05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
Size

468KB
MD5

d64e11edc5e067535d23be653989f890
SHA1

aaf311ff657ce2df1a1f252c716937fc406b2ef0
SHA256

05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3
SHA512

a397c185a27a0917f0ab176ad6077593e40782fdd18574f4e37cc08f3bdbd4ca962d21752a127a5395e45c64030310b84fe1c480dea158536b87993280952b3c
SSDEEP

3072:08AXogtdId5UtbYGPzQjcc8/G2A4D3p5hmHenVXdylKkzvEgtFl6:08Eo1bUt5PMjcccZdzylfLEgt

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2784	Unicorn-28742.exe
2732	Unicorn-4398.exe
2560	Unicorn-46241.exe
3012	Unicorn-32819.exe
1516	Unicorn-57263.exe
2908	Unicorn-49095.exe
796	Unicorn-29229.exe
1828	Unicorn-48830.exe
2272	Unicorn-30040.exe
2840	Unicorn-61679.exe
600	Unicorn-24176.exe
576	Unicorn-32344.exe
236	Unicorn-26213.exe
1708	Unicorn-6879.exe
324	Unicorn-54441.exe
1136	Unicorn-43505.exe
2104	Unicorn-38670.exe
1520	Unicorn-43308.exe
2940	Unicorn-61721.exe
1792	Unicorn-63951.exe
2172	Unicorn-29049.exe
3040	Unicorn-35799.exe
708	Unicorn-39713.exe
2972	Unicorn-18586.exe
2108	Unicorn-23193.exe
2328	Unicorn-3858.exe
2692	Unicorn-29324.exe
2056	Unicorn-29324.exe
2944	Unicorn-1290.exe
2680	Unicorn-13864.exe
2592	Unicorn-37419.exe
2596	Unicorn-36527.exe
2072	Unicorn-11830.exe
2872	Unicorn-5700.exe
2240	Unicorn-43543.exe
2880	Unicorn-23677.exe
2608	Unicorn-31845.exe
1648	Unicorn-20466.exe
2852	Unicorn-44513.exe
1804	Unicorn-20850.exe
1132	Unicorn-47392.exe
1316	Unicorn-33656.exe
1872	Unicorn-4129.exe
2988	Unicorn-15291.exe
3000	Unicorn-59313.exe
436	Unicorn-45629.exe
1100	Unicorn-45629.exe
1356	Unicorn-49500.exe
2040	Unicorn-16635.exe
2336	Unicorn-3636.exe
2196	Unicorn-30178.exe
2092	Unicorn-52651.exe
308	Unicorn-52956.exe
2808	Unicorn-12188.exe
2704	Unicorn-4020.exe
2568	Unicorn-26381.exe
2548	Unicorn-1916.exe
2612	Unicorn-63924.exe
580	Unicorn-12698.exe
2896	Unicorn-18637.exe
2344	Unicorn-4718.exe
1808	Unicorn-57256.exe
1876	Unicorn-18720.exe
2404	Unicorn-64391.exe

Loads dropped DLL 64 IoCs

pid	Process
2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2652	WerFault.exe
2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
2732	Unicorn-4398.exe
2732	Unicorn-4398.exe
2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
2560	Unicorn-46241.exe
3012	Unicorn-32819.exe
3012	Unicorn-32819.exe
2560	Unicorn-46241.exe
2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
2732	Unicorn-4398.exe
2732	Unicorn-4398.exe
2908	Unicorn-49095.exe
2908	Unicorn-49095.exe
3012	Unicorn-32819.exe
3012	Unicorn-32819.exe
796	Unicorn-29229.exe
2732	Unicorn-4398.exe
1828	Unicorn-48830.exe
796	Unicorn-29229.exe
2732	Unicorn-4398.exe
1828	Unicorn-48830.exe
1516	Unicorn-57263.exe
1516	Unicorn-57263.exe
2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
2560	Unicorn-46241.exe
2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
2560	Unicorn-46241.exe
2272	Unicorn-30040.exe
2272	Unicorn-30040.exe
2908	Unicorn-49095.exe
2908	Unicorn-49095.exe
2840	Unicorn-61679.exe
2840	Unicorn-61679.exe
3012	Unicorn-32819.exe
3012	Unicorn-32819.exe
1708	Unicorn-6879.exe
1708	Unicorn-6879.exe
1516	Unicorn-57263.exe
1516	Unicorn-57263.exe
576	Unicorn-32344.exe
576	Unicorn-32344.exe
1828	Unicorn-48830.exe
1828	Unicorn-48830.exe
2560	Unicorn-46241.exe
2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
2560	Unicorn-46241.exe
600	Unicorn-24176.exe
1136	Unicorn-43505.exe
600	Unicorn-24176.exe
796	Unicorn-29229.exe
236	Unicorn-26213.exe
796	Unicorn-29229.exe
236	Unicorn-26213.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2652	2784	WerFault.exe	30
2520	2692	WerFault.exe	57

