89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9a

Analysis

max time kernel
117s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe
Size

468KB
MD5

19ab47a0e23f8b8028c88b99e5db5b00
SHA1

3cbeeafa1d1919b576efb541af7d3d9e552ec077
SHA256

89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9a
SHA512

d5bc9a923b2e03923b4663def6f739a9eb5cb02643a066d7f733d6c0e809961d9b6e134b3a5076bab6e58cd1d4e3715101663e72efd0c4e144645a0cfb246372
SSDEEP

3072:noCaovIuU35/tbYTPgH5OfQb+5RM6Fe+lmHda/CQBY3QqFjclnlF:nobouJ/t4Pu5OfH0hQBYAyjcl

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2284	Unicorn-22419.exe
3028	Unicorn-26647.exe
2012	Unicorn-26093.exe
2900	Unicorn-31568.exe
2776	Unicorn-49942.exe
2736	Unicorn-56072.exe
2660	Unicorn-15978.exe
2668	Unicorn-53415.exe
2296	Unicorn-64525.exe
1288	Unicorn-16659.exe
2020	Unicorn-34509.exe
2472	Unicorn-58459.exe
2604	Unicorn-58137.exe
2836	Unicorn-12465.exe
2832	Unicorn-6335.exe
1764	Unicorn-37245.exe
2520	Unicorn-42075.exe
1868	Unicorn-1604.exe
2816	Unicorn-8434.exe
1136	Unicorn-17365.exe
2596	Unicorn-13835.exe
1224	Unicorn-21449.exe
836	Unicorn-60435.exe
2024	Unicorn-1028.exe
1612	Unicorn-23678.exe
3048	Unicorn-5859.exe
1644	Unicorn-25725.exe
1072	Unicorn-62673.exe
2060	Unicorn-955.exe
1156	Unicorn-64188.exe
1688	Unicorn-2647.exe
2448	Unicorn-35512.exe
2252	Unicorn-15646.exe
2316	Unicorn-45718.exe
2400	Unicorn-10431.exe
264	Unicorn-31598.exe
892	Unicorn-60379.exe
2956	Unicorn-35320.exe
2924	Unicorn-40918.exe
2744	Unicorn-7499.exe
2928	Unicorn-3342.exe
2788	Unicorn-3607.exe
2116	Unicorn-53363.exe
2404	Unicorn-59907.exe
2940	Unicorn-1769.exe
2852	Unicorn-49117.exe
1180	Unicorn-55994.exe
2872	Unicorn-10322.exe
1664	Unicorn-39103.exe
1416	Unicorn-46509.exe
2988	Unicorn-59523.exe
1728	Unicorn-18683.exe
2132	Unicorn-33932.exe
2180	Unicorn-40063.exe
1152	Unicorn-9428.exe
2356	Unicorn-11474.exe
2148	Unicorn-23462.exe
2600	Unicorn-27811.exe
1068	Unicorn-65506.exe
1696	Unicorn-32065.exe
276	Unicorn-3882.exe
1528	Unicorn-8713.exe
2276	Unicorn-57359.exe
1904	Unicorn-58106.exe

