1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1eb

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/10/2024, 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe
Size

468KB
MD5

d642aa3be30fbb7f79a2d135dfaa50f0
SHA1

e7a54f84c7b24dd0d9c7c0808bbe9d3ea19630e9
SHA256

1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1eb
SHA512

4ef7e200a16f72a391c3913cae3b1f10d5c0840d4eee13e337604388a3c15d4e14683bd1c2ab829ba8f9968c879ec08888f925b0e2d41476340dd143a1ce1196
SSDEEP

3072:O1nvogLday8Un+HsPz5Fvf1cyhj2I8JnmHevVpB22h3Sl5NTTl1:O1vo9LUnfP1FvfwxPZ22Zq5NT

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2340	Unicorn-18016.exe
2964	Unicorn-41528.exe
2816	Unicorn-62463.exe
2860	Unicorn-22801.exe
2724	Unicorn-16670.exe
2788	Unicorn-57118.exe
2652	Unicorn-53013.exe
2648	Unicorn-50624.exe
2152	Unicorn-35549.exe
2504	Unicorn-47479.exe
1432	Unicorn-20832.exe
2864	Unicorn-50167.exe
284	Unicorn-4495.exe
1756	Unicorn-20566.exe
2436	Unicorn-14701.exe
2996	Unicorn-318.exe
3000	Unicorn-59913.exe
1868	Unicorn-63442.exe
1492	Unicorn-45881.exe
1992	Unicorn-209.exe
1672	Unicorn-62025.exe
1832	Unicorn-16354.exe
1552	Unicorn-59424.exe
2324	Unicorn-9647.exe
2332	Unicorn-47573.exe
1504	Unicorn-63452.exe
1820	Unicorn-17515.exe
2164	Unicorn-17781.exe
2144	Unicorn-24802.exe
2872	Unicorn-56177.exe
2456	Unicorn-53141.exe
2660	Unicorn-55409.exe
2612	Unicorn-18334.exe
2776	Unicorn-8128.exe
1028	Unicorn-19674.exe
600	Unicorn-19674.exe
108	Unicorn-39540.exe
2704	Unicorn-9690.exe
1796	Unicorn-26493.exe
2940	Unicorn-46359.exe
3052	Unicorn-30900.exe
2960	Unicorn-24769.exe
2232	Unicorn-9965.exe
2132	Unicorn-45975.exe
2492	Unicorn-20509.exe
1004	Unicorn-13302.exe
1940	Unicorn-42061.exe
1984	Unicorn-45783.exe
2568	Unicorn-31559.exe
236	Unicorn-25428.exe
576	Unicorn-15030.exe
2168	Unicorn-21175.exe
2396	Unicorn-45793.exe
1956	Unicorn-26192.exe
2576	Unicorn-46058.exe
2712	Unicorn-64817.exe
2740	Unicorn-52877.exe
2604	Unicorn-64231.exe
2032	Unicorn-47406.exe
2680	Unicorn-22317.exe
1704	Unicorn-50199.exe
1052	Unicorn-20864.exe
1912	Unicorn-53344.exe
2084	Unicorn-43811.exe

Loads dropped DLL 64 IoCs

pid	Process
320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe
320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe
320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe
2340	Unicorn-18016.exe
320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe
2340	Unicorn-18016.exe
2964	Unicorn-41528.exe
2816	Unicorn-62463.exe
2816	Unicorn-62463.exe
320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe
2964	Unicorn-41528.exe
320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe
2340	Unicorn-18016.exe
2340	Unicorn-18016.exe
2788	Unicorn-57118.exe
2860	Unicorn-22801.exe
2788	Unicorn-57118.exe
2860	Unicorn-22801.exe
2964	Unicorn-41528.exe
2964	Unicorn-41528.exe
2724	Unicorn-16670.exe
320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe
2816	Unicorn-62463.exe
2340	Unicorn-18016.exe
2652	Unicorn-53013.exe
320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe
2724	Unicorn-16670.exe
2816	Unicorn-62463.exe
2340	Unicorn-18016.exe
2652	Unicorn-53013.exe
2152	Unicorn-35549.exe
2152	Unicorn-35549.exe
2860	Unicorn-22801.exe
2860	Unicorn-22801.exe
2648	Unicorn-50624.exe
2648	Unicorn-50624.exe
2788	Unicorn-57118.exe
1432	Unicorn-20832.exe
2788	Unicorn-57118.exe
1432	Unicorn-20832.exe
2724	Unicorn-16670.exe
2724	Unicorn-16670.exe
2964	Unicorn-41528.exe
2504	Unicorn-47479.exe
2964	Unicorn-41528.exe
2504	Unicorn-47479.exe
2816	Unicorn-62463.exe
2816	Unicorn-62463.exe
284	Unicorn-4495.exe
2652	Unicorn-53013.exe
284	Unicorn-4495.exe
2340	Unicorn-18016.exe
2652	Unicorn-53013.exe
2340	Unicorn-18016.exe
2436	Unicorn-14701.exe
2436	Unicorn-14701.exe
320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe
320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe
2996	Unicorn-318.exe
2996	Unicorn-318.exe
2152	Unicorn-35549.exe
2152	Unicorn-35549.exe
3000	Unicorn-59913.exe
3000	Unicorn-59913.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1736	1504	WerFault.exe	56