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51088.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-676.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61148.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16210.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50344.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42742.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45558.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55072.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64197.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58275.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10730.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16124.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35076.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52143.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61721.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45629.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65260.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33656.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5486.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51067.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31948.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47861.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35990.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38167.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14475.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30704.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50735.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54257.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36877.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11638.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63440.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
2784	Unicorn-28742.exe
2732	Unicorn-4398.exe
2560	Unicorn-46241.exe
3012	Unicorn-32819.exe
2908	Unicorn-49095.exe
796	Unicorn-29229.exe
1516	Unicorn-57263.exe
1828	Unicorn-48830.exe
2272	Unicorn-30040.exe
2840	Unicorn-61679.exe
1708	Unicorn-6879.exe
576	Unicorn-32344.exe
600	Unicorn-24176.exe
236	Unicorn-26213.exe
1136	Unicorn-43505.exe
324	Unicorn-54441.exe
1520	Unicorn-43308.exe
2104	Unicorn-38670.exe
2940	Unicorn-61721.exe
1792	Unicorn-63951.exe
3040	Unicorn-35799.exe
2172	Unicorn-29049.exe
2972	Unicorn-18586.exe
708	Unicorn-39713.exe
2328	Unicorn-3858.exe
2692	Unicorn-29324.exe
2680	Unicorn-13864.exe
2108	Unicorn-23193.exe
2944	Unicorn-1290.exe
2592	Unicorn-37419.exe
2596	Unicorn-36527.exe
2072	Unicorn-11830.exe
2872	Unicorn-5700.exe
2880	Unicorn-23677.exe
2240	Unicorn-43543.exe
2608	Unicorn-31845.exe
1648	Unicorn-20466.exe
1804	Unicorn-20850.exe
2852	Unicorn-44513.exe
1316	Unicorn-33656.exe
1132	Unicorn-47392.exe
1872	Unicorn-4129.exe
2988	Unicorn-15291.exe
3000	Unicorn-59313.exe
1100	Unicorn-45629.exe
436	Unicorn-45629.exe
1356	Unicorn-49500.exe
2040	Unicorn-16635.exe
2336	Unicorn-3636.exe
2196	Unicorn-30178.exe
2092	Unicorn-52651.exe
308	Unicorn-52956.exe
2808	Unicorn-12188.exe
2704	Unicorn-4020.exe
2568	Unicorn-26381.exe
2548	Unicorn-1916.exe
2612	Unicorn-63924.exe
2896	Unicorn-18637.exe
580	Unicorn-12698.exe
2344	Unicorn-4718.exe
1808	Unicorn-57256.exe
2404	Unicorn-64391.exe
2996	Unicorn-35632.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2784	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	30
PID 2228 wrote to memory of 2784	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	30
PID 2228 wrote to memory of 2784	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	30
PID 2228 wrote to memory of 2784	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	30
PID 2784 wrote to memory of 2652	2784	Unicorn-28742.exe	31
PID 2784 wrote to memory of 2652	2784	Unicorn-28742.exe	31
PID 2784 wrote to memory of 2652	2784	Unicorn-28742.exe	31
PID 2784 wrote to memory of 2652	2784	Unicorn-28742.exe	31
PID 2228 wrote to memory of 2732	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	32
PID 2228 wrote to memory of 2732	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	32
PID 2228 wrote to memory of 2732	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	32
PID 2228 wrote to memory of 2732	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	32
PID 2732 wrote to memory of 2560	2732	Unicorn-4398.exe	33
PID 2732 wrote to memory of 2560	2732	Unicorn-4398.exe	33
PID 2732 wrote to memory of 2560	2732	Unicorn-4398.exe	33
PID 2732 wrote to memory of 2560	2732	Unicorn-4398.exe	33
PID 2228 wrote to memory of 3012	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	34
PID 2228 wrote to memory of 3012	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	34
PID 2228 wrote to memory of 3012	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	34
PID 2228 wrote to memory of 3012	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	34
PID 3012 wrote to memory of 2908	3012	Unicorn-32819.exe	36
PID 3012 wrote to memory of 2908	3012	Unicorn-32819.exe	36
PID 3012 wrote to memory of 2908	3012	Unicorn-32819.exe	36
PID 3012 wrote to memory of 2908	3012	Unicorn-32819.exe	36
PID 2560 wrote to memory of 1516	2560	Unicorn-46241.exe	35
PID 2560 wrote to memory of 1516	2560	Unicorn-46241.exe	35
PID 2560 wrote to memory of 1516	2560	Unicorn-46241.exe	35
PID 2560 wrote to memory of 1516	2560	Unicorn-46241.exe	35
PID 2228 wrote to memory of 1828	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	37
PID 2228 wrote to memory of 1828	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	37
PID 2228 wrote to memory of 1828	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	37
PID 2228 wrote to memory of 1828	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	37
PID 2732 wrote to memory of 796	2732	Unicorn-4398.exe	38
PID 2732 wrote to memory of 796	2732	Unicorn-4398.exe	38
PID 2732 wrote to memory of 796	2732	Unicorn-4398.exe	38
PID 2732 wrote to memory of 796	2732	Unicorn-4398.exe	38
PID 2908 wrote to memory of 2272	2908	Unicorn-49095.exe	39
PID 2908 wrote to memory of 2272	2908	Unicorn-49095.exe	39
PID 2908 wrote to memory of 2272	2908	Unicorn-49095.exe	39
PID 2908 wrote to memory of 2272	2908	Unicorn-49095.exe	39
PID 3012 wrote to memory of 2840	3012	Unicorn-32819.exe	40
PID 3012 wrote to memory of 2840	3012	Unicorn-32819.exe	40
PID 3012 wrote to memory of 2840	3012	Unicorn-32819.exe	40
PID 3012 wrote to memory of 2840	3012	Unicorn-32819.exe	40
PID 796 wrote to memory of 600	796	Unicorn-29229.exe	41
PID 796 wrote to memory of 600	796	Unicorn-29229.exe	41
PID 796 wrote to memory of 600	796	Unicorn-29229.exe	41
PID 796 wrote to memory of 600	796	Unicorn-29229.exe	41
PID 2732 wrote to memory of 236	2732	Unicorn-4398.exe	42
PID 2732 wrote to memory of 236	2732	Unicorn-4398.exe	42
PID 2732 wrote to memory of 236	2732	Unicorn-4398.exe	42
PID 2732 wrote to memory of 236	2732	Unicorn-4398.exe	42
PID 1828 wrote to memory of 576	1828	Unicorn-48830.exe	43
PID 1828 wrote to memory of 576	1828	Unicorn-48830.exe	43
PID 1828 wrote to memory of 576	1828	Unicorn-48830.exe	43
PID 1828 wrote to memory of 576	1828	Unicorn-48830.exe	43
PID 1516 wrote to memory of 1708	1516	Unicorn-57263.exe	44
PID 1516 wrote to memory of 1708	1516	Unicorn-57263.exe	44
PID 1516 wrote to memory of 1708	1516	Unicorn-57263.exe	44
PID 1516 wrote to memory of 1708	1516	Unicorn-57263.exe	44
PID 2228 wrote to memory of 324	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	45
PID 2228 wrote to memory of 324	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	45
PID 2228 wrote to memory of 324	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	45
PID 2228 wrote to memory of 324	2228	05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe	45

