd91db0

SHA1
7f372d8e4bd3a5016726e822e2cd1057e890a451

SHA256
7bb9d22bbe371b20b9ea81863894f535bc70d0afb68a33dac3a1f14ee4f69e6f

SHA512
98532ae009565bd4b20fb27ba50c4c3d0d92133d62b87a2166584e6ea915a3a58af70a3691b0a937e0db1593015896df47c38f25782ea33d5077bef9d5909332

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27620.exe

Filesize
468KB

MD5
5adf8b1c29087e77e45dfde7d05a88f2

SHA1
d286fb3d64f5a5bfea292522d52c2ebdb8d95ac2

SHA256
f4a04a98035620f0b0b34aa2939651dcf2682b028553c4d1621c0b7d168b3115

SHA512
8bbec644b53cf2a8b7d4fe9a517c80c75293a646ecb5557c0b878f8cb1b2a8d25bf9a22e73a28fe75384cbf7606bb98d132fa116b5acbf94d0915659fedcc53f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe

Filesize
468KB

MD5
d0a2fcbf123c8ac433d188c54ec457a1

SHA1
7de1f00588b09ce31092b620e5fec3a92d456679

SHA256
93e22733db2a7a7bbcb12c9bf9cf9cac6220afbf2f75f2e807faf32b8b84f4af

SHA512
235a6e39ad540465e308f6783761a861b9e959370c2947a6a6b7e1a3eda9a2b8734c8335d760719c4a3928386bb524bd393946332c3f6cff43b2d502c2dfe83f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42854.exe

Filesize
468KB

MD5
02c796e53162f480b17ebcf782d7801b

SHA1
6a17c47935fa7bbb007f32d4209105216b1e6d9f

SHA256
9ad2efd48023c29a1f080a7498c0d2595de233aa6cd2e2853e3b4c9fbd5b2b45

SHA512
4e9f77ad476617c83753b79d8a292e2d6ecc546d71947d7661b6a321fb98b0f9acd82d725f97d9e21902caf103a57a17ecfa27ed5efa4775d2215fd86f3863e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe

Filesize
468KB

MD5
553ce3326d30b3d0bbf741ec554e6b8d

SHA1
c610e81a543c4db14ca900dabb56179cc496367b

SHA256
0cb51d014cc9a220697ba49eebbcfea7e2b3c346a0ac350c8c27e0827e28f8e8

SHA512
ef3c7709173bfc32e0b3710fcde10b69c0be08202e36b55a475da0850db589c20420353130ad64e7533f4b276cdedab1349f9fc9c1412a388ad99ae952d4ec84

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14263.exe

Filesize
468KB

MD5
067a87a0cf91c9dc6efb17ebdc87afe9

SHA1
ecac1c850b2aaf5c3c596eac1e2ba8e33db62454

SHA256
52a2363be8e5ec6832b58706b9bcc323bdefa49a8cd8ffdfbede4eb9ac65a69c

SHA512
9ce87bc366451882b68fb028c3608bc14537e8642bb6f066bb9cfb0faef6c13db88fb0740ba9cbe906847bf1ab1763d5568d4076dad905a6d665fcfade3f38f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe

Filesize
468KB

MD5
829cf680c04dd74b5382b74647386102

SHA1
9be0f70b913a777bbafadbb00509e98110776b5b

SHA256
23a856208b657da1efedef8c1363ae382c4577ecabe3569d00886c1b8548ff1f

SHA512
4567e298eb6ea3d7c42c1c2be109f9dda1ae474ee8121e0dc34b5453b4db4b55dcda5eb70823ef11c1db0a16032473dce9f4a5ff6dcdbddbd35c617fa82022cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe

Filesize
468KB

MD5
9af26160d2d4def7e1cbbe5539c66fd5

SHA1
5b27375545c388d310f763bca954524053cb1e97

SHA256
a99ebfbdd5d2e93c764bd66f845670b88d6da7ba3a58d8096e0c4b932319141a

SHA512
383d53747ec4da33ecb4e4c180cce4bb2b77a5b4dea9cd9d2fce905e4b8b367e5e2d6a9453b29cf0b6bf5e5c5d7168cbbb9796afc276e04d98702ffc02869f4b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18523.exe

Filesize
468KB

MD5
20261d5f3d319d86417d44033a906c2b

SHA1
9835afe9dec2ca0719c3d7273aba2f037e1ce2aa

SHA256
5b71514ffbda3725bb576215d9aa7c46608fc9190c12b21814e503ea7bb6c61f

SHA512
efa52dd620989f24a3b7d2d10d765b99cec13d734f0039d7f7bc49cb703f309c93a9c2800fa0a001d791569b58bbee60eb2af917c9f079293e246fca0a8f9002

