52b090751d7126d0b30c05fc45ebcc50237ff3478fd09686178449f5d650e1a7

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0bda13f119a776c407726b27b4e09a60N.exe
Size

468KB
MD5

0bda13f119a776c407726b27b4e09a60
SHA1

4a686cc2f3e4bacd737f4546848888c44860a7c1
SHA256

52b090751d7126d0b30c05fc45ebcc50237ff3478fd09686178449f5d650e1a7
SHA512

05b7ac072641e37beead303ff622510ea837788731e1595106fc6d831e4a17c1dd4498ac7f3da11488fa38b796a4f12985de12afb996477e5d9218af4ee32aba
SSDEEP

3072:QblToRlZIC3otbHCXzcjffT9EWhF8mpD8LHCkdh/eaOWg67NNjlO:QbtoO0otuX4jffomxSeaBr7NN

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2792	Unicorn-62310.exe
2672	Unicorn-59741.exe
2644	Unicorn-44796.exe
2560	Unicorn-22321.exe
1124	Unicorn-51001.exe
1412	Unicorn-10815.exe
1236	Unicorn-34765.exe
2900	Unicorn-58439.exe
2388	Unicorn-58994.exe
112	Unicorn-43556.exe
2064	Unicorn-53348.exe
1148	Unicorn-7676.exe
544	Unicorn-24817.exe
1760	Unicorn-7676.exe
1728	Unicorn-1546.exe
2940	Unicorn-54438.exe
2256	Unicorn-42740.exe
1868	Unicorn-44708.exe
1212	Unicorn-9989.exe
2240	Unicorn-64936.exe
2960	Unicorn-42570.exe
980	Unicorn-22704.exe
1188	Unicorn-42570.exe
788	Unicorn-39040.exe
2352	Unicorn-28180.exe
2516	Unicorn-28180.exe
1856	Unicorn-19249.exe
1724	Unicorn-1537.exe
832	Unicorn-51869.exe
2372	Unicorn-12319.exe
1972	Unicorn-22268.exe
1040	Unicorn-28455.exe
2316	Unicorn-40515.exe
876	Unicorn-20649.exe
2188	Unicorn-20649.exe
3032	Unicorn-34384.exe
2980	Unicorn-40250.exe
3028	Unicorn-54905.exe
1592	Unicorn-54905.exe
2096	Unicorn-45922.exe
2920	Unicorn-59657.exe
2308	Unicorn-250.exe
2592	Unicorn-31361.exe
2656	Unicorn-51873.exe
2584	Unicorn-34682.exe
2996	Unicorn-43613.exe
2840	Unicorn-43613.exe
2568	Unicorn-18147.exe
1940	Unicorn-7795.exe
1536	Unicorn-27661.exe
2864	Unicorn-43696.exe
1340	Unicorn-19554.exe
2652	Unicorn-23830.exe
1332	Unicorn-23830.exe
1636	Unicorn-37374.exe
1820	Unicorn-52056.exe
552	Unicorn-19174.exe
1496	Unicorn-25305.exe
2244	Unicorn-5255.exe
2176	Unicorn-55359.exe
1468	Unicorn-28716.exe
3060	Unicorn-55359.exe
1256	Unicorn-9422.exe
652	Unicorn-59827.exe