C:\Users\Admin\AppData\Local\Temp\05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe
"C:\Users\Admin\AppData\Local\Temp\05a81d537c67ab87b9097a4c19d897abde384558917a26ef50ba49fc13ebf5d3N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 200
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46241.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29049.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4129.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54257.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        9⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25906.exe
        8⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        8⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        7⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32664.exe
        8⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        9⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
        9⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
        8⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60083.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16234.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36892.exe
        7⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        7⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59313.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        6⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        7⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
        7⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
        6⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        6⤵
        
        PID:4788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        6⤵
        
        PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19078.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        8⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
        8⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32549.exe
        7⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        7⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        7⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41331.exe
        7⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7148.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50462.exe
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        7⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        7⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9346.exe
        6⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe
        7⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        7⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
        6⤵
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        6⤵
        
        PID:4972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47392.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
        6⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50344.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        7⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        7⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        7⤵
        
        PID:6448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34391.exe
        6⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37344.exe
        6⤵
        
        PID:3388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        6⤵
        
        PID:4332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        6⤵
        
        PID:5688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51677.exe
        5⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
        6⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
        6⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38619.exe
        6⤵
        
        PID:4628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        6⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44445.exe
        5⤵
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43448.exe
        5⤵
        
        PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        5⤵
        
        PID:5500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
        5⤵
        Executes dropped EXE
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
        6⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        7⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22310.exe
        6⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36555.exe
        7⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        6⤵
        
