1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0

Analysis

max time kernel
121s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 00:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe
Size

468KB
MD5

b2477f8bc85286d43aee98d4d493de80
SHA1

91404e330f79bcb8e57d7430fe31672ec7954eed
SHA256

1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0
SHA512

80518d1ad51c815a07891283e06fc2c5218d429e708a6ec6e0a460202550ad4606486a52499eec235b670896a3e6c385c7f23334e3a67d4fe12b352cb1e3d563
SSDEEP

3072:58AXogtdId5UtbYGPzQjcc8/G2A4D3p5hmHetVXdvlakIcEgy6ly:58Eo1bUt5PMjcccZd9vlvdEgy

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2480	Unicorn-1284.exe
2928	Unicorn-13942.exe
2636	Unicorn-57614.exe
2656	Unicorn-48510.exe
2628	Unicorn-13972.exe
2752	Unicorn-8809.exe
2532	Unicorn-45736.exe
940	Unicorn-54048.exe
2416	Unicorn-38853.exe
2092	Unicorn-44547.exe
1560	Unicorn-19148.exe
2964	Unicorn-39014.exe
1060	Unicorn-3459.exe
1460	Unicorn-63131.exe
2276	Unicorn-3724.exe
2260	Unicorn-55969.exe
1312	Unicorn-44392.exe
628	Unicorn-15953.exe
2068	Unicorn-22084.exe
1800	Unicorn-15227.exe
1992	Unicorn-30997.exe
2324	Unicorn-8251.exe
1540	Unicorn-34189.exe
2176	Unicorn-36251.exe
2604	Unicorn-30335.exe
1608	Unicorn-46210.exe
2236	Unicorn-49858.exe
2304	Unicorn-6960.exe
3040	Unicorn-54948.exe
2756	Unicorn-26826.exe
2180	Unicorn-3437.exe
2332	Unicorn-19634.exe
1456	Unicorn-1215.exe
2108	Unicorn-22131.exe
1732	Unicorn-63688.exe
2392	Unicorn-41997.exe
2524	Unicorn-53964.exe
944	Unicorn-4881.exe
2876	Unicorn-24747.exe
2228	Unicorn-42289.exe
2172	Unicorn-48419.exe
2124	Unicorn-426.exe
2448	Unicorn-59777.exe
2220	Unicorn-64982.exe
1492	Unicorn-47877.exe
2536	Unicorn-7445.exe
1820	Unicorn-17204.exe
1476	Unicorn-28378.exe
1924	Unicorn-3349.exe
1696	Unicorn-51213.exe
2576	Unicorn-59891.exe
2120	Unicorn-59554.exe
1576	Unicorn-14348.exe
2308	Unicorn-13540.exe
2828	Unicorn-2435.exe
2796	Unicorn-28122.exe
2936	Unicorn-47458.exe
2872	Unicorn-62828.exe
2704	Unicorn-61515.exe
2380	Unicorn-56923.exe
2364	Unicorn-26216.exe
2984	Unicorn-32347.exe
3004	Unicorn-55442.exe
1972	Unicorn-58567.exe