Loads dropped DLL 64 IoCs

pid	Process
2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe
2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe
2284	Unicorn-22419.exe
2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe
2284	Unicorn-22419.exe
2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe
3028	Unicorn-26647.exe
3028	Unicorn-26647.exe
2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe
2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe
2012	Unicorn-26093.exe
2012	Unicorn-26093.exe
2284	Unicorn-22419.exe
2284	Unicorn-22419.exe
2776	Unicorn-49942.exe
2776	Unicorn-49942.exe
2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe
2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe
2900	Unicorn-31568.exe
2900	Unicorn-31568.exe
3028	Unicorn-26647.exe
3028	Unicorn-26647.exe
2660	Unicorn-15978.exe
2660	Unicorn-15978.exe
2012	Unicorn-26093.exe
2736	Unicorn-56072.exe
2012	Unicorn-26093.exe
2736	Unicorn-56072.exe
2284	Unicorn-22419.exe
2284	Unicorn-22419.exe
2668	Unicorn-53415.exe
2668	Unicorn-53415.exe
2776	Unicorn-49942.exe
2776	Unicorn-49942.exe
2296	Unicorn-64525.exe
2296	Unicorn-64525.exe
2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe
2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe
1288	Unicorn-16659.exe
2900	Unicorn-31568.exe
2900	Unicorn-31568.exe
1288	Unicorn-16659.exe
2604	Unicorn-58137.exe
2604	Unicorn-58137.exe
2012	Unicorn-26093.exe
2836	Unicorn-12465.exe
2012	Unicorn-26093.exe
2836	Unicorn-12465.exe
3028	Unicorn-26647.exe
3028	Unicorn-26647.exe
2832	Unicorn-6335.exe
2832	Unicorn-6335.exe
2736	Unicorn-56072.exe
2736	Unicorn-56072.exe
2472	Unicorn-58459.exe
2472	Unicorn-58459.exe
2284	Unicorn-22419.exe
2284	Unicorn-22419.exe
2660	Unicorn-15978.exe
2660	Unicorn-15978.exe
1764	Unicorn-37245.exe
1764	Unicorn-37245.exe
2668	Unicorn-53415.exe
2520	Unicorn-42075.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4572	1744	WerFault.exe	135