        PID:3168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28392.exe
        6⤵
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        6⤵
        
        PID:5168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
        5⤵
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60583.exe
        6⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        6⤵
        
        PID:4156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        6⤵
        
        PID:6428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        5⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33274.exe
        6⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
        5⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9803.exe
        5⤵
        
        PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37385.exe
        6⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        7⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        6⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        6⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        6⤵
        
        PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35984.exe
        5⤵
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-132.exe
        6⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56861.exe
        6⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
        6⤵
        
        PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        5⤵
        
        PID:3644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        5⤵
        
        PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        5⤵
        
        PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
        5⤵
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37930.exe
        6⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23719.exe
        6⤵
        
        PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7381.exe
        5⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        5⤵
        
        PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        5⤵
        
        PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
      4⤵
      PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59150.exe
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61927.exe
      4⤵
      PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
      4⤵
      PID:5536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24176.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 220
        6⤵
        Program crash
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49500.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        6⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6883.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        6⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
        6⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16855.exe
        5⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        6⤵
        
        PID:4128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        6⤵
        
        PID:4152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
        6⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44861.exe
        5⤵
        
        PID:4204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
        5⤵
        
        PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10035.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55072.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
        5⤵
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        6⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
        6⤵
        
        PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
        5⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30178.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54589.exe
        5⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50627.exe
        6⤵
        
        PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
      4⤵
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17154.exe
        5⤵
        
        PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37249.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        5⤵
        
        PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27605.exe
      4⤵
      PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
      4⤵
      PID:5264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13864.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13864.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        5⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
        6⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56861.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:7020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        6⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49720.exe
        5⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
        6⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
        6⤵
        
        PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
        5⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        5⤵
        
        PID:5036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        5⤵
        
        PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16635.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42368.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        5⤵
        
        PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
      4⤵
      PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
      4⤵
      PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
      4⤵
      PID:5328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        5⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        6⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
        6⤵
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        6⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        6⤵
        
        PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32933.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44162.exe
        5⤵
        
        PID:4440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45324.exe
        5⤵
        
        PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
      4⤵
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        5⤵
        
        PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
      4⤵
      PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
      4⤵
      PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49499.exe
      4⤵
      PID:6344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe
      4⤵
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19328.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
        5⤵
        
        PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        5⤵
        
        PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
      4⤵
      PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
      4⤵
      PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
      4⤵
      PID:5640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
    3⤵
    PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
      4⤵
      PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
      4⤵
      PID:6412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34607.exe
    3⤵
    PID:3600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15892.exe
    3⤵
    PID:4552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
    3⤵
    PID:6048
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11830.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57256.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25949.exe
        8⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
        9⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
        7⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9836.exe
        8⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25957.exe
        8⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        8⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61573.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        7⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
        7⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12171.exe
        7⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        7⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        7⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        6⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58964.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        6⤵
        
        PID:4108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        6⤵
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35632.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39758.exe
        7⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10730.exe
        7⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53224.exe
        6⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        7⤵
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53726.exe
        6⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
        7⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        6⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
        6⤵
        
        PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        5⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16606.exe
        6⤵
        
        PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe
        5⤵
        
        PID:4780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44505.exe
        5⤵
        
        PID:5824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53224.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
        8⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17479.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
        7⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        7⤵
        
        PID:6044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        6⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        7⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        7⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        7⤵
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        6⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        6⤵
        
        PID:4260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
        6⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
        6⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35990.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6248.exe
        8⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        8⤵
        
        PID:6076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        7⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        7⤵
        
        PID:5772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        7⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38986.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        6⤵
        
        PID:5020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2086.exe
        5⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        6⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
        7⤵
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        6⤵
        
        PID:4480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        6⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3215.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        5⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2595.exe
        5⤵
        
        PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
        5⤵
        Executes dropped EXE
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
        6⤵
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        6⤵
        
        PID:4184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
        6⤵
        
        PID:5068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27055.exe
        6⤵
        
        PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58033.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31982.exe
        6⤵
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        6⤵
        
        PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
        5⤵
        
        PID:5140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51703.exe
      4⤵
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        6⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        6⤵
        
        PID:5484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        5⤵
        
        PID:4632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        5⤵
        
        PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
      4⤵
      PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
      4⤵
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37423.exe
      4⤵
      PID:4528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31142.exe
      4⤵
      PID:5284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
        6⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57363.exe
        8⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36877.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2065.exe
        7⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
        6⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34125.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
        7⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42742.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
        6⤵
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
        5⤵
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        6⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
        6⤵
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        6⤵
        