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42061.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62113.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61858.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46164.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1184.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44308.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59739.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58997.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57949.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45119.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6492.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52824.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14411.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25511.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49385.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61047.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50761.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46508.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36225.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6619.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35635.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47479.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51368.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18199.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50961.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13139.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20150.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35649.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe
2340	Unicorn-18016.exe
2964	Unicorn-41528.exe
2816	Unicorn-62463.exe
2860	Unicorn-22801.exe
2788	Unicorn-57118.exe
2724	Unicorn-16670.exe
2652	Unicorn-53013.exe
2648	Unicorn-50624.exe
2152	Unicorn-35549.exe
1432	Unicorn-20832.exe
2864	Unicorn-50167.exe
2504	Unicorn-47479.exe
284	Unicorn-4495.exe
1756	Unicorn-20566.exe
2436	Unicorn-14701.exe
2996	Unicorn-318.exe
3000	Unicorn-59913.exe
1868	Unicorn-63442.exe
1992	Unicorn-209.exe
1492	Unicorn-45881.exe
1672	Unicorn-62025.exe
1832	Unicorn-16354.exe
1552	Unicorn-59424.exe
2324	Unicorn-9647.exe
2332	Unicorn-47573.exe
1820	Unicorn-17515.exe
1504	Unicorn-63452.exe
2164	Unicorn-17781.exe
2144	Unicorn-24802.exe
2872	Unicorn-56177.exe
2456	Unicorn-53141.exe
2660	Unicorn-55409.exe
2612	Unicorn-18334.exe
2776	Unicorn-8128.exe
1028	Unicorn-19674.exe
600	Unicorn-19674.exe
2704	Unicorn-9690.exe
108	Unicorn-39540.exe
1796	Unicorn-26493.exe
2960	Unicorn-24769.exe
3052	Unicorn-30900.exe
2232	Unicorn-9965.exe
1004	Unicorn-13302.exe
2492	Unicorn-20509.exe
2132	Unicorn-45975.exe
1940	Unicorn-42061.exe
1984	Unicorn-45783.exe
2940	Unicorn-46359.exe
236	Unicorn-25428.exe
2568	Unicorn-31559.exe
2168	Unicorn-21175.exe
576	Unicorn-15030.exe
2396	Unicorn-45793.exe
1956	Unicorn-26192.exe
2576	Unicorn-46058.exe
2712	Unicorn-64817.exe
2604	Unicorn-64231.exe
2740	Unicorn-52877.exe
2032	Unicorn-47406.exe
1704	Unicorn-50199.exe
2680	Unicorn-22317.exe
1052	Unicorn-20864.exe
1912	Unicorn-53344.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 320 wrote to memory of 2340	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	31
PID 320 wrote to memory of 2340	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	31
PID 320 wrote to memory of 2340	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	31
PID 320 wrote to memory of 2340	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	31
PID 320 wrote to memory of 2964	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	32
PID 320 wrote to memory of 2964	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	32