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14541.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61563.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18302.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47898.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58017.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7857.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42881.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40577.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56973.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50723.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1410.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-491.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64378.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6433.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-955.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52974.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20032.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55058.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45042.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5540.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48890.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58243.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17026.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36642.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33372.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25692.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48188.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56912.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29593.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49280.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59907.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40965.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42073.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14645.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20677.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17351.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34509.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17365.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31946.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe
2284	Unicorn-22419.exe
3028	Unicorn-26647.exe
2012	Unicorn-26093.exe
2776	Unicorn-49942.exe
2900	Unicorn-31568.exe
2736	Unicorn-56072.exe
2660	Unicorn-15978.exe
2668	Unicorn-53415.exe
2296	Unicorn-64525.exe
1288	Unicorn-16659.exe
2472	Unicorn-58459.exe
2020	Unicorn-34509.exe
2604	Unicorn-58137.exe
2836	Unicorn-12465.exe
2832	Unicorn-6335.exe
1764	Unicorn-37245.exe
2520	Unicorn-42075.exe
2816	Unicorn-8434.exe
1868	Unicorn-1604.exe
1136	Unicorn-17365.exe
2596	Unicorn-13835.exe
1224	Unicorn-21449.exe
836	Unicorn-60435.exe
2024	Unicorn-1028.exe
1612	Unicorn-23678.exe
3048	Unicorn-5859.exe
1644	Unicorn-25725.exe
1072	Unicorn-62673.exe
2060	Unicorn-955.exe
1156	Unicorn-64188.exe
1688	Unicorn-2647.exe
2448	Unicorn-35512.exe
2252	Unicorn-15646.exe
2316	Unicorn-45718.exe
2400	Unicorn-10431.exe
264	Unicorn-31598.exe
892	Unicorn-60379.exe
2956	Unicorn-35320.exe
2924	Unicorn-40918.exe
2744	Unicorn-7499.exe
2928	Unicorn-3342.exe
2788	Unicorn-3607.exe
2116	Unicorn-53363.exe
2404	Unicorn-59907.exe
2940	Unicorn-1769.exe
2852	Unicorn-49117.exe
1180	Unicorn-55994.exe
2872	Unicorn-10322.exe
1664	Unicorn-39103.exe
1416	Unicorn-46509.exe
2988	Unicorn-59523.exe
1728	Unicorn-18683.exe
2180	Unicorn-40063.exe
2132	Unicorn-33932.exe
1152	Unicorn-9428.exe
2356	Unicorn-11474.exe
2148	Unicorn-23462.exe
2600	Unicorn-27811.exe
1068	Unicorn-65506.exe
1696	Unicorn-32065.exe
276	Unicorn-3882.exe
1528	Unicorn-8713.exe
2276	Unicorn-57359.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2284	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	30
PID 2440 wrote to memory of 2284	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	30
PID 2440 wrote to memory of 2284	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	30
PID 2440 wrote to memory of 2284	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	30
PID 2284 wrote to memory of 2012	2284	Unicorn-22419.exe	32
PID 2284 wrote to memory of 2012	2284	Unicorn-22419.exe	32
PID 2284 wrote to memory of 2012	2284	Unicorn-22419.exe	32
PID 2284 wrote to memory of 2012	2284	Unicorn-22419.exe	32
PID 2440 wrote to memory of 3028	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	33
PID 2440 wrote to memory of 3028	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	33
PID 2440 wrote to memory of 3028	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	33
PID 2440 wrote to memory of 3028	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	33
PID 3028 wrote to memory of 2900	3028	Unicorn-26647.exe	34
PID 3028 wrote to memory of 2900	3028	Unicorn-26647.exe	34
PID 3028 wrote to memory of 2900	3028	Unicorn-26647.exe	34
PID 3028 wrote to memory of 2900	3028	Unicorn-26647.exe	34
PID 2440 wrote to memory of 2776	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	35
PID 2440 wrote to memory of 2776	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	35
PID 2440 wrote to memory of 2776	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	35
PID 2440 wrote to memory of 2776	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	35
PID 2012 wrote to memory of 2736	2012	Unicorn-26093.exe	36
PID 2012 wrote to memory of 2736	2012	Unicorn-26093.exe	36
PID 2012 wrote to memory of 2736	2012	Unicorn-26093.exe	36
PID 2012 wrote to memory of 2736	2012	Unicorn-26093.exe	36
PID 2284 wrote to memory of 2660	2284	Unicorn-22419.exe	37
PID 2284 wrote to memory of 2660	2284	Unicorn-22419.exe	37
PID 2284 wrote to memory of 2660	2284	Unicorn-22419.exe	37
PID 2284 wrote to memory of 2660	2284	Unicorn-22419.exe	37
PID 2776 wrote to memory of 2668	2776	Unicorn-49942.exe	38
PID 2776 wrote to memory of 2668	2776	Unicorn-49942.exe	38
PID 2776 wrote to memory of 2668	2776	Unicorn-49942.exe	38
PID 2776 wrote to memory of 2668	2776	Unicorn-49942.exe	38
PID 2440 wrote to memory of 2296	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	39
PID 2440 wrote to memory of 2296	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	39
PID 2440 wrote to memory of 2296	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	39
PID 2440 wrote to memory of 2296	2440	89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe	39
PID 2900 wrote to memory of 1288	2900	Unicorn-31568.exe	40
PID 2900 wrote to memory of 1288	2900	Unicorn-31568.exe	40
PID 2900 wrote to memory of 1288	2900	Unicorn-31568.exe	40
PID 2900 wrote to memory of 1288	2900	Unicorn-31568.exe	40
PID 3028 wrote to memory of 2020	3028	Unicorn-26647.exe	41
PID 3028 wrote to memory of 2020	3028	Unicorn-26647.exe	41
PID 3028 wrote to memory of 2020	3028	Unicorn-26647.exe	41
PID 3028 wrote to memory of 2020	3028	Unicorn-26647.exe	41
PID 2660 wrote to memory of 2472	2660	Unicorn-15978.exe	42
PID 2660 wrote to memory of 2472	2660	Unicorn-15978.exe	42
PID 2660 wrote to memory of 2472	2660	Unicorn-15978.exe	42
PID 2660 wrote to memory of 2472	2660	Unicorn-15978.exe	42
PID 2012 wrote to memory of 2604	2012	Unicorn-26093.exe	43
PID 2012 wrote to memory of 2604	2012	Unicorn-26093.exe	43
PID 2012 wrote to memory of 2604	2012	Unicorn-26093.exe	43
PID 2012 wrote to memory of 2604	2012	Unicorn-26093.exe	43
PID 2736 wrote to memory of 2836	2736	Unicorn-56072.exe	44
PID 2736 wrote to memory of 2836	2736	Unicorn-56072.exe	44
PID 2736 wrote to memory of 2836	2736	Unicorn-56072.exe	44
PID 2736 wrote to memory of 2836	2736	Unicorn-56072.exe	44
PID 2284 wrote to memory of 2832	2284	Unicorn-22419.exe	45
PID 2284 wrote to memory of 2832	2284	Unicorn-22419.exe	45
PID 2284 wrote to memory of 2832	2284	Unicorn-22419.exe	45
PID 2284 wrote to memory of 2832	2284	Unicorn-22419.exe	45
PID 2668 wrote to memory of 1764	2668	Unicorn-53415.exe	46
PID 2668 wrote to memory of 1764	2668	Unicorn-53415.exe	46
PID 2668 wrote to memory of 1764	2668	Unicorn-53415.exe	46
PID 2668 wrote to memory of 1764	2668	Unicorn-53415.exe	46