Loads dropped DLL 64 IoCs

pid	Process
2704	0bda13f119a776c407726b27b4e09a60N.exe
2704	0bda13f119a776c407726b27b4e09a60N.exe
2704	0bda13f119a776c407726b27b4e09a60N.exe
2704	0bda13f119a776c407726b27b4e09a60N.exe
2792	Unicorn-62310.exe
2792	Unicorn-62310.exe
2672	Unicorn-59741.exe
2672	Unicorn-59741.exe
2704	0bda13f119a776c407726b27b4e09a60N.exe
2704	0bda13f119a776c407726b27b4e09a60N.exe
2792	Unicorn-62310.exe
2792	Unicorn-62310.exe
2644	Unicorn-44796.exe
2644	Unicorn-44796.exe
2560	Unicorn-22321.exe
2560	Unicorn-22321.exe
2672	Unicorn-59741.exe
2672	Unicorn-59741.exe
1412	Unicorn-10815.exe
1412	Unicorn-10815.exe
2792	Unicorn-62310.exe
1236	Unicorn-34765.exe
1124	Unicorn-51001.exe
2644	Unicorn-44796.exe
2704	0bda13f119a776c407726b27b4e09a60N.exe
2644	Unicorn-44796.exe
2792	Unicorn-62310.exe
2704	0bda13f119a776c407726b27b4e09a60N.exe
1124	Unicorn-51001.exe
1236	Unicorn-34765.exe
2900	Unicorn-58439.exe
2900	Unicorn-58439.exe
2560	Unicorn-22321.exe
2560	Unicorn-22321.exe
2388	Unicorn-58994.exe
2388	Unicorn-58994.exe
2672	Unicorn-59741.exe
2672	Unicorn-59741.exe
112	Unicorn-43556.exe
112	Unicorn-43556.exe
1412	Unicorn-10815.exe
1148	Unicorn-7676.exe
544	Unicorn-24817.exe
1412	Unicorn-10815.exe
1148	Unicorn-7676.exe
544	Unicorn-24817.exe
1236	Unicorn-34765.exe
1236	Unicorn-34765.exe
1760	Unicorn-7676.exe
2064	Unicorn-53348.exe
2064	Unicorn-53348.exe
1760	Unicorn-7676.exe
2704	0bda13f119a776c407726b27b4e09a60N.exe
2704	0bda13f119a776c407726b27b4e09a60N.exe
1728	Unicorn-1546.exe
1124	Unicorn-51001.exe
1728	Unicorn-1546.exe
1124	Unicorn-51001.exe
2644	Unicorn-44796.exe
2644	Unicorn-44796.exe
2792	Unicorn-62310.exe
2792	Unicorn-62310.exe
2940	Unicorn-54438.exe
2940	Unicorn-54438.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32268.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49454.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3716.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18775.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-872.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55089.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6568.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41215.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54905.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43613.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62310.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59657.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63112.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55359.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1786.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38900.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-703.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4186.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44140.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41319.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20649.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52056.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10958.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55799.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56227.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6617.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5093.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54905.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18096.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59741.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58535.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2704	0bda13f119a776c407726b27b4e09a60N.exe
2792	Unicorn-62310.exe
2672	Unicorn-59741.exe
2644	Unicorn-44796.exe
2560	Unicorn-22321.exe
1124	Unicorn-51001.exe
1412	Unicorn-10815.exe
1236	Unicorn-34765.exe
2900	Unicorn-58439.exe
2388	Unicorn-58994.exe
2064	Unicorn-53348.exe
1148	Unicorn-7676.exe
544	Unicorn-24817.exe
112	Unicorn-43556.exe
1760	Unicorn-7676.exe
1728	Unicorn-1546.exe
2940	Unicorn-54438.exe
2256	Unicorn-42740.exe
1868	Unicorn-44708.exe
1212	Unicorn-9989.exe
2240	Unicorn-64936.exe
2960	Unicorn-42570.exe
980	Unicorn-22704.exe
1188	Unicorn-42570.exe
788	Unicorn-39040.exe
2352	Unicorn-28180.exe
2516	Unicorn-28180.exe
1856	Unicorn-19249.exe
832	Unicorn-51869.exe
2372	Unicorn-12319.exe
1972	Unicorn-22268.exe
1724	Unicorn-1537.exe
2316	Unicorn-40515.exe
3032	Unicorn-34384.exe
876	Unicorn-20649.exe
2652	Unicorn-23830.exe
1332	Unicorn-23830.exe
2996	Unicorn-43613.exe
2392	Unicorn-38461.exe
1040	Unicorn-28455.exe
2592	Unicorn-31361.exe
2568	Unicorn-18147.exe
2188	Unicorn-20649.exe
2096	Unicorn-45922.exe