PID 320 wrote to memory of 2964	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	32
PID 320 wrote to memory of 2964	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	32
PID 2340 wrote to memory of 2816	2340	Unicorn-18016.exe	33
PID 2340 wrote to memory of 2816	2340	Unicorn-18016.exe	33
PID 2340 wrote to memory of 2816	2340	Unicorn-18016.exe	33
PID 2340 wrote to memory of 2816	2340	Unicorn-18016.exe	33
PID 2816 wrote to memory of 2860	2816	Unicorn-62463.exe	35
PID 2816 wrote to memory of 2860	2816	Unicorn-62463.exe	35
PID 2816 wrote to memory of 2860	2816	Unicorn-62463.exe	35
PID 2816 wrote to memory of 2860	2816	Unicorn-62463.exe	35
PID 2964 wrote to memory of 2788	2964	Unicorn-41528.exe	34
PID 2964 wrote to memory of 2788	2964	Unicorn-41528.exe	34
PID 2964 wrote to memory of 2788	2964	Unicorn-41528.exe	34
PID 2964 wrote to memory of 2788	2964	Unicorn-41528.exe	34
PID 320 wrote to memory of 2724	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	36
PID 320 wrote to memory of 2724	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	36
PID 320 wrote to memory of 2724	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	36
PID 320 wrote to memory of 2724	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	36
PID 2340 wrote to memory of 2652	2340	Unicorn-18016.exe	37
PID 2340 wrote to memory of 2652	2340	Unicorn-18016.exe	37
PID 2340 wrote to memory of 2652	2340	Unicorn-18016.exe	37
PID 2340 wrote to memory of 2652	2340	Unicorn-18016.exe	37
PID 2788 wrote to memory of 2648	2788	Unicorn-57118.exe	38
PID 2788 wrote to memory of 2648	2788	Unicorn-57118.exe	38
PID 2788 wrote to memory of 2648	2788	Unicorn-57118.exe	38
PID 2788 wrote to memory of 2648	2788	Unicorn-57118.exe	38
PID 2860 wrote to memory of 2152	2860	Unicorn-22801.exe	39
PID 2860 wrote to memory of 2152	2860	Unicorn-22801.exe	39
PID 2860 wrote to memory of 2152	2860	Unicorn-22801.exe	39
PID 2860 wrote to memory of 2152	2860	Unicorn-22801.exe	39
PID 2964 wrote to memory of 2504	2964	Unicorn-41528.exe	40
PID 2964 wrote to memory of 2504	2964	Unicorn-41528.exe	40
PID 2964 wrote to memory of 2504	2964	Unicorn-41528.exe	40
PID 2964 wrote to memory of 2504	2964	Unicorn-41528.exe	40
PID 320 wrote to memory of 1756	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	42
PID 320 wrote to memory of 1756	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	42
PID 320 wrote to memory of 1756	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	42
PID 320 wrote to memory of 1756	320	1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe	42
PID 2724 wrote to memory of 1432	2724	Unicorn-16670.exe	41
PID 2724 wrote to memory of 1432	2724	Unicorn-16670.exe	41
PID 2724 wrote to memory of 1432	2724	Unicorn-16670.exe	41
PID 2724 wrote to memory of 1432	2724	Unicorn-16670.exe	41
PID 2816 wrote to memory of 2864	2816	Unicorn-62463.exe	43
PID 2816 wrote to memory of 2864	2816	Unicorn-62463.exe	43
PID 2816 wrote to memory of 2864	2816	Unicorn-62463.exe	43
PID 2816 wrote to memory of 2864	2816	Unicorn-62463.exe	43
PID 2340 wrote to memory of 2436	2340	Unicorn-18016.exe	44
PID 2340 wrote to memory of 2436	2340	Unicorn-18016.exe	44
PID 2340 wrote to memory of 2436	2340	Unicorn-18016.exe	44
PID 2340 wrote to memory of 2436	2340	Unicorn-18016.exe	44
PID 2652 wrote to memory of 284	2652	Unicorn-53013.exe	45
PID 2652 wrote to memory of 284	2652	Unicorn-53013.exe	45
PID 2652 wrote to memory of 284	2652	Unicorn-53013.exe	45
PID 2652 wrote to memory of 284	2652	Unicorn-53013.exe	45
PID 2152 wrote to memory of 2996	2152	Unicorn-35549.exe	46
PID 2152 wrote to memory of 2996	2152	Unicorn-35549.exe	46
PID 2152 wrote to memory of 2996	2152	Unicorn-35549.exe	46
PID 2152 wrote to memory of 2996	2152	Unicorn-35549.exe	46