Loads dropped DLL 64 IoCs

pid	Process
1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe
1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe
2480	Unicorn-1284.exe
2480	Unicorn-1284.exe
1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe
1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe
2928	Unicorn-13942.exe
2928	Unicorn-13942.exe
2480	Unicorn-1284.exe
2480	Unicorn-1284.exe
2636	Unicorn-57614.exe
2636	Unicorn-57614.exe
1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe
1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe
2656	Unicorn-48510.exe
2656	Unicorn-48510.exe
2752	Unicorn-8809.exe
2752	Unicorn-8809.exe
2928	Unicorn-13942.exe
2928	Unicorn-13942.exe
2636	Unicorn-57614.exe
2636	Unicorn-57614.exe
2628	Unicorn-13972.exe
1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe
2628	Unicorn-13972.exe
1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe
2480	Unicorn-1284.exe
2480	Unicorn-1284.exe
2532	Unicorn-45736.exe
2532	Unicorn-45736.exe
940	Unicorn-54048.exe
940	Unicorn-54048.exe
2656	Unicorn-48510.exe
2656	Unicorn-48510.exe
2928	Unicorn-13942.exe
2928	Unicorn-13942.exe
2092	Unicorn-44547.exe
2092	Unicorn-44547.exe
2752	Unicorn-8809.exe
2752	Unicorn-8809.exe
1460	Unicorn-63131.exe
1460	Unicorn-63131.exe
2480	Unicorn-1284.exe
2480	Unicorn-1284.exe
1560	Unicorn-19148.exe
1560	Unicorn-19148.exe
2636	Unicorn-57614.exe
2636	Unicorn-57614.exe
2964	Unicorn-39014.exe
2964	Unicorn-39014.exe
2276	Unicorn-3724.exe
2276	Unicorn-3724.exe
2628	Unicorn-13972.exe
2628	Unicorn-13972.exe
2532	Unicorn-45736.exe
2532	Unicorn-45736.exe
1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe
1060	Unicorn-3459.exe
1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe
2260	Unicorn-55969.exe
1312	Unicorn-44392.exe
1060	Unicorn-3459.exe
2260	Unicorn-55969.exe
1312	Unicorn-44392.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45736.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45822.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44756.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10497.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9443.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13611.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9934.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57366.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-559.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1832.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2446.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52334.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13380.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26556.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59956.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14854.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52927.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58567.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17204.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58971.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26007.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15953.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15080.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29733.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23488.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6960.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45236.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27303.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7445.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60579.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21985.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe
2480	Unicorn-1284.exe
2928	Unicorn-13942.exe
2636	Unicorn-57614.exe
2656	Unicorn-48510.exe
2752	Unicorn-8809.exe
2628	Unicorn-13972.exe
2532	Unicorn-45736.exe
940	Unicorn-54048.exe
2416	Unicorn-38853.exe
2092	Unicorn-44547.exe
1460	Unicorn-63131.exe
2276	Unicorn-3724.exe
1060	Unicorn-3459.exe
1560	Unicorn-19148.exe
2964	Unicorn-39014.exe
2260	Unicorn-55969.exe
1312	Unicorn-44392.exe
628	Unicorn-15953.exe
2068	Unicorn-22084.exe
1800	Unicorn-15227.exe
1992	Unicorn-30997.exe
1540	Unicorn-34189.exe
2176	Unicorn-36251.exe
2236	Unicorn-49858.exe
1608	Unicorn-46210.exe
2604	Unicorn-30335.exe
2324	Unicorn-8251.exe
2304	Unicorn-6960.exe
2332	Unicorn-19634.exe
2180	Unicorn-3437.exe
2756	Unicorn-26826.exe
3040	Unicorn-54948.exe
2108	Unicorn-22131.exe
1456	Unicorn-1215.exe
1732	Unicorn-63688.exe
2876	Unicorn-24747.exe
2392	Unicorn-41997.exe
2524	Unicorn-53964.exe
2172	Unicorn-48419.exe
944	Unicorn-4881.exe
2228	Unicorn-42289.exe
2124	Unicorn-426.exe
2448	Unicorn-59777.exe
2220	Unicorn-64982.exe