        PID:4468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60808.exe
        6⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        5⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42918.exe
        5⤵
        
        PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31845.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
        5⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47158.exe
        6⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
        6⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        6⤵
        
        PID:6420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
        5⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4525.exe
        5⤵
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        5⤵
        
        PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40982.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40982.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        5⤵
        
        PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53125.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
      4⤵
      PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6254.exe
      4⤵
      PID:5272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63951.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20466.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
        5⤵
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
        6⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        6⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe
        6⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        6⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36119.exe
        5⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
        6⤵
        
        PID:4356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9278.exe
        6⤵
        
        PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17503.exe
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32407.exe
        5⤵
        
        PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59191.exe
        5⤵
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32076.exe
      4⤵
      PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64044.exe
        5⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
        6⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
        6⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29384.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39693.exe
        5⤵
        
        PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
        5⤵
        
        PID:5836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50322.exe
      4⤵
      PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34076.exe
      4⤵
      PID:3256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36892.exe
      4⤵
      PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
      4⤵
      PID:4644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
      4⤵
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42176.exe
        5⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        6⤵
        
        PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37058.exe
        5⤵
        
        PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        5⤵
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65260.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35076.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4863.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25621.exe
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51067.exe
      4⤵
      PID:5648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43012.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe
      4⤵
      PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
      4⤵
      PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
      4⤵
      PID:5520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29170.exe
    3⤵
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
      4⤵
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
      4⤵
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
      4⤵
      PID:5348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
    3⤵
    PID:3688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50022.exe
    3⤵
    PID:4820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41266.exe
    3⤵
    PID:5564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55850.exe
        6⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
        7⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        6⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        6⤵
        
        PID:6188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
        5⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36543.exe
        6⤵
        
        PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        5⤵
        
        PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        5⤵
        
        PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        5⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        6⤵
        
        PID:4924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12073.exe
        6⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        5⤵
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1998.exe
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11302.exe
        5⤵
        
        PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
      4⤵
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        5⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
        5⤵
        
        PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
      4⤵
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58275.exe
      4⤵
      PID:6128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
        5⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        6⤵
        
        PID:4996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
        6⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
        5⤵
        
        PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40775.exe
        5⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42125.exe
        5⤵
        
        PID:5460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
      4⤵
      PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
      4⤵
      PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34749.exe
      4⤵
      PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
      4⤵
      PID:5320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12698.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43966.exe
      4⤵
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27719.exe
        5⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
        5⤵
        
        PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
        5⤵
        
        PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18792.exe
      4⤵
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
      4⤵
      PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
      4⤵
      PID:5848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17354.exe
    3⤵
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
      4⤵
      PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
      4⤵
      PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
      4⤵
      PID:5444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
    3⤵
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20113.exe
    3⤵
    PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52014.exe
    3⤵
    PID:4384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
      4⤵
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
        5⤵
        
        PID:4728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38223.exe
        5⤵
        
        PID:5336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46939.exe
      4⤵
      PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28978.exe
      4⤵
      PID:4532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12459.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:6140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
    3⤵
    PID:1292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62804.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62804.exe
      4⤵
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38167.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49440.exe
      4⤵
      PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36932.exe
      4⤵
      PID:5360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12269.exe
    3⤵
    PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
    3⤵
    PID:3088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
    3⤵
    PID:4804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52289.exe
    3⤵
    PID:5256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12188.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
      4⤵
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17769.exe
        5⤵
        
        PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24883.exe
        5⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
        5⤵
        
        PID:5508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58725.exe
      4⤵
      PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
      4⤵
      PID:4844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44088.exe
      4⤵
      PID:5388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61148.exe
    3⤵
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
      4⤵
      PID:6216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6923.exe
    3⤵
    PID:3788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
    3⤵
    PID:4828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27254.exe
    3⤵
    PID:5280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56976.exe
    3⤵
    PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36489.exe
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60088.exe
      4⤵
      PID:4900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54943.exe
      4⤵
      PID:5188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
    3⤵
    PID:3972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8286.exe
    3⤵
    PID:4860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19967.exe
    3⤵
    PID:5512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
  2⤵
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19325.exe
    3⤵
    PID:6572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42416.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42416.exe
  2⤵
  PID:3096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39261.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39261.exe
  2⤵
  PID:4144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51088.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51088.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe

Filesize
468KB

MD5
86c267bf637feee24d53eb709d381ddc

SHA1
08ddaa16d0409812dc9c352186dfb1dc1ad8f5e8

SHA256
e93bae06bef1499d2dc1880ad6214bfb8c1f04379aae62634430a137735bb5b1

SHA512
34f6b440c04e319c00842502dc2c64cef46031fe688b377696661a4b9bd0e38d36c613ec8ada7caadc24117dfdcd998489c899282d265a2ec06296bfe6a4a546