C:\Users\Admin\AppData\Local\Temp\1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe
"C:\Users\Admin\AppData\Local\Temp\1531e43b4913e8827c75bccf9e1b0643e1f6246809d88d5fc31b457457d7d1ebN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14411.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        9⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        9⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27685.exe
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22161.exe
        8⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        8⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65127.exe
        8⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61156.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        9⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52370.exe
        8⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        8⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6964.exe
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        7⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53141.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4513.exe
        9⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4126.exe
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        7⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47406.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        7⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        7⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
        6⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        7⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        7⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        6⤵
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        6⤵
        
        PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59913.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        8⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        7⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        7⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50199.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
        7⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        8⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
        7⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        6⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        7⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        7⤵
        
        PID:4116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
        6⤵
        
        PID:4044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe
        8⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        7⤵
        
        PID:5340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63793.exe
        6⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
        7⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        7⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
        6⤵
        
        PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43811.exe
        5⤵
        Executes dropped EXE
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46548.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61520.exe
        7⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe
        6⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55149.exe
        5⤵
        
        PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35690.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
        5⤵
        
        PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        6⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52986.exe
        7⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57143.exe
        6⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6698.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        7⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        6⤵
        
        PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37946.exe
        5⤵
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
        6⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
        7⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        7⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        6⤵
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        6⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
        5⤵
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        6⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        5⤵
        
        PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9647.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
        5⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        6⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
        7⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        7⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58395.exe
        6⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        6⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
        5⤵
        
        PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45793.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        5⤵
        
        PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37180.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        5⤵
        
        PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe
      4⤵
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        5⤵
        
        PID:5192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
      4⤵
      PID:3384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
        8⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        7⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60891.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        6⤵
        
        PID:5548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42061.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45119.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49193.exe
        7⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        7⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54168.exe
        6⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
        5⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60275.exe
        6⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        6⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        6⤵
        
        PID:3756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        6⤵
        
        PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        5⤵
        
        PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63452.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
        5⤵
        Program crash
        
        PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43811.exe
      4⤵
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        5⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34151.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7303.exe
        5⤵
        
        PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
      4⤵
      PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
      4⤵
      PID:4160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61858.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        5⤵
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        5⤵
        
        PID:5332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65127.exe
        5⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1478.exe
        6⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        6⤵
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        5⤵
        
        PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        5⤵
        
        PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
      4⤵
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
      4⤵
      PID:5304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31559.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11211.exe
        5⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
        6⤵
        
        PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45678.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        5⤵
        
        PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25253.exe
      4⤵
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
        5⤵
        
        PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
      4⤵
      PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
      4⤵
      PID:4384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      4⤵
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        5⤵
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        5⤵
        
        PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13408.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        5⤵
        
        PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
      4⤵
      PID:5700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35138.exe
    3⤵
    PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe
      4⤵
      PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe
      4⤵
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
      4⤵
      PID:5388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
    3⤵
    PID:1448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29523.exe
    3⤵
    PID:3852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
    3⤵
    PID:5628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
        8⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        8⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        7⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
        7⤵
        
        PID:4292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        7⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59163.exe
        6⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        7⤵
        
        PID:5380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46817.exe
        6⤵
        
        PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        6⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31132.exe
        7⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61723.exe
        8⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58421.exe
        7⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        7⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        6⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
        5⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        6⤵
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54343.exe
        5⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6698.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62530.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55066.exe
        5⤵
        
        PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
        6⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37180.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63793.exe
        5⤵
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        6⤵
        
        PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        5⤵
        
        PID:5532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        5⤵
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        6⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        7⤵
        
        PID:5124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        5⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        6⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        5⤵
        
        PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43811.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        5⤵
        
        PID:6100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
      4⤵
      PID:3160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
      4⤵
      PID:4200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16354.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45975.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        6⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-140.exe
        7⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        8⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        7⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18199.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        7⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        6⤵
        
        PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
        5⤵
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
        6⤵
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9965.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        5⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62589.exe
        6⤵
        
        PID:5976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        5⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19832.exe
      4⤵
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        5⤵
        
        PID:4424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
      4⤵
      PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
        6⤵
        
        PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        5⤵
        
        PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63793.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        5⤵
        
        PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
      4⤵
      PID:4216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
      4⤵
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        5⤵
        
