b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29

Analysis

max time kernel
118s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05-10-2024 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe
Size

468KB
MD5

429206e5324ad6cf67092acd5dfbe800
SHA1

74e245b91f7cb5079d0cee10f70365681a96b219
SHA256

b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29
SHA512

152faf351137a5f4bbd4cade2a08ab0e2fcd5e564b83ccdbe5ea81485755ff932a06f665646def05b89840643fe1226fc3703f43eb5c98e32651309dce4c040e
SSDEEP

3072:VPGjovItIA5vtbYZJgQ5OfDVrrCwkqUpXlmHeVSwQvlUvfIM9wDKx:VP+opwvtmJZ5OfJ4XavlqQM9w

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2516	Unicorn-51868.exe
2456	Unicorn-56292.exe
2336	Unicorn-36618.exe
2748	Unicorn-43489.exe
2752	Unicorn-63163.exe
2936	Unicorn-24360.exe
2804	Unicorn-46827.exe
2200	Unicorn-17606.exe
2584	Unicorn-60484.exe
2372	Unicorn-48633.exe
1728	Unicorn-693.exe
2248	Unicorn-38768.exe
2600	Unicorn-46365.exe
1536	Unicorn-20428.exe
1324	Unicorn-16153.exe
2652	Unicorn-5068.exe
1092	Unicorn-1731.exe
576	Unicorn-40237.exe
2172	Unicorn-58747.exe
2184	Unicorn-42484.exe
2000	Unicorn-57787.exe
1872	Unicorn-28452.exe
1084	Unicorn-61316.exe
1660	Unicorn-40874.exe
836	Unicorn-44212.exe
1340	Unicorn-57403.exe
1328	Unicorn-10278.exe
680	Unicorn-10086.exe
1840	Unicorn-37013.exe
2380	Unicorn-1156.exe
2208	Unicorn-43173.exe
2988	Unicorn-25240.exe
2916	Unicorn-31784.exe
1612	Unicorn-11918.exe
2076	Unicorn-58326.exe
2836	Unicorn-15255.exe
2692	Unicorn-10465.exe
2696	Unicorn-29947.exe
2776	Unicorn-23704.exe
2764	Unicorn-48587.exe
2252	Unicorn-31544.exe
1688	Unicorn-11839.exe
2564	Unicorn-50642.exe
3060	Unicorn-2868.exe
1136	Unicorn-33272.exe
1552	Unicorn-48156.exe
1532	Unicorn-35157.exe
1704	Unicorn-29903.exe
2004	Unicorn-36034.exe
1144	Unicorn-2292.exe
1920	Unicorn-37004.exe
1916	Unicorn-17403.exe
2500	Unicorn-20357.exe
2236	Unicorn-30386.exe
3000	Unicorn-52645.exe
2388	Unicorn-52645.exe
2064	Unicorn-62300.exe
404	Unicorn-56170.exe
2312	Unicorn-62035.exe
1624	Unicorn-45772.exe
1760	Unicorn-25522.exe
1556	Unicorn-56934.exe
532	Unicorn-48351.exe
2116	Unicorn-14972.exe

Loads dropped DLL 64 IoCs

pid	Process
2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe
2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe
2516	Unicorn-51868.exe
2516	Unicorn-51868.exe
2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe
2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe
2516	Unicorn-51868.exe
2456	Unicorn-56292.exe
2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe
2456	Unicorn-56292.exe
2516	Unicorn-51868.exe
2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe
2336	Unicorn-36618.exe
2336	Unicorn-36618.exe
2748	Unicorn-43489.exe
2748	Unicorn-43489.exe
2516	Unicorn-51868.exe
2516	Unicorn-51868.exe
2804	Unicorn-46827.exe
2804	Unicorn-46827.exe
2752	Unicorn-63163.exe
2336	Unicorn-36618.exe
2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe
2456	Unicorn-56292.exe
2936	Unicorn-24360.exe
2752	Unicorn-63163.exe
2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe
2336	Unicorn-36618.exe
2456	Unicorn-56292.exe
2936	Unicorn-24360.exe
2200	Unicorn-17606.exe
2200	Unicorn-17606.exe
2748	Unicorn-43489.exe
2748	Unicorn-43489.exe
2584	Unicorn-60484.exe
2584	Unicorn-60484.exe
2516	Unicorn-51868.exe
2516	Unicorn-51868.exe
2372	Unicorn-48633.exe
2372	Unicorn-48633.exe
2804	Unicorn-46827.exe
2804	Unicorn-46827.exe
1728	Unicorn-693.exe
1728	Unicorn-693.exe
2936	Unicorn-24360.exe
1324	Unicorn-16153.exe
2936	Unicorn-24360.exe
1324	Unicorn-16153.exe
2248	Unicorn-38768.exe
2248	Unicorn-38768.exe
2752	Unicorn-63163.exe
2752	Unicorn-63163.exe
2600	Unicorn-46365.exe
1536	Unicorn-20428.exe
2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe
2600	Unicorn-46365.exe
2456	Unicorn-56292.exe
1536	Unicorn-20428.exe
2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe
2456	Unicorn-56292.exe
2336	Unicorn-36618.exe
2336	Unicorn-36618.exe
2652	Unicorn-5068.exe
2652	Unicorn-5068.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3248	1624	WerFault.exe	90