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49095.exe

Filesize
468KB

MD5
62ea3678e0f10c4ff93ff24965121a7c

SHA1
a140b62869421e9a7e0b985d6a4f64d23a00c2a8

SHA256
ccf2b055f2d4eca7d016b7544072a35bdeb9a1424da93d5b8d7c67029424a9cd

SHA512
66a0e81658e0ede9cde4247e38256995fcc964d62fe6c93fcf32a0cf5b503153126af2c1b1fec41dc1ef6288fe226a63660abd814086f1cc0caf026e7bf26032

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52956.exe

Filesize
468KB

MD5
608d208da0ad8e0f421e126ac6a551a5

SHA1
3cf9a058a16a09ef316613bb2fb6fd272df0e339

SHA256
1a413df8e77a5b6dca392e529c5df0d9432b3a3d4f0c56574d1a1d9ab3b1a797

SHA512
e55d572638ffbeaef2ba2d0437be7f04b75b1bf3f850ce63441da5e1ae87576afc8a51d09e59b5f56bb6aa5a841401152a8ffdc230b1f5b9408b111d1ae06c43

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24176.exe

Filesize
468KB

MD5
e35a671941e989e976ae0722f2725f8b

SHA1
335b55bc30e61b967c7e90326acd248d4527b051

SHA256
e511a66759d1e10acd633ee771e2ae1c953fa48ba90087cd2a8315419fdc03ad

SHA512
8e64cb08b6e4a33eebda13a9f5db3b4edde3ec75d36e204eeec64e1c76413a24a591b54eb3691904585b8c7d61be08394a709ccb65979070fce077858ea802a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe

Filesize
468KB

MD5
d696e3f3a2664d116d93783f2b49f2f3

SHA1
08b8d097dd81c53f663987cd899f546b4b678a94

SHA256
2fb7a2b04e816a5af49cff8b2c053cc337f648bd9fefd8bf7bd8867d0f81ee24

SHA512
28b5c7d2edeca62bf8f50c8a4a78788c7f1090a515e4e2214f1c68fef23412c6004cab21892288f20403ce2238725f0c7219a68671fc90f4fd444c3342d02f11

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe

Filesize
468KB

MD5
b791155accdf99bcba81a7a99f67c841

SHA1
fc47ee192b9333b64380b8ec55e563b1f3ee17ab

SHA256
fb1b7694bb081880d109e22a6673867ce2f3c748e0b9c73cccb64a3e6b7444b1

SHA512
ca40d983f7daa0494e6714608c48f946cf01b6a3c583d37775d05a07fc5be3e3bf36696f3484a5ece34242cfecf071616eebbc952bd55cec9469c2cfc0441ff7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29229.exe

Filesize
468KB

MD5
67856381df1499bdb30711f624239310

SHA1
48b1c5867d1146e909448e052784f9cbd51cfa76

SHA256
f29c57f5165d099f3cdfa0bfe376046562f6fb5c5141b86dbfaabbeaeaea34ba

SHA512
f264c36017fdf151aa58e492867321d9ca83cf21b8ea420efc4757bb5666988196a94efaa3bc1b7d703bafae4ef18b15e542c1684d7c17948419a6569b7cf2a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe

Filesize
468KB

MD5
9587956c0c789896baf7ebe7551e0af5

SHA1
3aaccfcb12e8ba1a2c8c12e8e3291d016211a02a

SHA256
86600316629f2a87a94c1b236c3096a5e386c28aae987622babffd80f5885f65

SHA512
09497c53e8b3d287a84abd862b1eac4144817fd1dd1b5029604b8fbc9a398b32fdba5079570477a8f86bd5d3194c49f37453ed60510f18545d9f035bb70bc3d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32819.exe

Filesize
468KB

MD5
c61daa6d3c314bbaf21757135c7e5da3

SHA1
3392e953e6b93116c258a8f483937934e3fa4142

SHA256
2de109b3724926c802ee3a071f27f0702bddccf3138f656f7247ebfa90b8b3e2

SHA512
169eaa5443a168b711df8359939316846bc6b109d23569b833a26674dfd1241c4516e677aa6629f4a41f0563147fa49a459b0a541732fa046d33f2f57a9be38e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38670.exe