        PID:5888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
      4⤵
      PID:5404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
    3⤵
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
    3⤵
    PID:3440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
    3⤵
    PID:4376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20832.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        6⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65127.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36225.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49617.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45262.exe
        6⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2438.exe
        7⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        7⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49961.exe
        6⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        6⤵
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17528.exe
        5⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
        6⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        6⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45112.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51368.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
        5⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46548.exe
        6⤵
        
        PID:3944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        6⤵
        
        PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        5⤵
        
        PID:5452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
        5⤵
        
        PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
      4⤵
      PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
      4⤵
      PID:5716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62025.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5506.exe
        5⤵
        
        PID:308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
        5⤵
        
        PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        5⤵
        
        PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57971.exe
      4⤵
      PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53516.exe
      4⤵
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
      4⤵
      PID:5152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      4⤵
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe
        5⤵
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43939.exe
        5⤵
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        5⤵
        
        PID:3968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
        5⤵
        
        PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-550.exe
      4⤵
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48273.exe
        5⤵
        
        PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
      4⤵
      PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
      4⤵
      PID:5848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43811.exe
    3⤵
    PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4271.exe
      4⤵
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31583.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
      4⤵
      PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
      4⤵
      PID:5460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62113.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
    3⤵
    PID:3404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
    3⤵
    PID:5268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      4⤵
      PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40432.exe
        5⤵
        
        PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
      4⤵
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
      4⤵
      PID:4284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
    3⤵
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
      4⤵
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
        5⤵
        
        PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
      4⤵
      PID:5444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
    3⤵
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28475.exe
      4⤵
      PID:6020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46585.exe
    3⤵
    PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33488.exe
    3⤵
    PID:5608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24802.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24802.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30900.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
      4⤵
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        5⤵
        
        PID:6084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
      4⤵
      PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        5⤵
        
        PID:5420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
      4⤵
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58689.exe
      4⤵
      PID:5200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57926.exe
    3⤵
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48957.exe
      4⤵
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46548.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        5⤵
        
        PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
      4⤵
      PID:3516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
      4⤵
      PID:5468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe
    3⤵
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2438.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
      4⤵
      PID:5736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55250.exe
    3⤵
    PID:3132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
    3⤵
    PID:5580
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20509.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20509.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
    3⤵
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37225.exe
      4⤵
      PID:4412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
    3⤵
    PID:3228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35676.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-140.exe
    3⤵
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50185.exe
      4⤵
      PID:4336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35649.exe
    3⤵
    PID:3092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
    3⤵
    PID:5436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe
  2⤵
  PID:1000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11379.exe
    3⤵
    PID:3640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
    3⤵
    PID:4268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
  2⤵
  PID:3412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27888.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27888.exe
  2⤵
  PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe

Filesize
468KB

MD5
4bb277f6b3e5dd187965c7f0a164fa6d

SHA1
d4e1660c294708434f1c42e9067bb1d2dad27912

SHA256
62b0d3f0f760b04578bee0fd957f6fbfd81cad1e7771c205e0581e6183a5b140

SHA512
da6f497e95a59168ccfd012e3d71998ac19594d5f29d0dfad5f3003a18f05afe1d112a1d087571f0900c1299d960aad4bdda86f25d48b224f6b757b61266c939

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe

Filesize
468KB

MD5
dfa63abfe11d801a54bacaf8f446bf3b

SHA1
337a8cd02fba75cac56048f1696bb4df1b3a28cf

SHA256
18077f04b751cff797dc68185be85ece35ece85d998dc1d932b80d6e9d9553e6

SHA512
bf75c051ba6535df01f584e560143a68797ab16a71dc21d79235073f33892f3b76f26516749dad9a74202c49e2c44505c9e0d4e1086ebae94b58cd69886e5da7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe

Filesize
468KB

MD5
300016b0adc916365c743196605cc406

SHA1
95e9ceb659f36753dd78251ca7a56af2d3625288

SHA256
fcab26499809dce21d471cb0e52c3f275e6a05b2514ce527d99976c9108cc2ed

SHA512
dc7ca47431709b4f24f8de1529bc76812b283598c4903b258e8f64bc8d259110adb5d23b27f0c7cde47c35b2f09b5044887f9f0b36b7f52fb8f56e80e2e2d0db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5506.exe