C:\Users\Admin\AppData\Local\Temp\89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe
"C:\Users\Admin\AppData\Local\Temp\89de1f9fc2430e686c43e2534d1657e567613d81bac02d44ebf022e8c774ee9aN.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22419.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22419.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1028.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35320.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        8⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62562.exe
        9⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        9⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        9⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21607.exe
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19502.exe
        8⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50087.exe
        8⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        8⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        7⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        7⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        8⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44508.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
        8⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28168.exe
        8⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56563.exe
        7⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        7⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        7⤵
        
        PID:5512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42184.exe
        6⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        7⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34246.exe
        6⤵
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
        6⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        6⤵
        
        PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5859.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59523.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29176.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        8⤵
        
        PID:3268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
        8⤵
        Program crash
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58396.exe
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
        7⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        7⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        7⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe
        6⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        7⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        7⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64378.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65307.exe
        6⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        6⤵
        
        PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13882.exe
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22427.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        7⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56160.exe
        6⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27745.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe
        5⤵
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
        5⤵
        
        PID:5260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21449.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        7⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        7⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
        6⤵
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
        6⤵
        
        PID:4336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
        6⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32065.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        6⤵
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        6⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        7⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        7⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51550.exe
        7⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36173.exe
        6⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        6⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63580.exe
        5⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
        5⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
        5⤵
        
        PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        7⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        7⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        6⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        6⤵
        
        PID:5180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34961.exe
        6⤵
        
        PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12304.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        6⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58384.exe
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        6⤵
        
        PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        5⤵
        
        PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        5⤵
        
        PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60950.exe
        5⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36163.exe
        6⤵
        
        PID:4748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        5⤵
        
        PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        5⤵
        
        PID:5692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44776.exe
      4⤵
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36984.exe
        5⤵
        
        PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        5⤵
        
        PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
      4⤵
      PID:980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
      4⤵
      PID:3652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
      4⤵
      PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe
      4⤵
      PID:6640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58459.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37453.exe
        7⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17415.exe
        8⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63376.exe
        8⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40311.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        7⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        7⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        7⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64261.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44281.exe
        6⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12.exe
        6⤵
        
        PID:6624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        6⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12370.exe
        7⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        7⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        6⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        6⤵
        
        PID:5108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        6⤵
        
        PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39299.exe
        5⤵
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        6⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        6⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
        6⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        5⤵
        
        PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-961.exe
        5⤵
        
        PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
        5⤵
        
        PID:4552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18683.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        6⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28707.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        7⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        6⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        6⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        6⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43102.exe
        6⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63652.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42915.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        5⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        5⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        5⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        5⤵
        
        PID:5728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9428.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        5⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49895.exe
        6⤵
        
        PID:4556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        6⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        6⤵
        
        PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        5⤵
        
        PID:5288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41765.exe
      4⤵
      PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
        5⤵
        
        PID:4228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58384.exe
        5⤵
        
        PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        5⤵
        
        PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
      4⤵
      PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
      4⤵
      PID:5980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10322.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        6⤵
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        6⤵
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
        6⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        5⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20347.exe
        6⤵
        
        PID:3284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:6008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10762.exe
        6⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        5⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33668.exe
        6⤵
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        6⤵
        
        PID:4676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        6⤵
        
        PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        5⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
      4⤵
      PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
        5⤵
        
        PID:4164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2007.exe
        5⤵
        
        PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4897.exe
        5⤵
        
        PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
      4⤵
      PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
      4⤵
      PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
      4⤵
      PID:5604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-955.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39103.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61765.exe
        5⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20677.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
        6⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49133.exe
        5⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37797.exe
        5⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40645.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14240.exe
      4⤵
      PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe
      4⤵
      PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
      4⤵
      PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe
      4⤵
      PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
      4⤵
      PID:1804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46509.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
      4⤵
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
        5⤵
        
        PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50643.exe
        5⤵
        
        PID:6660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
      4⤵
      PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
      4⤵
      PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
    3⤵
    PID:1752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56126.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56126.exe
    3⤵
    PID:3564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23280.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
    3⤵
    PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
    3⤵
    PID:6140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11474.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54308.exe
        7⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35789.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51108.exe
        7⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
        7⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        7⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
        6⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1145.exe
        6⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16827.exe
        6⤵
        
        PID:4732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
        6⤵
        
        PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65506.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62424.exe
        6⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        7⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45225.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35882.exe
        7⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        6⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        6⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        6⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61421.exe
        5⤵
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20187.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
        5⤵
        
        PID:5448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
        5⤵
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        6⤵
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        6⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36173.exe
        6⤵
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        6⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        6⤵
        
        PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8375.exe
        5⤵
        
        PID:996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe
        5⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        5⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3270.exe
        5⤵
        
        PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19114.exe
        5⤵
        
        PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49117.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
        5⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        6⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18410.exe
        6⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
        6⤵
        
        PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        5⤵
        
        PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        5⤵
        
        PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49747.exe
        5⤵
        
        PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44889.exe
      4⤵
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36984.exe
        5⤵
        
        PID:4088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        5⤵
        
        PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55058.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25580.exe
      4⤵
      PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17556.exe
      4⤵
      PID:5172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
      4⤵
      PID:6672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34509.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31598.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        5⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19257.exe
        6⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        6⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        6⤵
        
        PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
        5⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49525.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        5⤵
        
        PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
        5⤵
        
        PID:4660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        5⤵
        
        PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46652.exe
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        5⤵
        
        PID:6040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        5⤵
        
        PID:6644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55596.exe
      4⤵
      PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
      4⤵
      PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
      4⤵
      PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
      4⤵
      PID:6888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23678.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40063.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64235.exe
        5⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
        6⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20710.exe
        6⤵
        
        PID:6484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        5⤵
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        5⤵
        
        PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10258.exe
        5⤵
        
        PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
      4⤵
      PID:292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1145.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe
      4⤵
      PID:4152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
      4⤵
      PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
      4⤵
      PID:6776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23462.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38605.exe
      4⤵
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9329.exe
        5⤵
        
        PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
        5⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
        5⤵
        
        PID:6108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54821.exe
      4⤵
      PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13779.exe
      4⤵
      PID:5644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
    3⤵
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
      4⤵
      PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43397.exe
      4⤵
      PID:5596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
      4⤵
      PID:4388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9045.exe
    3⤵
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20731.exe
      4⤵
      PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
      4⤵
      PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
      4⤵
      PID:5572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
    3⤵
    PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61563.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
    3⤵
    PID:5520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53415.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53415.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3882.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        7⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        7⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
        6⤵
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14322.exe
        6⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63553.exe
        6⤵
        
        PID:5784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        6⤵
        
        PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34879.exe
        6⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        6⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        6⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39523.exe
        6⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44549.exe
        6⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24088.exe
        5⤵
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29345.exe
        5⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        5⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
        5⤵
        
        PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        5⤵
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4173.exe
        6⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18410.exe
        6⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64249.exe
        6⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48750.exe
        6⤵
        
        PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        5⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32145.exe
        5⤵
        
        PID:3400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39523.exe
        5⤵
        
        PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44549.exe
        5⤵
        
        PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30232.exe
      4⤵
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25531.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
        5⤵
        
        PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        5⤵
        
        PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12298.exe
        5⤵
        
        PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28387.exe
      4⤵
      PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
      4⤵
      PID:3632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33893.exe
      4⤵
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
      4⤵
      PID:7000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42881.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
        7⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32396.exe
        7⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        6⤵
        
        PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46067.exe
        5⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57980.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        6⤵
        
        PID:5152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        6⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
        5⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
        5⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
        5⤵
        
        PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58106.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58106.exe
      4⤵
      Executes dropped EXE
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55875.exe
        5⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        5⤵
        