Filesize
468KB

MD5
2c9069182e89bf6ac78c6225624b9817

SHA1
8f6f9a20b1f1d4bb2eb3c7e7bee9c3c57c0c6a4b

SHA256
5613913840dd14a7e27065de1bd9f69a3664549d5919187241d9983c2f56055d

SHA512
c77c0f6ea6f657a5656da4b7a66b2647757b7df9de6f3acccebb0504dbacd7d20c4e30ab22f0e3816ba4d188bbd207569bc8ca7cd8ce4ceb1f48c3e24d420494

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe

Filesize
468KB

MD5
caf07cf0c3c4c4a99720db68dc1c1294

SHA1
fda1ceb20a024326c625c681042c41790e4a2760

SHA256
5df4d1eceda929009c8dd46eee34c03afc5e2e418170bb0278710d1cf1374ae0

SHA512
d5dd7803a5e4b457713431b7cde87b0e1fe122bcff1420363053244b882e22ec6f1b333df7a13f38472ab062bc8d2c36d360a98ffe92f15a0c390a43de310916

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe

Filesize
468KB

MD5
78138d938b5cbefbc30b6ff9c76c3fbe

SHA1
b3dcf0e3ff6029f1a3b92e1f5c4aeb6d87b24156

SHA256
edba36624945fc0b12b78646e9123dc6ca822ef48d24874adaf2430475a97172

SHA512
bbf9509d772c5b473a337cc443a67a9fcbfda8513dcf730b93f215139e7bee885309f28ea6288502f390ecf8776d08671c4ba77ca1c6029b469c378adff55ecb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46241.exe

Filesize
468KB

MD5
dd8698a057cbcc084363b9679d68fb61

SHA1
10386996a0801f3450761ebb7da1e7eff6787f11

SHA256
efbbd2bdb7a4f23fd5594e3635b5114192d7ab8c16184f8aa9ee34f1f8714bd8

SHA512
fe8b731f5a430114f94a1e3bfaa06759eba9d92838ed476aa80b7c14af36ce5844d470176a6b7e0e453232d984c2c7801e33813787132872b78b8500baf4e539

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe

Filesize
468KB

MD5
6adca604f2a0f1989b5bc16a81d1b90c

SHA1
2625a14aaef6b6662b9e3b427a83b8466e2bbac4

SHA256
4671e880e5ca385b3fe0e8146644653acd46bfe5838dd6e88773b6417d638a40

SHA512
6fca8c211d8a96ae7248274a59c71ea0bac66638c64c52deffe7dc9657bbdedeb63c51b9849e384ebe34df2f75347dbc053aff07da6b222049420592ae432408

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe

Filesize
468KB

MD5
e4628d5c70e257022e0ccbfffbae14c9

SHA1
57c1429b6a14ab3577a44f393008b1f312d911fd

SHA256
d366fa405b9bdd6b0628071d00872220f4137ff0168b2c0c752b6143f8c20301

SHA512
218d960c3ea534f73599a5aab2cae6715a3b893927e3bd7cdab2d6d5401a3967dbfbbc432a12546e1cf3f868f3096d8d8ac7f90f0d7ebe6256d9a0b8ebc1fe08

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57263.exe

Filesize
468KB

MD5
b81ba230f9cb241b13dff884366f4eb6

SHA1
7bd40df204c278d66e7b3bb76b9917b75352be4c

SHA256
5d48344cdff37cca0e0968996b9fcbc1026fa60e6c4756852915f8bbf00dc257

SHA512
1052595793fe76fe8a636be35570ba30f8b649b3b302c4b3ee7d34fe4c50450f88eaba927042d905b8a86e7b7239461146e911c85d50efd9381e39dd37fa4f5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe

Filesize
468KB

MD5
77c08ae5f66d52b7ede10d00651215a8

SHA1
7cfe8268051c2e532dc42d30d1a3c5a42fc0e152

SHA256
969ebcdd7c2625a7a86a523f98a8b79266adc817ceb1a02eefb4593c6d977f8a

SHA512
6a39d049906167e74e4d2ca82296649b2ebec2c721c1650d6dd5276119b90a1e3700a51ed20e181b6c702f4a93bec81527b1f86c5df49255a3f184e785d3e320

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6879.exe

Filesize
468KB

MD5
c3c228a03acc3a10b8b4165adc9ead64

SHA1
cd3c47bacac8e58a73480f8d93c314e11dc669df

SHA256
c9efa74bb2da632a3f120e63d6fe28e57f4fc0c8e5febcf9c84a64278f8e2f15

SHA512
259b100f51183eb1319a1a2fd7fde6d4bb45556415db80c1fd2d3d86e491e41658e3e20af4e6be42f6f7b020691c7a967376ba0161d56b9277eee4e74d7d1d98