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21913.exe

Filesize
468KB

MD5
238500fc1b1ea6dfc91a4a8be8630d06

SHA1
e832562edd0d19215c198899a7fd563cfffc25be

SHA256
16d06c34c701fb5b861c386cc2130a6b36897585ee5858bf35a4dc4115c6c6d8

SHA512
d2a4f053418af77bdd04c3fcde7febc12d0e597f1cc161b1b3ca059797a0f0e8d8a5cbf83ae207595f9916c67906a444dd6a1f81415735335c5497a131887e2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26303.exe

Filesize
468KB

MD5
b83bb3e7273ec3d2b2dd5d88ca9bcb30

SHA1
a8d9fd4e9f6cde79c743e57c2461d6b192aa45a7

SHA256
b5b22366603ec43ea6b4eb50b3b8086c5f8308bc578fbda3af6ac74c18105538

SHA512
dd9f0fd86ec78b6208aaf5bcf22d5614d07b2abb5691ce77eec1ade49570b50f0c4ef554bad7aadd0acf7dae25d1fdbdb534c949ee64a81ec4287d97342e4cd5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33532.exe

Filesize
468KB

MD5
be20211ff7de3f9a55821f9593df72ea

SHA1
4199e039b7a4f00fe2f9bc1a69bdc594a9cb8e70

SHA256
50490c02755d5a309b01c4ed3d2bba5a18f46ad8a5d40ad436ee51fa49cdb896

SHA512
65a56df78702d294a3e7ab43a156c10defa4c5b98deaeb5cd26b6432ba9faed2d685c8326a18882b60b20eb308e544904267c8b6677aa4ca0c42502d6b69b878

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35596.exe

Filesize
468KB

MD5
ed45c194ecfca23e0d0111c8bd14429e

SHA1
919d343bb468e531396db51b68fce7fe40ba983a

SHA256
aedfc3785f56394bd936f83bcf0308f2f0cac1b48d9ddf6fbbed313d14700943

SHA512
d83961fe4a8979aef64d828b0714279dde84d1960874820d1e1fdcc56814834e06ec6b960b891890c9722703f9918b477e272c5650087516a958728bf3ca4529

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3644.exe

Filesize
468KB

MD5
c516e136766a2d18ffe621d2aa7e127d

SHA1
b0ee0adcb687da5f7a99a92cf01aeb7ff6858af7

SHA256
c0129bd5f29c40c3ba36767ccfee01bf496c5c11bf10405c8bd6a5175900a4b6

SHA512
53c8b6c85dadd52be9472562970c601a2796250b48421a8cc5a4c5aeee735a858ddd7ba1779f9e4cd67e55576c009d1980b1b353dc1f57dae7a9425cda6e77f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe

Filesize
468KB

MD5
77622ed756851add4403be652d24f3e7

SHA1
15101850adc21b14d9b2918d87aa4313c294d902

SHA256
2b7eb15356a9d40a7b77116bfbadce685131147342989bda4a1a5eaa9fa7b2bf

SHA512
b22c5c27f0fa1f3a6fe9e7071f514fd0427dad03a3c1a5a55b8d6ff719ba6ac1d464b9839bd96a11a6561d42800693e8335360755c53c55500fa260e08ffb1ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe

Filesize
468KB

MD5
6da281066097f3fa64bb35dcdd5c9372

SHA1
b1adca49f0e950b8ec878c88f9f5a6695c395a32

SHA256
38bdd57cfa2c85ac401a9a628171ba6e306e2f20e43260c0cba33bdef75617e7

SHA512
0d35ee8a41c394b7ed886e1a1c3cf80f7dd49ae8737500c58cd5aa73261094f9db0e35309ba63d258fbe24b9f7f8dab34c644ed98db94b9e88ff91fc3e2cc363

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55462.exe

Filesize
468KB

MD5
6664c32196e175eb7bb64bfda23e722a

SHA1
38820da169a26f42b017ab276c5ebf8fa7e0280a

SHA256
877c1c201d39f3d653dc3e32eaf8183ece952b16b12f950681fbab2630dfab4c

SHA512
7519217dc659e1bacaeb17ecd722a044a9b8f7853fc9e4c112f979496c078cf4109a941c42765df2f9e8a96c3d36c48897b595ab52c4c9bb5bd01cbda18434aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59935.exe