        PID:3800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        5⤵
        
        PID:612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        5⤵
        
        PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5012.exe
      4⤵
      PID:800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe
      4⤵
      PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61944.exe
      4⤵
      PID:4852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20032.exe
      4⤵
      PID:5632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45718.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
      4⤵
      PID:284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        5⤵
        
        PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41915.exe
        5⤵
        
        PID:4608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
        5⤵
        
        PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
      4⤵
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56912.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1145.exe
      4⤵
      PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48308.exe
      4⤵
      PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
      4⤵
      PID:5348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exe
      4⤵
      PID:6784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
    3⤵
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
      4⤵
      PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
      4⤵
      PID:6336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
    3⤵
    PID:1864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41481.exe
    3⤵
    PID:3640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
    3⤵
    PID:4176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
    3⤵
    PID:6032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22414.exe
    3⤵
    PID:6812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1604.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10431.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48807.exe
        5⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        6⤵
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe
        6⤵
        
        PID:3748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        6⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32214.exe
        6⤵
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63170.exe
        5⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18302.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
        5⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        5⤵
        
        PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29901.exe
      4⤵
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31371.exe
        5⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        5⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        5⤵
        
        PID:3572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
        5⤵
        
        PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8375.exe
      4⤵
      PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
      4⤵
      PID:4300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
      4⤵
      PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
      4⤵
      PID:5252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60379.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7857.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
        5⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6620.exe
        6⤵
        
        PID:3344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13149.exe
        6⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        5⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25204.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21954.exe
        5⤵
        
        PID:5360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        5⤵
        
        PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18739.exe
      4⤵
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1410.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37372.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17351.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        5⤵
        
        PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28380.exe
      4⤵
      PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
      4⤵
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57294.exe
      4⤵
      PID:4620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
      4⤵
      PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
      4⤵
      PID:5332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46844.exe
    3⤵
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46226.exe
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
      4⤵
      PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
      4⤵
      PID:5248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34246.exe
    3⤵
    PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55443.exe
    3⤵
    PID:3612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
    3⤵
    PID:4764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20032.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59907.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35455.exe
      4⤵
      PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
      4⤵
      PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
      4⤵
      PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
      4⤵
      PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
      4⤵
      PID:6084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
    3⤵
    PID:1992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14322.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14322.exe
    3⤵
    PID:3752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
    3⤵
    PID:3604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
    3⤵
    PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
    3⤵
    PID:5472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26353.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26353.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
      4⤵
      PID:5540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14645.exe
    3⤵
    PID:3168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
    3⤵
    PID:3276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
    3⤵
    PID:4704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15411.exe
    3⤵
    PID:5460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42073.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42073.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
    3⤵
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
      4⤵
      PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
      4⤵
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
      4⤵
      PID:5464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
    3⤵
    PID:3836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
    3⤵
    PID:3496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
    3⤵
    PID:4804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19502.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19502.exe
    3⤵
    PID:5548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
  2⤵
  PID:2868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50723.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22145.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22145.exe
  2⤵
  PID:3460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32692.exe
  2⤵
  PID:592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37580.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15978.exe

Filesize
468KB

MD5
b0dd58202650a2527dad56da3168b73e

SHA1
e0980dd7f9be6417fe78080018b6157f9d927190

SHA256
2c76c94a60d1e27dc22436acd7d5206a6bfe33f05a1bfd885dd9d53a3d0d805d

SHA512
7e030fb0ece6f1968a73e96501b545265928519105c8dcecd584d29cdb109817ed379155a25922e60bcbbecf7bb4e437ced258be9bd86738c560659cf9895faa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26647.exe

Filesize
468KB

MD5
d11376745a56619e8d8a2e4bd73d2825

SHA1
fa03a11a7c7f2bf7a8374c34beac35977718104b

SHA256
a1cbdc8648abb6f3c38d18fee6d9f5a609d744c6bb78f3f52b7a2ec19b1a3f83

SHA512
46b90ed47ab986946f97eaf76575da37b49de1a6173e1febe631a4480205ba783c61cd17884aafd9b3c31668be0e033e4ee4d1d7d7781c98d43ff86354a5ab50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe

Filesize
468KB

MD5
ce153ddf7ca5a0222006586939808afb

SHA1
4c23acd0a412281d8fec08287943f613f32802da

SHA256
b193ca858fff3aa08489476be41f474ebf866df58c70c3659aa44985d92b6869

SHA512
51129acec827255d9aeae73e02fb49567e8bea704b69e17e0647f19dc744d36ecb34c232f4dfaf918dd8b92544d3acd25f4982cc9f4a7832ebf8daf1844cf27e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe

Filesize
468KB

MD5
92c5817b5e71d6b6ecba148b1469e084

SHA1
d09149680752ce30e4be01f5697202d034642a6c

SHA256
b8cf26bd016185bbd8fc102a8fb483ded641edba569b0830d026dc8dac6802e9

SHA512
c5224ca302e160e03410708915ed720f12e2a2d727c999b3fe27ed280eef37dea036fd883929b5c40863f11c293087f57d062d6997427ae751d314049f628d8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe

Filesize
468KB

MD5
58e9b99dfcac05a822ca858aafec30da

SHA1
a73d3a3d29eb85b892a9923cd7333c2263bfda12

SHA256
7cf87206226ab41e5d23cd31aa9eda3385c54e665b5099ad5f3823a4c4395f9b

SHA512
a2ee39bd38cdd61c9d2738b096b697ddfcdb9f0cca7c5572ddb6e4385e3a0e970153ffa4496837eb00a7e580f60e18ea712fde467a49041c1a41c435a5f2d25e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1604.exe

Filesize
468KB

MD5
d52dc71149a48ca2a0b8e43ff40fd651

SHA1
fac4227927bdeac814317cb9006b35c75675d370

SHA256
d32828776876faf0bbd351e38bc823c582fd12d6d7c873a1c6430eb251468700

SHA512
668ba2a7eae485bcfcdd2efb674925f8c331fbbf2b8ca69aa3b5e51386098097e5feb1b3fdd214160ce2ab1649ac0d4f068cb136221b5d39f9d34fd0ff7e5493

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe

Filesize
468KB

MD5
bfb5f4055b4b5da5f0c8d7035a40156e

SHA1
7b1fbbdffd4cbd773b90490764e0695e7a208d5f

SHA256
13409abfea096f55f56c94ead03876dd8cd371c0bbd3b69fa646ceb90938366b

SHA512
251ba7b16631ef0c6974a92168db2ded08d2f99c6618e53f70c7d1199562c64f8e2cca799e7cfc587ff583aa5d79cbff45379a805b2ddd4976df91c26d1bffdb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22419.exe

Filesize
468KB

MD5
8f170dab37e5b474910b60e24639c4d5

SHA1
0b93fbc10c3e6f1ca5e40b4f5fa59ce87d3f007c

SHA256
6edf636b6a466c5def00c82ddb3c43c830350414970b5627c8dec87b57624486

SHA512
abd11803b290c9b31a2946aa2e75f573a15bb8f5069e251c3e57c0a0056758e60712eaa331fda86758ba6ba12d930d038e916576e36c44dcf99243c902ad551a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe

Filesize
468KB

MD5
b57e315980b23e0b81aca251d76f5eaf

SHA1
389f63c8fb658cdda7377c25144413bf6043fb46

SHA256
7b954ee1c344e3f8fdfd5b2eb54eac57328b6964e80b3e02f9043fba1ed5b5fc

SHA512
249aac1ffaba127a26ba3447d39746240f321e75b75913b7174d8ac19b0b8101ad70ba2c0e3614a6ccad458ac9a5ae804ce9918ba8928e9522ba24beedf7a91b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31568.exe

Filesize
468KB

MD5
80776a948e3003631e88c364566ae420

SHA1
b11bdee924de9695f6b806ddbd71839d26658d53

SHA256
b672635d529bbe9d753c703292261e13f588c9ba5da41fe8820ea7fea7d0dfda

SHA512
1dc958f46e01daee76e72e4685b383ab882295b0c9071575871268a739cb6ce79edc1262f7c112fcf83a8819ef291a737c1ad84079bfd72d4e8bf1a50a28fd68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34509.exe