1492	Unicorn-47877.exe
2536	Unicorn-7445.exe
2576	Unicorn-59891.exe
1820	Unicorn-17204.exe
1476	Unicorn-28378.exe
1696	Unicorn-51213.exe
1924	Unicorn-3349.exe
2120	Unicorn-59554.exe
1576	Unicorn-14348.exe
2872	Unicorn-62828.exe
2380	Unicorn-56923.exe
2308	Unicorn-13540.exe
2364	Unicorn-26216.exe
2828	Unicorn-2435.exe
2936	Unicorn-47458.exe
3004	Unicorn-55442.exe
2984	Unicorn-32347.exe
2796	Unicorn-28122.exe
2704	Unicorn-61515.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 2480	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	29
PID 1120 wrote to memory of 2480	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	29
PID 1120 wrote to memory of 2480	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	29
PID 1120 wrote to memory of 2480	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	29
PID 2480 wrote to memory of 2928	2480	Unicorn-1284.exe	30
PID 2480 wrote to memory of 2928	2480	Unicorn-1284.exe	30
PID 2480 wrote to memory of 2928	2480	Unicorn-1284.exe	30
PID 2480 wrote to memory of 2928	2480	Unicorn-1284.exe	30
PID 1120 wrote to memory of 2636	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	31
PID 1120 wrote to memory of 2636	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	31
PID 1120 wrote to memory of 2636	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	31
PID 1120 wrote to memory of 2636	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	31
PID 2928 wrote to memory of 2656	2928	Unicorn-13942.exe	32
PID 2928 wrote to memory of 2656	2928	Unicorn-13942.exe	32
PID 2928 wrote to memory of 2656	2928	Unicorn-13942.exe	32
PID 2928 wrote to memory of 2656	2928	Unicorn-13942.exe	32
PID 2480 wrote to memory of 2628	2480	Unicorn-1284.exe	33
PID 2480 wrote to memory of 2628	2480	Unicorn-1284.exe	33
PID 2480 wrote to memory of 2628	2480	Unicorn-1284.exe	33
PID 2480 wrote to memory of 2628	2480	Unicorn-1284.exe	33
PID 2636 wrote to memory of 2752	2636	Unicorn-57614.exe	34
PID 2636 wrote to memory of 2752	2636	Unicorn-57614.exe	34
PID 2636 wrote to memory of 2752	2636	Unicorn-57614.exe	34
PID 2636 wrote to memory of 2752	2636	Unicorn-57614.exe	34
PID 1120 wrote to memory of 2532	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	35
PID 1120 wrote to memory of 2532	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	35
PID 1120 wrote to memory of 2532	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	35
PID 1120 wrote to memory of 2532	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	35
PID 2656 wrote to memory of 940	2656	Unicorn-48510.exe	36
PID 2656 wrote to memory of 940	2656	Unicorn-48510.exe	36
PID 2656 wrote to memory of 940	2656	Unicorn-48510.exe	36
PID 2656 wrote to memory of 940	2656	Unicorn-48510.exe	36
PID 2752 wrote to memory of 2092	2752	Unicorn-8809.exe	37
PID 2752 wrote to memory of 2092	2752	Unicorn-8809.exe	37
PID 2752 wrote to memory of 2092	2752	Unicorn-8809.exe	37
PID 2752 wrote to memory of 2092	2752	Unicorn-8809.exe	37
PID 2928 wrote to memory of 2416	2928	Unicorn-13942.exe	38
PID 2928 wrote to memory of 2416	2928	Unicorn-13942.exe	38
PID 2928 wrote to memory of 2416	2928	Unicorn-13942.exe	38
PID 2928 wrote to memory of 2416	2928	Unicorn-13942.exe	38
PID 2636 wrote to memory of 1560	2636	Unicorn-57614.exe	39
PID 2636 wrote to memory of 1560	2636	Unicorn-57614.exe	39
PID 2636 wrote to memory of 1560	2636	Unicorn-57614.exe	39
PID 2636 wrote to memory of 1560	2636	Unicorn-57614.exe	39
PID 2628 wrote to memory of 2964	2628	Unicorn-13972.exe	40
PID 2628 wrote to memory of 2964	2628	Unicorn-13972.exe	40
PID 2628 wrote to memory of 2964	2628	Unicorn-13972.exe	40
PID 2628 wrote to memory of 2964	2628	Unicorn-13972.exe	40
PID 1120 wrote to memory of 1060	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	41
PID 1120 wrote to memory of 1060	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	41
PID 1120 wrote to memory of 1060	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	41
PID 1120 wrote to memory of 1060	1120	1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe	41
PID 2480 wrote to memory of 1460	2480	Unicorn-1284.exe	42
PID 2480 wrote to memory of 1460	2480	Unicorn-1284.exe	42
PID 2480 wrote to memory of 1460	2480	Unicorn-1284.exe	42
PID 2480 wrote to memory of 1460	2480	Unicorn-1284.exe	42
PID 2532 wrote to memory of 2276	2532	Unicorn-45736.exe	43
PID 2532 wrote to memory of 2276	2532	Unicorn-45736.exe	43
PID 2532 wrote to memory of 2276	2532	Unicorn-45736.exe	43
PID 2532 wrote to memory of 2276	2532	Unicorn-45736.exe	43
PID 940 wrote to memory of 2260	940	Unicorn-54048.exe	44
PID 940 wrote to memory of 2260	940	Unicorn-54048.exe	44
PID 940 wrote to memory of 2260	940	Unicorn-54048.exe	44
PID 940 wrote to memory of 2260	940	Unicorn-54048.exe	44