Filesize
468KB

MD5
69c59f8fdb425fe571260028345be1b6

SHA1
024d35037508a43a1a6a8971f2c1dee419f3eefa

SHA256
b9b2ad5f3e7c3dbfa78c7a7e15ac0c38b96e02b50351fb133bdad070886c02ed

SHA512
19b191db764d04de49b5a76db239274057ca746d711af8759f9003e2e84271282ba028d2d8e8dbdbab095b8f0a817fe4e63674b90b342c3f957288bae1ede900

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe

Filesize
468KB

MD5
4f5b4b3bbc53446e134cae069be27b32

SHA1
0051f1f125d466dcfd11c5844e70f9eafd825442

SHA256
68ecd3a29ff637745a1ab9bf23d80f9d54697454f856ad0e4707302a4479dbd1

SHA512
8f344ae6e3223acc02b7fc0af794519f3f1a5aa76194efd0177e3a575db4ef5f3ecf2d0def403901e4ca26bf12568fbb62209fd427a2a4d5c797cab41948f8b8

Download Submit
memory/356-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/356-401-0x00000000025C0000-0x0000000002635000-memory.dmp

Filesize
468KB

Download
memory/548-264-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/548-254-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/548-148-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/632-144-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/632-246-0x00000000025A0000-0x0000000002615000-memory.dmp

Filesize
468KB

Download
memory/632-247-0x00000000025A0000-0x0000000002615000-memory.dmp

Filesize
468KB

Download
memory/776-292-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1044-287-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1288-272-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/1288-277-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/1512-395-0x0000000000680000-0x00000000006F5000-memory.dmp

Filesize
468KB

Download
memory/1512-392-0x0000000000680000-0x00000000006F5000-memory.dmp

Filesize
468KB

Download
memory/1512-214-0x0000000000680000-0x00000000006F5000-memory.dmp

Filesize
468KB

Download
memory/1528-261-0x0000000001ED0000-0x0000000001F45000-memory.dmp

Filesize
468KB

Download
memory/1528-253-0x0000000001ED0000-0x0000000001F45000-memory.dmp

Filesize
468KB

Download
memory/1528-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1532-248-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1600-388-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/1600-390-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/1600-226-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1756-297-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1884-166-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1884-273-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/1884-285-0x0000000002390000-0x0000000002405000-memory.dmp

Filesize
468KB

Download
memory/2100-35-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2100-255-0x00000000005C0000-0x0000000000635000-memory.dmp

Filesize
468KB

Download
memory/2100-397-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2100-136-0x00000000005C0000-0x0000000000635000-memory.dmp

Filesize
468KB

Download
memory/2100-59-0x00000000005C0000-0x0000000000635000-memory.dmp

Filesize
468KB

Download
memory/2100-262-0x00000000005C0000-0x0000000000635000-memory.dmp

Filesize
468KB

Download
memory/2128-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2128-145-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2128-284-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2128-69-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2128-5-0x0000000003400000-0x0000000003475000-memory.dmp

Filesize
468KB

Download
memory/2128-339-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2128-279-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2128-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2128-146-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2132-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2192-190-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2192-329-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2192-327-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2212-338-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2212-188-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2212-187-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2216-302-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2240-353-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2284-296-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/2284-113-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2284-295-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/2284-60-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2416-217-0x00000000027D0000-0x0000000002845000-memory.dmp

Filesize
468KB

Download
memory/2416-224-0x00000000027D0000-0x0000000002845000-memory.dmp

Filesize
468KB

Download
memory/2416-383-0x0000000003300000-0x0000000003375000-memory.dmp

Filesize
468KB

Download
memory/2416-387-0x0000000003300000-0x0000000003375000-memory.dmp

Filesize
468KB

Download
memory/2416-83-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2436-266-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2532-389-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2620-391-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2688-26-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2688-237-0x00000000026E0000-0x0000000002755000-memory.dmp

Filesize
468KB

Download
memory/2688-236-0x00000000028E0000-0x0000000002955000-memory.dmp

Filesize
468KB

Download
memory/2688-49-0x00000000028E0000-0x0000000002955000-memory.dmp

Filesize
468KB

Download
memory/2688-50-0x00000000026E0000-0x0000000002755000-memory.dmp

Filesize
468KB

Download
memory/2688-108-0x00000000028E0000-0x0000000002955000-memory.dmp

Filesize
468KB

Download
memory/2688-367-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2712-331-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2744-84-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2744-294-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2744-164-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2744-154-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2744-276-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2768-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2792-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2832-93-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2832-198-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2920-360-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/2920-359-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/2920-223-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2964-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3004-82-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/3004-340-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3004-301-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/3004-151-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/3004-163-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/3004-293-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/3004-366-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/3004-22-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/3004-24-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/3024-345-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/3024-200-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3024-351-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download