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19231.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4232.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12706.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41773.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5864.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17391.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22448.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30818.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43418.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34554.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59968.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39025.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50438.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27620.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33261.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13553.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20357.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53264.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-354.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17935.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40237.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28241.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55362.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12843.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42420.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33029.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5068.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47146.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49019.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10465.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44869.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21384.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe
2516	Unicorn-51868.exe
2456	Unicorn-56292.exe
2336	Unicorn-36618.exe
2748	Unicorn-43489.exe
2752	Unicorn-63163.exe
2804	Unicorn-46827.exe
2936	Unicorn-24360.exe
2200	Unicorn-17606.exe
2584	Unicorn-60484.exe
2372	Unicorn-48633.exe
1324	Unicorn-16153.exe
2248	Unicorn-38768.exe
2600	Unicorn-46365.exe
1728	Unicorn-693.exe
1536	Unicorn-20428.exe
2652	Unicorn-5068.exe
1092	Unicorn-1731.exe
576	Unicorn-40237.exe
2172	Unicorn-58747.exe
2184	Unicorn-42484.exe
2000	Unicorn-57787.exe
1872	Unicorn-28452.exe
1084	Unicorn-61316.exe
1660	Unicorn-40874.exe
1340	Unicorn-57403.exe
836	Unicorn-44212.exe
680	Unicorn-10086.exe
1840	Unicorn-37013.exe
2380	Unicorn-1156.exe
1328	Unicorn-10278.exe
2208	Unicorn-43173.exe
2988	Unicorn-25240.exe
1612	Unicorn-11918.exe
2916	Unicorn-31784.exe
2076	Unicorn-58326.exe
2836	Unicorn-15255.exe
2692	Unicorn-10465.exe
2696	Unicorn-29947.exe
2776	Unicorn-23704.exe
2764	Unicorn-48587.exe
2252	Unicorn-31544.exe
1688	Unicorn-11839.exe
2564	Unicorn-50642.exe
3060	Unicorn-2868.exe
1552	Unicorn-48156.exe
1136	Unicorn-33272.exe
1144	Unicorn-2292.exe
1532	Unicorn-35157.exe
1704	Unicorn-29903.exe
1916	Unicorn-17403.exe
1920	Unicorn-37004.exe
2004	Unicorn-36034.exe
2500	Unicorn-20357.exe
2236	Unicorn-30386.exe
3000	Unicorn-52645.exe
2388	Unicorn-52645.exe
404	Unicorn-56170.exe
2312	Unicorn-62035.exe
2064	Unicorn-62300.exe
1624	Unicorn-45772.exe
1760	Unicorn-25522.exe
1556	Unicorn-56934.exe
532	Unicorn-48351.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2516	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	30
PID 2976 wrote to memory of 2516	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	30
PID 2976 wrote to memory of 2516	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	30
PID 2976 wrote to memory of 2516	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	30
PID 2516 wrote to memory of 2456	2516	Unicorn-51868.exe	32