C:\Users\Admin\AppData\Local\Temp\1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe
"C:\Users\Admin\AppData\Local\Temp\1a4fd2087e8f064de8e737ae64f866b821ac8bd4c34d33fd8a545f49b21a98b0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48510.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19634.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3349.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        8⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        8⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
        8⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        7⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19753.exe
        7⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36129.exe
        7⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56923.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
        8⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
        8⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        7⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
        7⤵
        
        PID:5084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        7⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        6⤵
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57382.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7011.exe
        6⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47868.exe
        6⤵
        
        PID:4552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44392.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3437.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39491.exe
        8⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11883.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41612.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33509.exe
        9⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5820.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60393.exe
        9⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7837.exe
        9⤵
        
        PID:5092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57555.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39375.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        8⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-913.exe
        8⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
        7⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-498.exe
        8⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
        8⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        8⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
        7⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64626.exe
        7⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
        7⤵
        
        PID:5224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47877.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53046.exe
        7⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
        7⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25583.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
        6⤵
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61850.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
        6⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1215.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        6⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23488.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13577.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35364.exe
        6⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
        6⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
        5⤵
        
        PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        5⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6549.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
        6⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25454.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43009.exe
        5⤵
        
        PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
        5⤵
        
        PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38853.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59777.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32005.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        8⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11717.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        8⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3200.exe
        7⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        7⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34385.exe
        7⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
        7⤵
        
        PID:4236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        6⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
        6⤵
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        6⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13611.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        6⤵
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13515.exe
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61515.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        5⤵
        
        PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        5⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
        5⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
        5⤵
        
        PID:5004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32347.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        7⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9638.exe
        7⤵
        
        PID:4208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60182.exe
        6⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
        6⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1654.exe
        6⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
        6⤵
        
        PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55442.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
        5⤵
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50656.exe
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16171.exe
        5⤵
        
        PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31149.exe
        5⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45775.exe
        6⤵
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        6⤵
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
        6⤵
        
        PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        5⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
        5⤵
        
        PID:3704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34385.exe
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
        5⤵
        
        PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40220.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51584.exe
        5⤵
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
        5⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35593.exe
        5⤵
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8734.exe
      4⤵
      PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
      4⤵
      PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15090.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52049.exe
      4⤵
      PID:576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13458.exe
      4⤵
      PID:4176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13972.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45822.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58044.exe
        7⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
        8⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58393.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21113.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
        7⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10312.exe
        7⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
        6⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        6⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
        6⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50217.exe
        5⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
        5⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1832.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
        5⤵
        
        PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
        5⤵
        
        PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49858.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14360.exe
        6⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40379.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
        6⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
        6⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-121.exe
        5⤵
        
        PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44756.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12848.exe
        5⤵
        
        PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe
        5⤵
        
        PID:4120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51213.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59530.exe
        5⤵
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18011.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe
        5⤵
        
        PID:3848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53975.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39612.exe
        5⤵
        
        PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15080.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2484.exe
      4⤵
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
      4⤵
      PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47868.exe
      4⤵
      PID:4560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63131.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48419.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        6⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19774.exe
        6⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12243.exe
        6⤵
        
        PID:4084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57300.exe
        6⤵
        
        PID:4856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16225.exe
        5⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
        5⤵
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
        5⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30146.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        5⤵
        
        PID:4672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50858.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36333.exe
        5⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40055.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        5⤵
        
        PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
      4⤵
      PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-594.exe
      4⤵
      PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13611.exe
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23862.exe
      4⤵
      PID:4664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
      4⤵
      PID:5216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8251.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
      4⤵
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        5⤵
        
        PID:268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30005.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59956.exe
        5⤵
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        5⤵
        
        PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3200.exe
      4⤵
      PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
      4⤵
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34385.exe
      4⤵
      PID:4788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
      4⤵
      PID:4780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35362.exe
    3⤵
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17513.exe
      4⤵
      PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
      4⤵
      PID:4772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
    3⤵
    PID:2340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63535.exe
    3⤵
    PID:3760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46368.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46368.exe
    3⤵
    PID:4000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8050.exe
    3⤵
    PID:4816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57614.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57614.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
        8⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
        8⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44264.exe
        8⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
        7⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
        7⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe
        7⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16408.exe
        7⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
        6⤵
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36915.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        6⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
        6⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4881.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
        6⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-559.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32398.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64658.exe
        6⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
        6⤵
        
        PID:5040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47458.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62160.exe
        5⤵
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33053.exe
        5⤵
        
        PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24747.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51584.exe
        6⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        6⤵
        
        PID:364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        6⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
        6⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19177.exe
        5⤵
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9934.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51837.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47868.exe
        5⤵
        
        PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42289.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26556.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
        5⤵
        
        PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
        5⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
        5⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3862.exe
        5⤵
        
        PID:4212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30624.exe
      4⤵
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        5⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
        5⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50771.exe
        5⤵
        
        PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29046.exe
      4⤵
      PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
      4⤵
      PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
      4⤵
      PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
      4⤵
      PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19148.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
        5⤵
        
        PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47868.exe
        5⤵
        
        PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
      4⤵
      PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
      4⤵
      PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6133.exe
      4⤵
      PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1832.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
      4⤵
      PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41066.exe
      4⤵
      PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36251.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42667.exe
      4⤵
      PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3200.exe
      4⤵
      PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-268.exe
      4⤵
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
      4⤵
      PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
      4⤵
      PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33331.exe
      4⤵
      PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44028.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44028.exe
    3⤵
    PID:3024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14135.exe
    3⤵
    PID:676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8084.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34189.exe
      4⤵
      PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
      4⤵
      PID:4300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44116.exe
    3⤵
    PID:3332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48297.exe
    3⤵
    PID:3936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
    3⤵
    PID:4432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
    3⤵
    PID:4640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45736.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45736.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
        5⤵
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34402.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24498.exe
        6⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49573.exe
        6⤵
        
        PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18111.exe
        5⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37874.exe
        5⤵
        
        PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52334.exe
        5⤵
        
        PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32715.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4508.exe
        5⤵
        
        PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11463.exe
        5⤵
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58511.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7117.exe
        5⤵
        
        PID:5068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
        5⤵
        
        PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60579.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
      4⤵
      PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55593.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
      4⤵
      PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30974.exe
      4⤵
      PID:5180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6960.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59891.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31015.exe
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25453.exe
      4⤵
      PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
      4⤵
      PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45707.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
      4⤵
      PID:2064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
    3⤵
    PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47008.exe
    3⤵
    PID:1552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17698.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
    3⤵
    PID:3216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
    3⤵
    PID:4732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3459.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3459.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26826.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7445.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        5⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4689.exe
        6⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48277.exe
        6⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22179.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40838.exe
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32338.exe
        5⤵
        
        PID:4136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24079.exe
      4⤵
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45319.exe
        5⤵
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40055.exe
        5⤵
        
        PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe
      4⤵
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
      4⤵
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
      4⤵
      PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24302.exe
      4⤵
      PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42736.exe
      4⤵
      PID:4240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52927.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62271.exe
      4⤵
      PID:4636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28069.exe
    3⤵
    PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9578.exe
    3⤵
    PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
    3⤵
    PID:3516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31920.exe
    3⤵
    PID:4512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47868.exe
    3⤵
    PID:4380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12095.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34374.exe
      4⤵
      PID:4848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
      4⤵
      PID:5232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
    3⤵
    PID:856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49808.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
    3⤵
    PID:3448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26788.exe
    3⤵
    PID:4156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19063.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19063.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28122.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
    3⤵
    PID:1464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25155.exe
    3⤵
    PID:3664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
    3⤵
    PID:4072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
    3⤵
    PID:4124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
  2⤵
  PID:1792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26007.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26007.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
  2⤵
  PID:3808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
  2⤵
  PID:4880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12123.exe

Filesize
468KB

MD5
f8b2975f7a86ddfc24810c137536d8bf

SHA1
15bfa3748c8bb1bd0fce24a46d74f8dab9b6b90f

SHA256
b1ae4367e8237d77fafd5e3f0439d3703b6f04181ca112fb1c9028cd857ae84d

SHA512
4a9d2c59e9d80e62f104e9c3f71e19e14f26e4357bbea494a4b8842fe93ddf26af3cb3ff77f1e5d7c319f6dc94fbf6a5de84769f95f5c6cbbbfd3648b5de766f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21113.exe

Filesize
468KB

MD5
0ed1f005b5831ed9a01ccc3b49f8f35b

SHA1
8293facb6554691f6b6c9d5ea80e6f04ff8b3d8f

SHA256
14087f1aa22d67198a2f4046299b92b1fc3ac5dc0e5219d5db9993bef507f27a

SHA512
c224743447b61cb2fbd681f8140a09e6d141d56f248cf4e0a9bbb9f648d5f8288c083cb163ae5c51e4bdecbb886b078a0c50c38f8baf9ad8b9454dbdc5f0b67f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe

Filesize
468KB

MD5
67111f78247f30eead5b905e4398cc95

SHA1
32b527f4d62dd503cc89c3d76e2c25eed03039d9

SHA256
8a4dc02096a7e3255c2a4d3b2e8fce894355fc38f6ac59abb87fe13457a3aeb3

SHA512
70fb09ffa657d441f267be68352d98cfdadd7089c790d4a44ce04e1e5462d7ab832cf8ff351a9b9914082464f345343d0ab99d688f77c631875c4469fd90b5b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38853.exe

Filesize
468KB

MD5
f6282f6577af64aba8fc0f04fa0a94e0

SHA1
7d3e1c5658e6aa657b0b3422ef29cd8d4984020f

SHA256
0161b24631d0627002e13e96988435c0b5e44c71ea50baaac069b794c07cc864

SHA512
902db1d192bd37ace69d1c7fd23f7eaf7aa188fd31e06a5f3039a04bb9e01e11905b29abfd4d1e7981399c2175732a571cd09c909a72701f560ee09bcbf7a26f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe

Filesize
468KB

MD5
9c353b369200505426fc7f90a1728521

SHA1
565063ec00b288f2e6a14496d04d6a558fd52ed8

SHA256
e5bfc395ded190e958104b012be850e860f6654fa3c19cf0d82c6f7314489c5e

SHA512
63f098ceed295b10702185f500f3ef4ff37fca74997ba65a955ae70ecaf1119fb3d59180817495d86d8ee4331467b81f45e36ee346e58fa42508ea062fbab5f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe

Filesize
468KB

MD5
0aecd2695918e2f9cb45f39861755795

SHA1
f6d1154eac0ab8f927f49ab8272900bdbc9d7d78

SHA256
8c9569680c22281b51b9234fada574aeaaa10de153268693ef3f0db39a0b1056

SHA512
d9a373c091c7da964d755dfbc4c209d50e5c78a8bfa0f62ce16acea5e7bd8a9d286980c0262a25cd28152549269263743325ff7278910fa5304a377f7b64d0ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63131.exe

Filesize
468KB

MD5
403d13ffac29154e4985c9f312319789

SHA1
afdb4a28f0229684e34eb34adb232fc6b852e5fb

SHA256
c6099fc79485cec3be5c2dc09b99fb33dc22822b21fac622b3b3fa09385e7adf

SHA512
be3d75538ed80f259436469fa6e183d0d1767ac6af678d5ba6574da04419be6f80e74d3871b637e981966112b8cb62a0344c9e8e7459c30d17d7677346108b6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe

Filesize
468KB

MD5
9a59bbe91bddccae9ed3070b6a4f7d3b

SHA1
c31af413e1d8dbc45810e4123b4b1dbc479d64c2

SHA256
8718efc7ab85dda08ce13b347dd545e6d30ab375339245b91a6ea932fbcd831d

SHA512
92aec06077294fe3b666b8dcdf00a3f90bf8c6816dffba2c08450299e77914adeed14d67c17f72873952c99d3c97e4cd154820179f9e9a769dadf51a1ccb68a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe

Filesize
468KB

MD5
ebed8bdb4eceaf93bbb67af89953191f

SHA1
1272bda01c807cff5dc0442071d5ffe83a9252d8

SHA256
d6be0b6a1ff8d9c40eb1c140b3b67de2885df3204b9d12da4ece93fdddfb26cd

SHA512
896c06710ab45faf17883c735705b9536dbe2d09593e82a5afc6d90150882a9e1d1d3b610ab1e34bf789d816cf9c749eb7ad935f315e314edcfcbc2fe6069bc2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe

Filesize
468KB

MD5
58d2da82ec2611337fe13032c6536acc

SHA1
a8fabf45d2545c2ed0cd78f3dbf54578701f6e46

SHA256
8fa33a70e169ba327966deb1be73725496e7f71ab472e3d868cbac81090e8668

SHA512
fe72d319bdf86d6a40763c23b3b43d3688aa3eddabd8f383db4a369a99a583dac23acd0584b4e82c585b36866911770f3566667d98f4393c6a0555c7dabfea72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13972.exe

Filesize
468KB

MD5
44b45807024ba447ecf919f8346c78f2

SHA1
130c079a0779e126400027ebae23317cfdcc10c1

SHA256
d45c9d9971c69de535c60cfaa75f9c99347f06b685c43f96ef577b2d69f97876

SHA512
9f07b57e26acf8d4d9460755cf42b83b631e82175d18686498786c10906a3a54feffca23b77a9bc16e2f97a9f38f985f81dfc1e1f0e707a9643ba6c3341f515c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe

Filesize
468KB

MD5
7540895df38dd0a11a158d431e734954

SHA1
5dbb38cf656751730fc76b85788365b9f3884827

SHA256
3d741e87903f342d9bf00b61ccc2c8819ba19891d709578f4ad14293520c61d7

SHA512
72ee72a73b1cd7a0153e06c479d15aadf1b5cf48e8c06521c864130c1d923a47d4969003f0d02a1d8f354327f15d59515ddaaf2719223616e9847be0c734c88f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19148.exe

Filesize
468KB

MD5
6b2a829fb87b5689cab13a5b09ad1df0

SHA1
d1b82999d3d899714fd6f7b295198a17a7d9b2d6

SHA256
856e2be47aa097c52a013ed2678502ef82f0f9c8de3e0e3b6110ec464891d945

SHA512
f5593cf6bccca14c31dbcd9e845a5023d57c23e73878ef8a5c056bc5b5e616e0cbd8b1994200e77282d5ae6836a19482c426a08bec5bae04f55fd024be763937

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3459.exe

Filesize
468KB

MD5
65edcf1f6e62f9dccfec592f2f1a9d78

SHA1
9098a5437d08821fce8ba9a54e9094e69dc2a234

SHA256
c8e7d53f9331289a0517c09470e72fee529ea8cae3da7b261960abc4f7d12897

SHA512
bb592a0bd26b658b52c5469709fa691bc4ca47ef13ab06f3c32253e5ee221a8f90cf0d53f01ba20e8e21e1ca62bac0146f6736b39ed6994c3a85594511d4d2d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe

Filesize
468KB

MD5
6aa2bc96fc2f42a6dc7106fa3e65c838

SHA1
47c17a881bbf8a9a776da366d04b5c4497867374

SHA256
7573ae4fcf08afc72ba72a8d01583f2c68b8fbb0f8a9ef2d135729b66a205836

SHA512
4970b72cd16ab8da45275ddbfb6504ff9e16617e6431cbe3af0c81157aac8e3df5737543a003adedcd10390d33cc30cbf9826772c5153ea19285dc4bd4ba67ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe

Filesize
468KB

MD5
8cf77a70c85e30ff7d8b5864361abc81

SHA1
700a7a666553b893625b8a05c2a3cbf288413570

SHA256
fe8d77d712e89daa3bdf29f58b0237f856488e58accba9fe30991bd16bd72fc0

SHA512
7be7152b59dc4db8f20491ca0a6de26fe74eaa77204727098bfdfe74ca08cc20b70ee2d99e8937cc84cbe571e405e62ea8fd01c6b30a815c1bf9fbda88502dca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44392.exe

Filesize
468KB

MD5
fc24f8602e37182cebd0716f7f23e9a5

SHA1
95fcafb165042af10e794c45cd76b38c25902e94

SHA256
e8e2b6c3a30cba6947dd120381eba0fd73d606e1d156ef3bd1d6aa1518d1f0eb

SHA512
7c22c8fb4a604095b6c2b79c4f2d28b9a9e6e4360fd392a34aca5da0d66e9ec54f13d4bb799c8e56003f137f73cb1bd2274975ba81946a552137e3f6e26c0c64

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44547.exe

Filesize
468KB

MD5
a02e42e46ac04e9d1cea7ee0c7d10047

SHA1
38e3113267bc29bb632e9644a920b9b8c697a7bc

SHA256
3489b39372fb8fc4d2734a4027b6838d1cb1ffcaa40cbbaa45a6b13699992b5f

SHA512
ea3f7c97ad12baa92902030a591c194ce36b7a4f2c66c3ff6590dee8755b95a7e7bbfc8e02962a5f79038db4447df2305b050002888ec01fe9a2dfc2f4ddd52e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45736.exe

Filesize
468KB

MD5
6910fe6eb148380b6467994bbab12980

SHA1
e3fefbd8c3aa7319b92cb848d5f9176ef828a8cb

SHA256
ff338a51b1b6178d2049825f99192bfe4afbf67133c1b6ddbd02b1296413629e

SHA512
96c1f38e8a914c7a44135fb869742dd5459538152b85e1023c77a2f01bf15c6270b134f375ebab4b260ca68bbb2946e38149aca8763ee2a93c3606923d3ecf0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48510.exe

Filesize
468KB

MD5
624bee97f7e07824371361bc0510d7af

SHA1
aad76dc7ecce2dc5c5234ea198c632099678608a

SHA256
27eb72ae2b8b7b4679c9a10ec1c703404da707e71fb5a75806074fa3a1e9af09

SHA512
0e355323ac91a88e7d890d3533576dcbb5f0b54afe1f91fa0238084a5df881d4d954cab50a998dc83d9e549d0010946b7e1384e147d15c407109211bd2aef9a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe

Filesize
468KB

MD5
b29560e047a8df9429fcde2b34c49e11

SHA1
493f902e73cccb7062a92186f2301a92b87220f4

SHA256
d5d7e6a02b5579dab6fdbfa3efcff1ee0376d0c5098933237a12c7d8cf3e5752

SHA512
e0097ce32e4f8206046cd5b0949409931ff9772a5de97368c85bfd1c56d23b4c49e832d366fb335d45e637047d20437c365150432991e53927821ca6a34afcc1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57614.exe

Filesize
468KB

MD5
b6aa21988ba8eeb42d082ef265df8bae

SHA1
fdd11a7bcdf91e275c637158b8ee9aa2acadad5c

SHA256
cc50350eb89b4f18c613694f12c8e5fbff93d08613846ffd603cd5b8c4cbff31

SHA512
fa44690834cda08f862408de1cff7c54d145c70b65c0643b2c4005cc29897a4d8fdd2dc1cae6b71224788b63acf28d97c1173a264c5f3e85b6d3ba7fc1059eb1

Download Submit
memory/628-408-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/628-406-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/628-233-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/940-97-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/940-202-0x0000000000520000-0x0000000000595000-memory.dmp