1536	Unicorn-27661.exe
1820	Unicorn-52056.exe
2980	Unicorn-40250.exe
2056	Unicorn-21591.exe
3028	Unicorn-54905.exe
2920	Unicorn-59657.exe
1340	Unicorn-19554.exe
2584	Unicorn-34682.exe
1592	Unicorn-54905.exe
1636	Unicorn-37374.exe
2656	Unicorn-51873.exe
2840	Unicorn-43613.exe
2308	Unicorn-250.exe
552	Unicorn-19174.exe
652	Unicorn-59827.exe
2864	Unicorn-43696.exe
2640	Unicorn-46864.exe
1076	Unicorn-16769.exe
3060	Unicorn-55359.exe
2244	Unicorn-5255.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2704 wrote to memory of 2792	2704	0bda13f119a776c407726b27b4e09a60N.exe	31
PID 2704 wrote to memory of 2792	2704	0bda13f119a776c407726b27b4e09a60N.exe	31
PID 2704 wrote to memory of 2792	2704	0bda13f119a776c407726b27b4e09a60N.exe	31
PID 2704 wrote to memory of 2792	2704	0bda13f119a776c407726b27b4e09a60N.exe	31
PID 2704 wrote to memory of 2672	2704	0bda13f119a776c407726b27b4e09a60N.exe	32
PID 2704 wrote to memory of 2672	2704	0bda13f119a776c407726b27b4e09a60N.exe	32
PID 2704 wrote to memory of 2672	2704	0bda13f119a776c407726b27b4e09a60N.exe	32
PID 2704 wrote to memory of 2672	2704	0bda13f119a776c407726b27b4e09a60N.exe	32
PID 2792 wrote to memory of 2644	2792	Unicorn-62310.exe	33
PID 2792 wrote to memory of 2644	2792	Unicorn-62310.exe	33
PID 2792 wrote to memory of 2644	2792	Unicorn-62310.exe	33
PID 2792 wrote to memory of 2644	2792	Unicorn-62310.exe	33
PID 2672 wrote to memory of 2560	2672	Unicorn-59741.exe	34
PID 2672 wrote to memory of 2560	2672	Unicorn-59741.exe	34
PID 2672 wrote to memory of 2560	2672	Unicorn-59741.exe	34
PID 2672 wrote to memory of 2560	2672	Unicorn-59741.exe	34
PID 2704 wrote to memory of 1124	2704	0bda13f119a776c407726b27b4e09a60N.exe	35
PID 2704 wrote to memory of 1124	2704	0bda13f119a776c407726b27b4e09a60N.exe	35
PID 2704 wrote to memory of 1124	2704	0bda13f119a776c407726b27b4e09a60N.exe	35
PID 2704 wrote to memory of 1124	2704	0bda13f119a776c407726b27b4e09a60N.exe	35
PID 2792 wrote to memory of 1412	2792	Unicorn-62310.exe	36
PID 2792 wrote to memory of 1412	2792	Unicorn-62310.exe	36
PID 2792 wrote to memory of 1412	2792	Unicorn-62310.exe	36
PID 2792 wrote to memory of 1412	2792	Unicorn-62310.exe	36
PID 2644 wrote to memory of 1236	2644	Unicorn-44796.exe	37
PID 2644 wrote to memory of 1236	2644	Unicorn-44796.exe	37
PID 2644 wrote to memory of 1236	2644	Unicorn-44796.exe	37
PID 2644 wrote to memory of 1236	2644	Unicorn-44796.exe	37
PID 2560 wrote to memory of 2900	2560	Unicorn-22321.exe	38
PID 2560 wrote to memory of 2900	2560	Unicorn-22321.exe	38
PID 2560 wrote to memory of 2900	2560	Unicorn-22321.exe	38
PID 2560 wrote to memory of 2900	2560	Unicorn-22321.exe	38
PID 2672 wrote to memory of 2388	2672	Unicorn-59741.exe	39
PID 2672 wrote to memory of 2388	2672	Unicorn-59741.exe	39
PID 2672 wrote to memory of 2388	2672	Unicorn-59741.exe	39
PID 2672 wrote to memory of 2388	2672	Unicorn-59741.exe	39
PID 1412 wrote to memory of 112	1412	Unicorn-10815.exe	40
PID 1412 wrote to memory of 112	1412	Unicorn-10815.exe	40
PID 1412 wrote to memory of 112	1412	Unicorn-10815.exe	40
PID 1412 wrote to memory of 112	1412	Unicorn-10815.exe	40
PID 2644 wrote to memory of 2064	2644	Unicorn-44796.exe	44
PID 2644 wrote to memory of 2064	2644	Unicorn-44796.exe	44
PID 2644 wrote to memory of 2064	2644	Unicorn-44796.exe	44
PID 2644 wrote to memory of 2064	2644	Unicorn-44796.exe	44
PID 2704 wrote to memory of 544	2704	0bda13f119a776c407726b27b4e09a60N.exe	45
PID 2704 wrote to memory of 544	2704	0bda13f119a776c407726b27b4e09a60N.exe	45
PID 2704 wrote to memory of 544	2704	0bda13f119a776c407726b27b4e09a60N.exe	45
PID 2704 wrote to memory of 544	2704	0bda13f119a776c407726b27b4e09a60N.exe	45
PID 1124 wrote to memory of 1760	1124	Unicorn-51001.exe	43
PID 1124 wrote to memory of 1760	1124	Unicorn-51001.exe	43
PID 1124 wrote to memory of 1760	1124	Unicorn-51001.exe	43
PID 1124 wrote to memory of 1760	1124	Unicorn-51001.exe	43
PID 1236 wrote to memory of 1148	1236	Unicorn-34765.exe	42
PID 1236 wrote to memory of 1148	1236	Unicorn-34765.exe	42
PID 1236 wrote to memory of 1148	1236	Unicorn-34765.exe	42
PID 1236 wrote to memory of 1148	1236	Unicorn-34765.exe	42
PID 2792 wrote to memory of 1728	2792	Unicorn-62310.exe	41
PID 2792 wrote to memory of 1728	2792	Unicorn-62310.exe	41
PID 2792 wrote to memory of 1728	2792	Unicorn-62310.exe	41
PID 2792 wrote to memory of 1728	2792	Unicorn-62310.exe	41
PID 2900 wrote to memory of 2940	2900	Unicorn-58439.exe	46
PID 2900 wrote to memory of 2940	2900	Unicorn-58439.exe	46
PID 2900 wrote to memory of 2940	2900	Unicorn-58439.exe	46
PID 2900 wrote to memory of 2940	2900	Unicorn-58439.exe	46