Filesize
468KB

MD5
acbb70d2483d973c97510ad198d42800

SHA1
225edb7cd328e5c4a9ea2ac26a6db38d16e862fd

SHA256
583c1fd178a70713fa72e5fbcbbb103ef9a1d60c8ba23d812019d86fab6f6894

SHA512
4243ea2c47f3ad68e38e3acf9bfbaa208f7c6a3e1a0228ba29315e980f02339456a0a083dd0f1689e89979f1a39a9b4611bc074ba5a64efceaaf695304979b00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe

Filesize
468KB

MD5
e517e406f598df29e11a02e194b39846

SHA1
e46cb3b76683fb6a999d5a3072f08bdcd4d9db87

SHA256
7d1b938ff14e235aed7c41083180fdbb108547084ae1ba9718e80fcd76d3702e

SHA512
7367038ac0f8193eca5ec6cfc27b77143ae97502f4dbfa71f91161b4889ed5713f51b2d977155163c575ac980f90afaa76e150e97f08bd0c69edee0eea5e6563

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe

Filesize
468KB

MD5
ee28ac03a9c91d52619573ff3439444f

SHA1
683f8560fac9691202a72ec8b0ff74e34c824347

SHA256
a2cec1a9bf707bbb382c7a35d9916a58b33ed44e7bd42bd8d2d5422738f0bb81

SHA512
7973474073d9638218703fa58f384e1c86ed23ba84ad01f15fc3107084a8e8098f5fb07d8e238b2ee01288a5385656c0cf2119de19a408f242cd70c3ba237d28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe

Filesize
468KB

MD5
4760d2ae9315f87c45a0c31f95498209

SHA1
18e0736a823b749a1edd26591c260643c4a4f50c

SHA256
0d93a1b273be3a551e5be8523d9031ba676b2d7c9587b58ed2c3ce937ff51543

SHA512
7365633530f950d7cc2771c44e8be4674a234faa1fb283d3a09dc48fe30f3ac4d82df2a797c02d5fdeb4466e8b72005707cbdfdbc5608669e90ae2c15d3bc1b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe

Filesize
468KB

MD5
5cab2240330712861cc2a09fe3fdef71

SHA1
9faca2a9d4f49dfa1b7fceda05c8fbbf7cdc7358

SHA256
28588a9806d91e4e59f7396c94a7ef9e04f076ce518d61d6a6111494201f4caf

SHA512
b8f25d33a9fde61b762272d22aab5d930e6e91d41de8390b80a5d2b20c037d618ebda32b1584593ea112c55f0fd3bf3961274402192182bdb52bc3b497f2fbee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20832.exe

Filesize
468KB

MD5
e2d47e278943c217be8205dc19257c8a

SHA1
b2557fae25c51516e43962b9e9853d8a3db87bb8

SHA256
d070a540dffbbce139271beaebb0c14f3aa17920138abcc843adc74e434bdfd4

SHA512
2c088b956c0dc7a5f295d32af8db7e33c92d06f36349c476152e736d9701d79e551da6e32e7be96eef803cf038d49551b39c459857688ac52204e4fcf4fa0d4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe

Filesize
468KB

MD5
9c03c8838828b7fc901ba9950ebf58dd

SHA1
26eb225db4418fc219e8b32d48a4c839444d3d46

SHA256
ad860ffbd20147e560f80a8db2e77af413c600240e6cb1c6d4d28f797cab5107

SHA512
e83bb7e8f6faaf5759dc369a13d6fd978e3bf9970c88f29d02123906a5e64bdc1b4e38ff66c1d007fb87c10df78ce6077239745921e17feb6f7c54c58a53384d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-318.exe

Filesize
468KB

MD5
ca1f63ae0a3dbfd68f4e02a62d20e828

SHA1
551fa845a00620359bb49b3a6dfe4d4348b247ff

SHA256
66e5048ee0fe57bf996f706ff102469c6f3cf0f09833e0d95a548ed6ffd416ed

SHA512
7e518df6bf2b724a0b221a06d06e35ed9c043cdf63cf03e07c1e98da8eda30a6e2d434e5398b87394af52c65c7cbf655a9a21cb997bbbce9f0f09cd40b0b57a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35549.exe

Filesize
468KB

MD5
953b5b88a552937ac716f427a3e18d65

SHA1
302cb4e727bf9f5d4936a2378b7a9f5101407fa1

SHA256
f0d3f22e4e7b57f74431479e4bb470dacc8fe0743c2b933aaab57e23f1a18cef

SHA512
7211dc104201f930215529989484081be2ca35e8579bd079c1a046c07a5fcc876a6c93ef6bb67d2d207bc4efba58bf5c967e938f7c41627dd6921644e7bf1fd4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe

Filesize
468KB

MD5
709e02d2bbf2305f1a40af88fe54d887

SHA1
573590abbfacf7849b5761bd9c9c6cf0b8e99ae9

SHA256
73b9f42de469667bbefb484085338ad223d3b1392df819031ec30878215a548a

SHA512
a26fedf1d213ea9f16760915632186934161bd97cc0e505964c9f8d4d23f6a19285c75ef965aaa0eb876edf22695571d671f432b8badaef39fc3ccfb36cd2bf8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe

Filesize
468KB

MD5
7c304eb2ba29d068cb610944899782f6

SHA1
1ac456ba85a0d283c72804567d12ec0c21746735

SHA256
aa5e8fc8c9fa6aacaccb927ff61791a367f3df93f241f8a8ee7ea53e884fbd09

SHA512
fbf59da769583d06d10f44b8cfe7361f5d356f696bc0a5feb45c2a6e3049005c67987d8676e1866a363e2ee4f1ca3dec6735285d35c5f0804bdc66cbe49dd1ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe

Filesize
468KB

MD5
6d3acab13ad1afb64f6bc979acf0ed08

SHA1
f478a690b8ba16a58684cccf2faaac3275dc685a

SHA256
1a1fd53dc94a486b77fb96aafb02dae7c4964d6d0611a72e55c489712875042f

SHA512
752f8ab0d1d7a106ee74992f6221ddc0a1daf1cd5b0bd03643a46a48614b0247a2e48cb4f1b9f3d7b9a8582021f8e105188032ed080410d0627b68bd2f4a2ec2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50167.exe

Filesize
468KB

MD5
d0a49404e10c9c9d2b22038f31473d2f

SHA1
6deebb7d4a557f99a74571400366536154c33457

SHA256
ea7cdf1e8b173428f4d16d96bbdf7ff114b286a02656a699decadc210e085ee5

SHA512
0c569a08f37326a7247c863644dfe82b9e2e8db0482caefab0d3e1cd5bea79e9ed75d11445e82bcf9e6c2ab5db8338a011c0d98630227783e0a76b2f50c22865

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50624.exe

Filesize
468KB

MD5
1a4192b0ec76e7d03ee232c419e86169

SHA1
44bbd505a3203ac270065a82d20595abf1e420d9

SHA256
a2209e2b4c522adad08241c7c65365a6765186b8d94178de2cf119919422aa6a

SHA512
e9156ca96acaa10bbee03af8fc7568e26bd25b78a548fcb10853c68d0a1e8b420b6e4ba805b997143daba3e6daaafab34ae92a02326f0ac474f9950943ceba51

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe

Filesize
468KB

MD5
8372c111100808db3ecd98b1029b5c3b

SHA1
9abb92fbdf43c57289ea3dbc510d948018c3211e

SHA256
12d30fb8e867e7a17c2d6198c1d92cf6a8f17fd301307d4ea6947d4f1218b5aa

SHA512
7010d1e0fe2d4b899fcb63fdb1e5f78a8215cdb18728f8e1e1f33fc4eda904933fb324e0fe357459c015bef76dc55ce3d303ce991b3e76d64de275a8f94222b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59913.exe

Filesize
468KB

MD5
a5ed3d3f55570a9bf5e73066bc47f883

SHA1
f06c26197b8605ed3d8d7433cc6fe0a925d59421

SHA256
a905db4573248ea34bb6993bb336afeec47b0d75a3474c9b5a7867afe34ab814

SHA512
5db46c97de9cfe6c5c2840df0f03d84ac7be254830953ad6e251c6f44fadeddda64d66b4a5d7d4b2724ac19eaa50d300d380997eb6a4e2f8d69b993f136ee03d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe

Filesize
468KB

MD5
6bb0c5bc83acf98a7476ec02fa72ae7f

SHA1
99e96a7a47c5f21cc1a08fdb8c8f60d507bebc8c

SHA256
eb46d9c08877959de18d2d9be57117c1a30528c1833a3d854380cc5440450bb6

SHA512
953893caa4c71e3cca05e9fcd3cac7f64c66add9c2f8ef231525dfee0c9cbfd6f13e7748b6ae62a1410d427a2775b37e042efd40df1428d6d09892e5f57a9cb5