Filesize
468KB

Download
memory/940-207-0x0000000000520000-0x0000000000595000-memory.dmp

Filesize
468KB

Download
memory/940-389-0x0000000000520000-0x0000000000595000-memory.dmp

Filesize
468KB

Download
memory/1060-340-0x0000000002500000-0x0000000002575000-memory.dmp

Filesize
468KB

Download
memory/1060-165-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1120-420-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1120-357-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/1120-10-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/1120-358-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/1120-11-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/1120-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1120-163-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/1120-161-0x0000000002600000-0x0000000002675000-memory.dmp

Filesize
468KB

Download
memory/1312-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1312-355-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1312-343-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1456-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1460-168-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1460-259-0x0000000001EA0000-0x0000000001F15000-memory.dmp

Filesize
468KB

Download
memory/1540-284-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1560-275-0x0000000000520000-0x0000000000595000-memory.dmp

Filesize
468KB

Download
memory/1560-130-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1560-281-0x0000000000520000-0x0000000000595000-memory.dmp

Filesize
468KB

Download
memory/1608-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1732-403-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1800-427-0x0000000001D80000-0x0000000001DF5000-memory.dmp

Filesize
468KB

Download
memory/1800-250-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1992-260-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2068-411-0x00000000024D0000-0x0000000002545000-memory.dmp

Filesize
468KB

Download
memory/2068-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2092-239-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2092-428-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2092-238-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2092-118-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2108-402-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2176-282-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2180-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2236-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2260-342-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2260-359-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2260-209-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2276-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2276-305-0x0000000002870000-0x00000000028E5000-memory.dmp

Filesize
468KB

Download
memory/2276-303-0x0000000002870000-0x00000000028E5000-memory.dmp

Filesize
468KB

Download
memory/2304-329-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2324-269-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2332-360-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2392-409-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2416-116-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-27-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/2480-268-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/2480-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2480-167-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/2480-61-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/2480-266-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/2480-166-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/2480-20-0x00000000025D0000-0x0000000002645000-memory.dmp

Filesize
468KB

Download
memory/2524-418-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2532-177-0x0000000001D70000-0x0000000001DE5000-memory.dmp

Filesize
468KB

Download
memory/2532-85-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2532-328-0x0000000001D70000-0x0000000001DE5000-memory.dmp

Filesize
468KB

Download
memory/2532-172-0x0000000001D70000-0x0000000001DE5000-memory.dmp

Filesize
468KB

Download
memory/2532-327-0x0000000001D70000-0x0000000001DE5000-memory.dmp

Filesize
468KB

Download
memory/2604-295-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2628-136-0x0000000002890000-0x0000000002905000-memory.dmp

Filesize
468KB

Download
memory/2628-162-0x0000000002890000-0x0000000002905000-memory.dmp

Filesize
468KB

Download
memory/2628-311-0x0000000002890000-0x0000000002905000-memory.dmp

Filesize
468KB

Download
memory/2628-307-0x0000000002890000-0x0000000002905000-memory.dmp

Filesize
468KB

Download
memory/2628-64-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-129-0x0000000002830000-0x00000000028A5000-memory.dmp

Filesize
468KB

Download
memory/2636-37-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2636-67-0x0000000003360000-0x00000000033D5000-memory.dmp

Filesize
468KB

Download
memory/2636-285-0x0000000002830000-0x00000000028A5000-memory.dmp

Filesize
468KB

Download
memory/2636-283-0x0000000002830000-0x00000000028A5000-memory.dmp

Filesize
468KB

Download
memory/2636-128-0x0000000003360000-0x00000000033D5000-memory.dmp

Filesize
468KB

Download
memory/2656-369-0x00000000023C0000-0x0000000002435000-memory.dmp

Filesize
468KB

Download
memory/2656-210-0x00000000023C0000-0x0000000002435000-memory.dmp

Filesize
468KB

Download
memory/2656-50-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2656-368-0x00000000023C0000-0x0000000002435000-memory.dmp

Filesize
468KB

Download
memory/2656-211-0x00000000023C0000-0x0000000002435000-memory.dmp

Filesize
468KB

Download
memory/2752-249-0x00000000023E0000-0x0000000002455000-memory.dmp

Filesize
468KB

Download
memory/2752-245-0x00000000023E0000-0x0000000002455000-memory.dmp

Filesize
468KB

Download
memory/2756-354-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2928-48-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2928-225-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2928-397-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2928-398-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2928-232-0x0000000000380000-0x00000000003F5000-memory.dmp

Filesize
468KB

Download
memory/2964-294-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2964-164-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2964-293-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/3040-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download