PID 2516 wrote to memory of 2456	2516	Unicorn-51868.exe	32
PID 2516 wrote to memory of 2456	2516	Unicorn-51868.exe	32
PID 2516 wrote to memory of 2456	2516	Unicorn-51868.exe	32
PID 2976 wrote to memory of 2336	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	33
PID 2976 wrote to memory of 2336	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	33
PID 2976 wrote to memory of 2336	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	33
PID 2976 wrote to memory of 2336	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	33
PID 2456 wrote to memory of 2752	2456	Unicorn-56292.exe	35
PID 2456 wrote to memory of 2752	2456	Unicorn-56292.exe	35
PID 2456 wrote to memory of 2752	2456	Unicorn-56292.exe	35
PID 2456 wrote to memory of 2752	2456	Unicorn-56292.exe	35
PID 2516 wrote to memory of 2748	2516	Unicorn-51868.exe	34
PID 2516 wrote to memory of 2748	2516	Unicorn-51868.exe	34
PID 2516 wrote to memory of 2748	2516	Unicorn-51868.exe	34
PID 2516 wrote to memory of 2748	2516	Unicorn-51868.exe	34
PID 2976 wrote to memory of 2936	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	36
PID 2976 wrote to memory of 2936	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	36
PID 2976 wrote to memory of 2936	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	36
PID 2976 wrote to memory of 2936	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	36
PID 2336 wrote to memory of 2804	2336	Unicorn-36618.exe	37
PID 2336 wrote to memory of 2804	2336	Unicorn-36618.exe	37
PID 2336 wrote to memory of 2804	2336	Unicorn-36618.exe	37
PID 2336 wrote to memory of 2804	2336	Unicorn-36618.exe	37
PID 2748 wrote to memory of 2200	2748	Unicorn-43489.exe	38
PID 2748 wrote to memory of 2200	2748	Unicorn-43489.exe	38
PID 2748 wrote to memory of 2200	2748	Unicorn-43489.exe	38
PID 2748 wrote to memory of 2200	2748	Unicorn-43489.exe	38
PID 2516 wrote to memory of 2584	2516	Unicorn-51868.exe	39
PID 2516 wrote to memory of 2584	2516	Unicorn-51868.exe	39
PID 2516 wrote to memory of 2584	2516	Unicorn-51868.exe	39
PID 2516 wrote to memory of 2584	2516	Unicorn-51868.exe	39
PID 2804 wrote to memory of 2372	2804	Unicorn-46827.exe	40
PID 2804 wrote to memory of 2372	2804	Unicorn-46827.exe	40
PID 2804 wrote to memory of 2372	2804	Unicorn-46827.exe	40
PID 2804 wrote to memory of 2372	2804	Unicorn-46827.exe	40
PID 2752 wrote to memory of 1728	2752	Unicorn-63163.exe	41
PID 2752 wrote to memory of 1728	2752	Unicorn-63163.exe	41
PID 2752 wrote to memory of 1728	2752	Unicorn-63163.exe	41
PID 2752 wrote to memory of 1728	2752	Unicorn-63163.exe	41
PID 2976 wrote to memory of 2248	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	43
PID 2976 wrote to memory of 2248	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	43
PID 2976 wrote to memory of 2248	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	43
PID 2976 wrote to memory of 2248	2976	b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe	43
PID 2336 wrote to memory of 2600	2336	Unicorn-36618.exe	42
PID 2336 wrote to memory of 2600	2336	Unicorn-36618.exe	42
PID 2336 wrote to memory of 2600	2336	Unicorn-36618.exe	42
PID 2336 wrote to memory of 2600	2336	Unicorn-36618.exe	42
PID 2456 wrote to memory of 1536	2456	Unicorn-56292.exe	44
PID 2456 wrote to memory of 1536	2456	Unicorn-56292.exe	44
PID 2456 wrote to memory of 1536	2456	Unicorn-56292.exe	44
PID 2456 wrote to memory of 1536	2456	Unicorn-56292.exe	44
PID 2936 wrote to memory of 1324	2936	Unicorn-24360.exe	45
PID 2936 wrote to memory of 1324	2936	Unicorn-24360.exe	45
PID 2936 wrote to memory of 1324	2936	Unicorn-24360.exe	45
PID 2936 wrote to memory of 1324	2936	Unicorn-24360.exe	45
PID 2200 wrote to memory of 2652	2200	Unicorn-17606.exe	46
PID 2200 wrote to memory of 2652	2200	Unicorn-17606.exe	46
PID 2200 wrote to memory of 2652	2200	Unicorn-17606.exe	46
PID 2200 wrote to memory of 2652	2200	Unicorn-17606.exe	46