C:\Users\Admin\AppData\Local\Temp\0bda13f119a776c407726b27b4e09a60N.exe
"C:\Users\Admin\AppData\Local\Temp\0bda13f119a776c407726b27b4e09a60N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34765.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7676.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19771.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45292.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41700.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44628.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
        7⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55359.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64437.exe
        6⤵
        
        PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
        6⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
        6⤵
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6617.exe
        6⤵
        
        PID:3912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41215.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37374.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-927.exe
        5⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
        5⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
        5⤵
        
        PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60810.exe
        5⤵
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18273.exe
        5⤵
        
        PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53348.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28716.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55799.exe
        5⤵
        
        PID:532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38494.exe
        5⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19704.exe
        5⤵
        
        PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12319.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58592.exe
        5⤵
        
        PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65306.exe
        5⤵
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1052.exe
        5⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        5⤵
        
        PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9422.exe
      4⤵
      Executes dropped EXE
      PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42937.exe
      4⤵
      PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
      4⤵
      PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61329.exe
      4⤵
      PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55143.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55143.exe
      4⤵
      PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
      4⤵
      PID:3152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17724.exe
        6⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
        6⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45922.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5093.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
        5⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28586.exe
        5⤵
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        5⤵
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
        5⤵
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17092.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59657.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10958.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
      4⤵
      PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14962.exe
      4⤵
      PID:3536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1546.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1546.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55359.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45737.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41867.exe
      4⤵
      PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
      4⤵
      PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19427.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18096.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
      4⤵
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
        5⤵
        
        PID:3780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
        5⤵
        
        PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
      4⤵
      PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6617.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6617.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34682.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63970.exe
    3⤵
    PID:1564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35226.exe
    3⤵
    PID:2600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12564.exe
    3⤵
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13827.exe
    3⤵
    PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
    3⤵
    PID:3480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28455.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
        6⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21586.exe
        6⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20649.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52056.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51332.exe
        6⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12655.exe
        6⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        6⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41319.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64985.exe
        5⤵
        
        PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17996.exe
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        5⤵
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3716.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
        5⤵
        