Download Submit
memory/236-318-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/236-163-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/236-325-0x0000000002690000-0x0000000002705000-memory.dmp

Filesize
468KB

Download
memory/324-191-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/576-276-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/576-272-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/576-161-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/600-312-0x00000000024C0000-0x0000000002535000-memory.dmp

Filesize
468KB

Download
memory/600-159-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/600-310-0x00000000024C0000-0x0000000002535000-memory.dmp

Filesize
468KB

Download
memory/708-277-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/796-316-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/796-156-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/796-96-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1136-198-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1136-311-0x0000000002660000-0x00000000026D5000-memory.dmp

Filesize
468KB

Download
memory/1516-259-0x0000000001D20000-0x0000000001D95000-memory.dmp

Filesize
468KB

Download
memory/1516-263-0x0000000001D20000-0x0000000001D95000-memory.dmp

Filesize
468KB

Download
memory/1520-356-0x0000000000630000-0x00000000006A5000-memory.dmp

Filesize
468KB

Download
memory/1520-358-0x0000000000630000-0x00000000006A5000-memory.dmp

Filesize
468KB

Download
memory/1520-224-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1648-417-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1708-254-0x00000000033B0000-0x0000000003425000-memory.dmp

Filesize
468KB

Download
memory/1708-256-0x00000000033B0000-0x0000000003425000-memory.dmp

Filesize
468KB

Download
memory/1792-247-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1792-416-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/1828-98-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1828-285-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1828-158-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1828-281-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/1828-152-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2072-368-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2104-366-0x0000000002860000-0x00000000028D5000-memory.dmp

Filesize
468KB

Download
memory/2108-303-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2172-255-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2228-301-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2228-367-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/2228-6-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/2228-23-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/2228-396-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2228-29-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2228-48-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2228-300-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2228-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2228-86-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2228-178-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2228-315-0x00000000033D0000-0x0000000003445000-memory.dmp

Filesize
468KB

Download
memory/2228-307-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2228-186-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2240-386-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2272-216-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/2272-210-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/2272-391-0x0000000002700000-0x0000000002775000-memory.dmp

Filesize
468KB

Download
memory/2272-115-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2328-304-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2560-302-0x0000000001D10000-0x0000000001D85000-memory.dmp

Filesize
468KB

Download
memory/2560-196-0x0000000001D10000-0x0000000001D85000-memory.dmp

Filesize
468KB

Download
memory/2560-44-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2560-299-0x0000000001D10000-0x0000000001D85000-memory.dmp

Filesize
468KB

Download
memory/2560-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2560-181-0x0000000001D10000-0x0000000001D85000-memory.dmp

Filesize
468KB

Download
memory/2560-61-0x0000000001D10000-0x0000000001D85000-memory.dmp

Filesize
468KB

Download
memory/2592-335-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2596-359-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2608-401-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2680-327-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2692-313-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2732-41-0x0000000000590000-0x0000000000605000-memory.dmp

Filesize
468KB

Download
memory/2732-42-0x0000000000590000-0x0000000000605000-memory.dmp

Filesize
468KB

Download
memory/2732-157-0x0000000000590000-0x0000000000605000-memory.dmp

Filesize
468KB

Download
memory/2732-333-0x0000000000590000-0x0000000000605000-memory.dmp

Filesize
468KB

Download
memory/2732-334-0x0000000000590000-0x0000000000605000-memory.dmp

Filesize
468KB

Download
memory/2732-370-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2784-19-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2840-234-0x00000000030A0000-0x0000000003115000-memory.dmp

Filesize
468KB

Download
memory/2840-400-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2840-235-0x0000000002570000-0x00000000025E5000-memory.dmp

Filesize
468KB

Download
memory/2840-126-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2872-381-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2880-393-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2908-223-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2908-113-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2908-95-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2908-380-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2908-222-0x00000000024B0000-0x0000000002525000-memory.dmp

Filesize
468KB

Download
memory/2940-385-0x0000000001E00000-0x0000000001E75000-memory.dmp

Filesize
468KB

Download
memory/2940-382-0x0000000001E00000-0x0000000001E75000-memory.dmp

Filesize
468KB

Download
memory/2940-237-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2944-326-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2972-286-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3012-246-0x0000000001E70000-0x0000000001EE5000-memory.dmp

Filesize
468KB

Download
memory/3012-415-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3012-244-0x0000000001E70000-0x0000000001EE5000-memory.dmp

Filesize
468KB

Download
memory/3012-78-0x0000000001E70000-0x0000000001EE5000-memory.dmp

Filesize
468KB

Download
memory/3040-264-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download