C:\Users\Admin\AppData\Local\Temp\b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe
"C:\Users\Admin\AppData\Local\Temp\b5512989501be9432fc2bbb01e8c5781db15316195837ea0ec95b27c002eee29N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50642.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        8⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65304.exe
        8⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        7⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
        7⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
        7⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        7⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23452.exe
        8⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        7⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        7⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        7⤵
        
        PID:5384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63804.exe
        6⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31349.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
        6⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53146.exe
        6⤵
        
        PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14110.exe
        8⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        7⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        7⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        7⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49355.exe
        7⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
        7⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        6⤵
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52458.exe
        6⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
        6⤵
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        6⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        7⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        7⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        7⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21095.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
        6⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13577.exe
        5⤵
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        5⤵
        
        PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34374.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13330.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4771.exe
        5⤵
        
        PID:5440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        7⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
        8⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
        9⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12513.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        7⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
        7⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        7⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4080.exe
        6⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60110.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
        6⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
        6⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        6⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        6⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        6⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
        6⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
        6⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
        5⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13553.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5668.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34554.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15121.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        5⤵
        
        PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        5⤵
        
        PID:6364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2292.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        6⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
        6⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        6⤵
        
        PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41085.exe
        5⤵
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        6⤵
        
        PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        5⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22978.exe
        5⤵
        
        PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
        5⤵
        
        PID:5872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37004.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
        5⤵
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
        5⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49631.exe
        5⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43418.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3338.exe
      4⤵
      PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23923.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12843.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40667.exe
      4⤵
      PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
      4⤵
      PID:6016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43489.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48351.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60270.exe
        8⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60709.exe
        8⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
        8⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        8⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49680.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        7⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        7⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41765.exe
        7⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14972.exe
        6⤵
        Executes dropped EXE
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
        8⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56068.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        8⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53960.exe
        7⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23344.exe
        7⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24638.exe
        7⤵
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22673.exe
        6⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26903.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
        6⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
        6⤵
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        6⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
        7⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
        7⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
        7⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        6⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        6⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42509.exe
        6⤵
        
        PID:5060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34330.exe
        6⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49355.exe
        6⤵
        
        PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45703.exe
        5⤵
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
        6⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
        6⤵
        
        PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27535.exe
        5⤵
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
        5⤵
        
        PID:3932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        5⤵
        
        PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12754.exe
        5⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19324.exe
        5⤵
        
        PID:7084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1731.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31784.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        6⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
        7⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        7⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        6⤵
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32890.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23874.exe
        6⤵
        
        PID:4952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        6⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20767.exe
        6⤵
        
        PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
        5⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
        5⤵
        
        PID:3312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58715.exe
        5⤵
        
        PID:4496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
        5⤵
        
        PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
        5⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4008.exe
        6⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60270.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        6⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
        6⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56224.exe
        5⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56609.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
        6⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
        6⤵
        
        PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34062.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        5⤵
        
        PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        5⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        5⤵
        
        PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17935.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        5⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
        5⤵
        
        PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe
      4⤵
      PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34374.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
      4⤵
      PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4771.exe
      4⤵
      PID:5716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15255.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38801.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        7⤵
        
        PID:4188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39772.exe
        7⤵
        
        PID:5748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
        6⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27620.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        6⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        6⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        6⤵
        
        PID:6700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24998.exe
        5⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        6⤵
        
        PID:5344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20767.exe
        6⤵
        
        PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        5⤵
        
        PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        5⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        6⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
        6⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19298.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53527.exe
        5⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
        5⤵
        
        PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24937.exe
        5⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        6⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64315.exe
        7⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        7⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40156.exe
        7⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        6⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        6⤵
        
        PID:4036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        6⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        6⤵
        
        PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        5⤵
        
        PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
        5⤵
        
        PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59510.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        5⤵
        
        PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
      4⤵
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        5⤵
        
        PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
      4⤵
      PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
      4⤵
      PID:3984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17308.exe
      4⤵
      PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34861.exe
      4⤵
      PID:4816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
      4⤵
      PID:5516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-873.exe
        5⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
        6⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8641.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62754.exe
        6⤵
        
        PID:5776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59755.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        5⤵
        
        PID:5568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
      4⤵
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33971.exe
        5⤵
        
        PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
      4⤵
      PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
      4⤵
      PID:4540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17219.exe
      4⤵
      PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
      4⤵
      PID:5980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23704.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59524.exe
      4⤵
      PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
      4⤵
      PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
      4⤵
      PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34138.exe
      4⤵
      PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
      4⤵
      PID:7056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20109.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20109.exe
    3⤵
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
      4⤵
      PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
      4⤵
      PID:6604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45129.exe
    3⤵
    PID:804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11319.exe
    3⤵
    PID:3324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48914.exe
    3⤵
    PID:4432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12003.exe
    3⤵
    PID:4864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
    3⤵
    PID:5732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46827.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48633.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14204.exe
        6⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
        7⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25248.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3082.exe
        7⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        6⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        6⤵
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        6⤵
        
        PID:4380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
        6⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
        6⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        6⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        6⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        6⤵
        
        PID:4276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
        6⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        6⤵
        
        PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26824.exe
        5⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
        6⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
        7⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        7⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21095.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
        6⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        6⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28539.exe
        5⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        5⤵
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
        5⤵
        
        PID:4800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14435.exe
        5⤵
        
        PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42145.exe
        5⤵
        
        PID:6884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57787.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
        7⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        7⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34374.exe
        6⤵
        
        PID:5104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4771.exe
        6⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41993.exe
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
        6⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        6⤵
        
        PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
        5⤵
        
        PID:3380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
        5⤵
        
        PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
        5⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22295.exe
        6⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-409.exe
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24929.exe
        5⤵
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26193.exe
        5⤵
        
        PID:3908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42509.exe
        5⤵
        
        PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        5⤵
        
        PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
      4⤵
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
      4⤵
      PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
      4⤵
      PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe
      4⤵
      PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5155.exe
      4⤵
      PID:5700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46365.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10278.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        6⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21422.exe
        7⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53659.exe
        7⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        7⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
        6⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        6⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
        6⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        6⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41558.exe
        5⤵
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
        6⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6483.exe
        6⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
        6⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26903.exe
        5⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
        5⤵
        
        PID:4828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47639.exe
        5⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
        5⤵
        
        PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe
        5⤵
        
        PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14333.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        5⤵
        
        PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17514.exe
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        5⤵
        
        PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
      4⤵
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
      4⤵
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
      4⤵
      PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33618.exe
      4⤵
      PID:5984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
        5⤵
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        5⤵
        
        PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        5⤵
        
        PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34861.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
        5⤵
        
        PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39025.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49511.exe
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9713.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33747.exe
      4⤵
      PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
      4⤵
      PID:6000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4008.exe
      4⤵
      PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
      4⤵
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
      4⤵
      PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17795.exe
      4⤵
      PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31637.exe
      4⤵
      PID:5596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
    3⤵
    PID:3044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
    3⤵
    PID:3696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe
    3⤵
    PID:3164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59127.exe
    3⤵
    PID:4752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15437.exe
    3⤵
    PID:5472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
    3⤵
    PID:6496
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
        6⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23203.exe
        7⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33906.exe
        7⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35672.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
        6⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14955.exe
        6⤵
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        5⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        5⤵
        
        PID:4820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48031.exe
        5⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46610.exe
        5⤵
        
        PID:6876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36873.exe
        5⤵
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
        5⤵
        
        PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55678.exe
      4⤵
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        5⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        5⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16745.exe
        5⤵
        
        PID:6668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55273.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
      4⤵
      PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34285.exe
      4⤵
      PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
      4⤵
      PID:5276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40874.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        5⤵
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        6⤵
        
        PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33663.exe
        5⤵
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
        5⤵
        
        PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
        5⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33754.exe
        5⤵
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        5⤵
        
        PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe
      4⤵
      PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
      4⤵
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
      4⤵
      PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22978.exe
      4⤵
      PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38953.exe
      4⤵
      PID:5972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
      4⤵
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10552.exe
        5⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47592.exe
        6⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
        6⤵
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9019.exe
        6⤵
        
        PID:5788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64821.exe
        5⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31379.exe
        6⤵
        
        PID:4148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49019.exe
        6⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53890.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41773.exe
        5⤵
        
        PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
      4⤵
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31339.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
        5⤵
        
        PID:5248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
      4⤵
      PID:5040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
      4⤵
      PID:4216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
      4⤵
      PID:5708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45310.exe
    3⤵
    PID:896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44599.exe
    3⤵
    PID:1648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
    3⤵
    PID:3372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9818.exe
    3⤵
    PID:4236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
    3⤵
    PID:5552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57347.exe
    3⤵
    PID:6660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16872.exe
        5⤵
        
        PID:3020
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        5⤵
        Program crash
        
        PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25709.exe
      4⤵
      PID:300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47399.exe
      4⤵
      PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
      4⤵
      PID:3468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
      4⤵
      PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
      4⤵
      PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59968.exe
      4⤵
      PID:6336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4008.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19231.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe
      4⤵
      PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15191.exe
      4⤵
      PID:6044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30742.exe
    3⤵
    PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
    3⤵
    PID:3772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
    3⤵
    PID:3728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
    3⤵
    PID:4656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42303.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42303.exe
    3⤵
    PID:5364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1156.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1156.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
      4⤵
      PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35120.exe
      4⤵
      PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
      4⤵
      PID:4584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
      4⤵
      PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
      4⤵
      PID:6416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50780.exe
    3⤵
    PID:828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
    3⤵
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32417.exe
    3⤵
    PID:5800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42145.exe
    3⤵
    PID:6892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30386.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30386.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
    3⤵
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21384.exe
      4⤵
      PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39484.exe
      4⤵
      PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52997.exe
      4⤵
      PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
      4⤵
      PID:6716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
    3⤵
    PID:3396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
    3⤵
    PID:4328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
    3⤵
    PID:4412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39555.exe
    3⤵
    PID:5336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39427.exe
  2⤵
  PID:1952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15551.exe
    3⤵
    PID:2360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
    3⤵
    PID:3896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
    3⤵
    PID:5048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
    3⤵
    PID:2192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32021.exe
    3⤵
    PID:5664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39614.exe
  2⤵
  PID:540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
  2⤵
  PID:3540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
  2⤵
  PID:4668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39238.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39238.exe
  2⤵
  PID:5372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33633.exe
  2⤵
  PID:6372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe

Filesize
468KB

MD5
976f35dfc0cd1bee5b35a6aa7443c6bc

SHA1
d9f6277ac1e92bc74860e2c5bd25b882331bf4c8

SHA256
bbd8e959f1ac308a662be69de27a2e37394c8c99d5cd08e0c3c91e0c3ad5e637

SHA512
916519814f6739b82c29b874527dbadb3f20032dcfc40a0b1e86c738c3cb61f3314e2c20865b27fed926d5f76040cec4793f20933d5a94724d57767456eb83e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1731.exe

Filesize
468KB

MD5
3aa0273d61d4e23318ed87e58fb450c3

SHA1
f730c50a513f90cd6bd988b8b2deda8f30f22e90

SHA256
435635ea249b5e0fe5f02b0417cae7ff6186be58beb5592ccbe05b0707cf27fd

SHA512
8c78aa792e9ab1b339563e39e3ce77acfbeb0d19fa7d29d3e6762f846b5291dc33b5b483323b08be6215cacc7123a0e10b0c87a9bf2fae8d44fb791a4200c973

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24360.exe

Filesize
468KB

MD5
4f3bcc1d6465cdd65c52809ebfd9397d

SHA1
2b074c6f8bd34c6ca7b1ec2e71fc9af3614b9093

SHA256
b48aa6c9508e6f97295dfa80ce7c99d776754e1db903d116f84637ae32645ed5

SHA512
be21ec7186fe85af5b50e568403cafbf5fd68ee8e03d140797c9474ed571148514bb39719b30e3c19073321376124d8c5b450058b59ab67590b9d4716c283cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33754.exe

Filesize
468KB

MD5
7f664cb464f5f4f0bf04e99f89d1f00c

SHA1
e78f8737aac855c95b79da56e7b0b78b59cd9ef7

SHA256
14797475abf01d3756fed66a4add14aa48b2c022c080add1fc44eef2ce98e0b2

SHA512
aecf5400adcb69d7667782279a765d996afec96d13283f676508dce05afefa7e44512b8d0cde7fdad69dc959b95f83aa94a75230f35cd0c9251c57d01b87a380

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-354.exe

Filesize
468KB

MD5
f8920bce9a0bbf1a9f4d4e60b1205130

SHA1
843c89b45f6f1b395d23ffd2ebf03a6a7bd3924e

SHA256
bcdac2861182c1183037286ff88d0b225728d614236fea0cd3b3b8cfca14f2f8

SHA512
d90e5792e832c55e6aa5dc622e70f105b4e0df8da64f6d74ec39da9c0052a99bc9de392fd96125c6acd433a43abf0dc023b5dd71582185a16d5f591358649db2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38801.exe

Filesize
468KB

MD5
7cde4f11f275c6c594dba67c7a94d236

SHA1
034b3d048dfa9c39bbfddb08dad04a0ce3bc2ea4

SHA256
38d9f3c143e28c8510ce72837acca2fa8693022471c1298205672217436b8509

SHA512
1154a2895329dfb1fee86a19a53e58467f0b4ef78bdfe535023f5fcb6738307c2943808b470a053b93436897386495c179054197175be50fd457fd7c07af6c98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46827.exe

Filesize
468KB

MD5
2e3d42669e262257d801925590ab4a29

SHA1
9877ba15e6184fc8a1416c7ab762d093ea402cfd

SHA256
25b318f2978a20de939ea278db6fdb1c152af854d1a9f796d76eb400dc607d74

SHA512
324a045fd3f72fb17122fc14fd496f26fccfc15ee4e6489b16bedc9b45c07ccdc6affc09a89122b9f9b9e70a955e36cae7f61efc5980fb6af7a6b2803ceeb9eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe

Filesize
468KB

MD5
fb75d3dccebb33e8f5894d490a879e1e

SHA1
004053d6ab4e9ed5544caccb27bc7eb562ec0f34

SHA256
e9c0fba8791f8ba7c51908e9526b66c774740c64baf5d452b1026d29febe51e2

SHA512
72745bb81a8db7f044a325af611841c0e91dd6a507732016f27c598dd96fbb33d3ee424fdcd29cc1e5b1cdc3c20c905601aa16e88e5aa8e22a168f8f784c19f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50468.exe