Filesize
468KB

MD5
dc50be6393287cd1faf5c617e295870a

SHA1
b61c0d8f713f4b67d3ebcac6201915c0e944af56

SHA256
88563c257799562d3886053f9c2b4c17f1fb57d72f016b8040115aa66e88118c

SHA512
46c656c5c2b5891f858ec29908510720b650ce7b20f892ccffd88dbabbcaf969791d3a6dd859f0105a11425c0d64fcab005ac17a907e0b65f37b70a315fd22e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37245.exe

Filesize
468KB

MD5
a9b8bddccdd1888f7a89d62262b52c70

SHA1
5330872cdfbdf12f65145f335158acfe17469144

SHA256
aca1d061477201ce47ec1ca8d8fe7e599143c34e494e6a5c0dfc98dfdb62a321

SHA512
a4efd332741a57e65247fdf568ad29bd44809965edf191e12899b7851e8961171a4d29688d48506232d68c043234c6fd515b77cc7383bf3b4e5994bf3fe0a98e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe

Filesize
468KB

MD5
8f4401b026987c11f8063f37d4a92dd6

SHA1
cc3fc50e4c9eecceb8162236775913ad81ab21eb

SHA256
d67e5bd99dc5bd9c0146aaf772d14fdf226d5e482326122f9b98864a3804038a

SHA512
ab9c1ffb1588f9d13156a02e3ed0d7a5a0a7316d52d9d9dab57b1930ce5c8bad0a2d02064f2beb6bbe8d05345c7186e5a097eb7beb4310831303a20284a93b91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53415.exe

Filesize
468KB

MD5
c5dda069504d8d3679f7f08161d92b81

SHA1
b7c8a0843a82297f232f1db91fe08b6e3608163a

SHA256
bc5c9a08d3cd2ffac6bfffd8a3abf07105ce736287b11d618a7295f5f22de8c1

SHA512
6f688a86f1f4a8b2db8b0fecfd8f7e8f6e1e603b7392c4c0860b787587845d282bc146d0be8349c3404e2e84e3124ec9e0ef5808470d925f0d6f6fc59e632d19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58137.exe

Filesize
468KB

MD5
8565fa6d1150aa9c85b08e06bb0dd284

SHA1
8464f8e3136ef7cbe279d2996c730d5bc0a139e8

SHA256
c2ea825dff73ae57568c7e2cc50cca58292147b0e2f026fcadf63ca26281ce7e

SHA512
f5e6cc55768b4bc21564d0e1481fab991167e7683cde9ed47c7e65014ff2fd58eaf634884bffd95a1548b0a4f9338f76a7135a6de35e452872531828530174d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58459.exe

Filesize
468KB

MD5
3ac604cc8b4235ac9d961b13c4a22c9b

SHA1
d1a3c2a0cb94e2f75fb4b007b629262793227871

SHA256
9be3cd7c788c7ebc53e2fafb5747fad952a7e55061be59eb7b061293f1e0c439

SHA512
fe800c8cc871ce6341b9e0684c8a12e05559dd0d3ffe510f9328b0c3cdf3888569bf473cd7fb20b13d4e93279b080a367d038b7659ede3cb2386052c866de245

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe

Filesize
468KB

MD5
9d6c7581386f0f3866ec6861414e1e42

SHA1
0661ee285859928e32f609de1af44c2a739e68ed

SHA256
d4a755328c512cdff2236708a564fcc6d11662403afa6e566cbd5c5e92e6ce15

SHA512
afb21b0885a2df246c2df5bd461c82c4353f484d694b88f2591088127c2b9b63b802dcba7567c3de71df1af6abe1ebdd934bec79b4e3913726bd32603c3ef94f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe

Filesize
468KB

MD5
69fbb83a1bae72d1272dc0a28ab6faa5

SHA1
dbb9668232f003e1abd18db992d663b558e5bb17

SHA256
9b7f27aaf6e9efefa1e76e0d3fc53636fe0ed6f169ec64d81348e5c6a7520aa8

SHA512
92562cd23c2106799746d0fe1137b44083b769ee0a648902c513b3a47c3c0b123315aa7772d8869ceeb9790d18e947f6e223abe1f29064724d06ae44484dc14f

Download Submit