Download Submit
memory/108-404-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/284-175-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/284-300-0x0000000002900000-0x0000000002975000-memory.dmp

Filesize
468KB

Download
memory/284-286-0x0000000002900000-0x0000000002975000-memory.dmp

Filesize
468KB

Download
memory/320-163-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/320-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/320-10-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/320-321-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/320-11-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/320-397-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/320-130-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/320-326-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/320-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1028-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1432-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1432-238-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1492-239-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1504-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1552-271-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1672-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1756-413-0x0000000001DB0000-0x0000000001E25000-memory.dmp

Filesize
468KB

Download
memory/1756-177-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1756-415-0x0000000001DB0000-0x0000000001E25000-memory.dmp

Filesize
468KB

Download
memory/1820-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1832-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1868-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1868-385-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/1868-384-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/1992-402-0x0000000001DC0000-0x0000000001E35000-memory.dmp

Filesize
468KB

Download
memory/1992-242-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2144-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2152-194-0x0000000003320000-0x0000000003395000-memory.dmp

Filesize
468KB

Download
memory/2152-354-0x0000000003320000-0x0000000003395000-memory.dmp

Filesize
468KB

Download
memory/2152-195-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2152-107-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2152-355-0x0000000003320000-0x0000000003395000-memory.dmp

Filesize
468KB

Download
memory/2164-312-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2324-278-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2332-301-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2340-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2340-302-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2340-172-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2340-303-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2340-138-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2436-176-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2436-307-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2436-311-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2456-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2504-268-0x0000000001EC0000-0x0000000001F35000-memory.dmp

Filesize
468KB

Download
memory/2504-124-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2504-267-0x0000000001EC0000-0x0000000001F35000-memory.dmp

Filesize
468KB

Download
memory/2612-378-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2648-392-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2648-221-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2648-222-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2648-393-0x00000000026D0000-0x0000000002745000-memory.dmp

Filesize
468KB

Download
memory/2652-298-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2652-78-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2652-305-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2652-139-0x0000000002610000-0x0000000002685000-memory.dmp

Filesize
468KB

Download
memory/2660-366-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2704-416-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2724-250-0x0000000002830000-0x00000000028A5000-memory.dmp

Filesize
468KB

Download
memory/2724-254-0x0000000002830000-0x00000000028A5000-memory.dmp

Filesize
468KB

Download
memory/2724-127-0x0000000002830000-0x00000000028A5000-memory.dmp

Filesize
468KB

Download
memory/2724-170-0x0000000002830000-0x00000000028A5000-memory.dmp

Filesize
468KB

Download
memory/2724-68-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2776-387-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2788-237-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/2788-236-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/2788-89-0x0000000002730000-0x00000000027A5000-memory.dmp

Filesize
468KB

Download
memory/2816-133-0x00000000023F0000-0x0000000002465000-memory.dmp

Filesize
468KB

Download
memory/2816-171-0x00000000023F0000-0x0000000002465000-memory.dmp

Filesize
468KB

Download
memory/2816-64-0x00000000023F0000-0x0000000002465000-memory.dmp

Filesize
468KB

Download
memory/2816-277-0x00000000023F0000-0x0000000002465000-memory.dmp

Filesize
468KB

Download
memory/2816-273-0x00000000023F0000-0x0000000002465000-memory.dmp

Filesize
468KB

Download
memory/2816-35-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2860-376-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/2860-210-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/2860-209-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/2860-379-0x0000000002450000-0x00000000024C5000-memory.dmp

Filesize
468KB

Download
memory/2860-67-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2864-396-0x0000000002420000-0x0000000002495000-memory.dmp

Filesize
468KB

Download
memory/2864-394-0x0000000002420000-0x0000000002495000-memory.dmp

Filesize
468KB

Download
memory/2864-174-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2872-346-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2964-258-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/2964-45-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/2964-34-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2964-270-0x00000000026A0000-0x0000000002715000-memory.dmp

Filesize
468KB

Download
memory/2996-197-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2996-344-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2996-345-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3000-365-0x0000000002620000-0x0000000002695000-memory.dmp

Filesize
468KB

Download
memory/3000-364-0x0000000002620000-0x0000000002695000-memory.dmp

Filesize
468KB

Download
memory/3000-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download