Filesize
468KB

MD5
4ff1fd35a21b72f33bb888aba51216f6

SHA1
6cf6532beabe4819ced69b55c82e95f7336b6d16

SHA256
23fbf13ca59dccaa54054401a2f4f33f52adc4a435fadcf93b2d04de17fc85b5

SHA512
008ba41dbbbd3349889217e73f1b3353ef424247e3c172a8837d9747d4a26b906fe901fd8ab427a6271da7e4819a404fd77be86373dc9994c555cc2bbd597a64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56292.exe

Filesize
468KB

MD5
676aea4b859dcebf56343fad4143bd5e

SHA1
22a4ab188fd22c7b7128ae8791bf7474f27b6192

SHA256
d13eb6e28963dc078b017119922a8329dacc7117cf2ec82befb96148d5aaa1fa

SHA512
afb81aaebf1a70d070eec709ecf5f4c49bf752dc1942c4d6e9f98d7ed3979928dfd97b79da4e2eeb02a79f9563b779b93ee2c075bf2c0ec6fd4dbc7d1a48b237

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe

Filesize
468KB

MD5
157580c14420c6f1053be7ecfad987ed

SHA1
7ed5a6cb5b236476af35034e367212d3309815c1

SHA256
7ec0e48aa30da17df20ed4938586d90a1a9eeb1bcea9f753729dcd10b58022b8

SHA512
463eb1afecf9f7e87f39fba9b957c4530fe3c0c8cc4e360c072cfa9868dd312ca52caaa1529438fb90f69d219c50d3bf5f85b01ec85cbb10842de49617d5cfce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe

Filesize
468KB

MD5
edc01554a159fda8131d23d7566fa577

SHA1
f98a2bc1ff46c6769a886d1f80da0fc95423be76

SHA256
5da9886d56376cc5e0ff340e150e1c655313d8fb8e3d8f3a1f091b21598c9056

SHA512
d22f0d4caddeac9f3a5cd0ccc5356bf658c415b6f5af53fcf78c24c791cf6472562e9d134d85541b57f871f7c4553b2dcf460676b74c5ed352f86c8d2f7d5eca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe

Filesize
468KB

MD5
840c8829fd1ac317fb3aa894cb1a7267

SHA1
847db166a911a7350837a379eabb438cd4746433

SHA256
b1884ba57a9915b46c53eec6153ad4b8a6d7156cfd64de3eb3d4119d0880c5dd

SHA512
d15ac223cce5b35e08520cd236827702b38bcce5305402f46e888e097425e30436d4d08b9840137dd38242245f2081d3eceaa64d8ed8fc2248898ea4bdde5b3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe

Filesize
468KB

MD5
19f840b367b6435a03bf7ce3daf9cc33

SHA1
d2229e4fa2e302b8179d4c72daf96012de3edcbf

SHA256
6b5d80f967998ed365a4b2675d0f2d9295701411d05c6594708ff237b0b0c40c

SHA512
a64f73291340be0bee5b15e213282d778df04df9bbccd6ed29ac0cceb3f44cdc9b4f8c3382b70527f6fe191725c84ab0804fe1d99cf5eedca575b3ad93814e90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36618.exe

Filesize
468KB

MD5
7c5c5db8019f96dd33e3115ea0a47544

SHA1
97e407fe72e6de9bb8da50a2abc99f7a0c9e1703

SHA256
3a39b16bb31c07141e20376571fbc7d5826edf316313b76c2bf6d38d18d9e3de

SHA512
ea96affb65e5cc9fe22a51c6a40fa4bab866c2acff5e25500115e29f9c5c1a5c8df4b1be4a425838d54c444d6b00724a647346a5ab8de9742a5debc3b332a105

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe

Filesize
468KB

MD5
39b4d76f98923bd9b1d0855bde266d18

SHA1
e883933c5bbfd3c2bbc0f394302249333214c271

SHA256
b12774f75d6e54ad69c0f0e59e348a32fc237e20843fe67260bbdd69a4392faa

SHA512
b8e75a974168001711969873c84398ebd61d9a07a3574f2a5dd8f317664c24d6dded4bf3a69ff1a78b095776085b480ea93d25b4f9cd459a59e3bcb6185bb5df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe

Filesize
468KB

MD5
326165f25eca1718a0c38f8cf32f72a5

SHA1
d7a0e165076aecf25bbf20a45de6e9fa984b9fbc

SHA256
dee5f8c91dc74de9da8c54473d25d353ace8e59b6d538291c261af43aee27a07

SHA512
0169e439bb3888dbe6f1e4138b730e199156159e70d70678928e6cdeea7b25e156cc2f09b3a31fb14e2bd9b1e12e91d435f4df4bacff3a50d7524d853c05ccfd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43489.exe

Filesize
468KB

MD5
5c2650d5ca88353eaf07448ae8785aaf

SHA1
f3f101895b77ba1e0e680b1fd10d7b646464ce94

SHA256
86b77ca7637ece7a1a7cc0df8be2f8ff0e39432d76c89210d00d5ff021267c26

SHA512
b1a7e08f5512e94da41c748725a54a37bcd627a9ec9e43de5a009f9bb10ceaa3fc067224a44aaf660ef6ba2b0821a7e70db500f71d387765fda2a97e39a6ba9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46365.exe

Filesize
468KB

MD5
c7afb7c9b581dac6366a5ab1ce7a434b

SHA1
5ef3f2d77b2f3d61764b42ffad4a50f11d755f81

SHA256
6a84e335958bf487703e0ed386b1e11b3b2c61f9c6fd7419fa3dc20fc6de50bc

SHA512
d4cbab9c59de224668dd01d75aa931e1f030ff2d169c399484720e707101d796ad1c7fd697a7143fb283b7e3858b4e784ad61df718ca3b1a15781e73b631aea7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48633.exe

Filesize
468KB

MD5
37f2b541fa18733fc1a860baa3b487de

SHA1
4c158614ec79b367bd02767921bb0edef8febaaf

SHA256
96dd93eb88b47f427f9383c2522fee271007c4e531f9b1f358ca58218818d9b5

SHA512
425dbce26b850a7e32bf0426f0031a94a26b12c0f6ec212a550192f3a4f27901455802c782019027d918c7b2ddb74119db82cb2b2820158555b20300a27cd230

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe

Filesize
468KB

MD5
ca99b52e3c6b0bc393c2fcc99ff3f202

SHA1
ea80fdaa9139b7a5d68b5f0241e85d1e71c18292

SHA256
d227f3fe7bf8667ff11210623709938142371b1b56bf206a0056603da86adc3c

SHA512
006b0838a56755d314e8055ce0fd133c1878171e8d157c4a36055ccc67f195f02d179af5417900418e874a17175eea162ed7d3bc56af89d9b97538f1aed0e114

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51868.exe

Filesize
468KB

MD5
d15c9fb67fdf69f084fa83c811e044d6

SHA1
778eb0683542cc964818f0730956bec51b96c46b

SHA256
648af2f205cfde3102dc1b644d3751080b06e3964da613589c2716a022ce18d8

SHA512
c5fb39fb28b934c2f3dca9bf1b9deacb54ef0ec28dd1b8a0f7521975fc6365ae43cc4e7e361ae133a53d44b69226d77b61836bbfb1bdfc13dc62c3ec535c4354

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe

Filesize
468KB

MD5
d5e2c40923fbfa90747aa056d354a984

SHA1
36550efcf484a728622c526c4b29ebb7b4753add

SHA256
7a6ccb4036c8c5e7c0d0635c2e5a84ea08e235ec5d11d12e91bd959674834e58

SHA512
2130725f083c2c179ff1c8aa52180fa5fdc066764128c20ae0631347980955d501527c157b2030efd47e6e2c3a91ddb73b4e16c917f02c7ba2c2c151f5e1dcb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe

Filesize
468KB

MD5
ab57e5efee1dfd2d66a371b6d35f506e

SHA1
6c376c4c9b502f4c674ec39d0a698a3ad81f7110

SHA256
c5af654b17a65959368f61b753fad63343687f1a4c95905b0484dfb3a6e7b1ef

SHA512
4ae9dd6285e8f3969bf404084442ea5e2c2fb70acc82df20aa91df04789f3b736b9acca3a4094db72a488862100f14aaeed3a9cc7c2c4a9cfe10fd6cf429201b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe

Filesize
468KB

MD5
ba73c08fde5f1c88c1f3ede7bbe477b7

SHA1
4005e94b9c990bee55e5e1350f532f1ab81e0daa

SHA256
221ea082edb82636d62622797e05be09964606d13dc666dc79dc02b01040e582

SHA512
76da45ef201711dc4859d67ae20f00359a96135bc03ad8301847db3d94bafc873d54284ab188e536686e16ae2f09d089773214602b971148e048459179139095

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-693.exe

Filesize
468KB

MD5
53136e676420954fc9a24ba737df1098

SHA1
dd7c42248f998e4385a3f4a68dc9a982db19b4bd

SHA256
9353ceafdf10b449cc4b1b6f22e5668c77a30b020e735c846efcd6a66b8d6989

SHA512
6493c867d727513106f3d1d496e52ddbd1ef0041a01eacadee079b248d990e7e285a2e3646b8c9474455f6039c2a48f0160cb33b0cf4c4c09c58d0813b6b995c

Download Submit