        PID:3872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23493.exe
        5⤵
        
        PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
        5⤵
        
        PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6568.exe
        5⤵
        
        PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        5⤵
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15063.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34384.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25305.exe
        5⤵
        Executes dropped EXE
        
        PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45385.exe
        5⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
        5⤵
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58535.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3186.exe
        5⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5255.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46938.exe
      4⤵
      PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49447.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63036.exe
      4⤵
      PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-707.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14453.exe
      4⤵
      PID:4076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58994.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40515.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43696.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18575.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18400.exe
        6⤵
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31598.exe
        6⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
        5⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24441.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
        5⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43744.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62103.exe
        5⤵
        
        PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20649.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
      4⤵
      PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62750.exe
      4⤵
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
      4⤵
      PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
      4⤵
      PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
      4⤵
      PID:3156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54905.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
      4⤵
      PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
      4⤵
      PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
      4⤵
      PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
      4⤵
      PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45288.exe
      4⤵
      PID:3864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40250.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13969.exe
    3⤵
    PID:1676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38461.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
      4⤵
      PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51571.exe
      4⤵
      PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49454.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
    3⤵
    PID:1864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28869.exe
    3⤵
    PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49488.exe
    3⤵
    PID:3856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65494.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65494.exe
    3⤵
    PID:3916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7676.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
      4⤵
      PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43542.exe
      4⤵
      PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1052.exe
      4⤵
      PID:3176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51869.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31361.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
      4⤵
      PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38900.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23787.exe
    3⤵
    PID:1568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
    3⤵
    PID:1284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe
    3⤵
    PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32268.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
    3⤵
    PID:3660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42570.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43613.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
      4⤵
      PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe
      4⤵
      PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18775.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7795.exe
    3⤵
    - Executes dropped EXE
    PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
    3⤵
    PID:440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6568.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6568.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56227.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36493.exe
    3⤵
    PID:3560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62103.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19249.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19249.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
    3⤵
    PID:2356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe
    3⤵
    PID:3736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18147.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18147.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15651.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15651.exe
  2⤵
  PID:612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42439.exe
  2⤵
  PID:1072
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21915.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21915.exe
  2⤵
  PID:2632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
  2⤵
  PID:352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
  2⤵
  PID:3528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15031.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15031.exe
  2⤵
  PID:1832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe

Filesize
468KB

MD5
a9f5a5ba11609f5e96bf7a429aff4408

SHA1
c301a90e4d803baeef03ddd9c804059feab0f98a

SHA256
b0f71a246322b1bb7392996a21627d6b24b5b582eb2f446fdb983df3ded0b9c3

SHA512
0ad7c01ae188cf3af3fbd515825afd68fb69c268d71a5c7dcdbfb5b5e083d70ff746942217bae568e143d03b90a6fa66d92c1ba13673444e73619c604be026cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34765.exe

Filesize
468KB

MD5
c5acb2f418bfcd219504ac5b7c5ef5a7

SHA1
5634145e5ed7bf593c8fb72dcc1bce2363ebbe23

SHA256
4d3d1b8739ee4cd8ac0e03a00e0f07d0696f09f9882788a5436300d2ff51ed0f

SHA512
0311a43e95fccf3c1fa99ba4b1d1351a10c0f38af8ab36fc0e63d029235d6310021542dfe8646beaf2d732f5fa2dd3a492a9f9ff75604d87c454f0518f3f3a55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe

Filesize
468KB

MD5
5c8845443459d1ec846fae7f692110f6

SHA1
cb0373b4bc8f53984652b709c295000170441d80

SHA256
3039f739d8c4649ecb35e0863482530098b247f07cfe5b96a162d2705d84d003

SHA512
e3b81c47b7f877e28c4463f6ae806dde3d091c4649e3cf61e45adfaa9b446702e3996283eb9065673c655548b4e752c032167caacd9775c672689bcb8776382b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe

Filesize
468KB

MD5
a5c4baeaaaa25e02b9149a76db1787dd

SHA1
80349972962ce525ff5d8981c40ff68a2801a153

SHA256
e11ce51bb348f3f687d6a8c4059a5e42bcc7e50b141cc9b70d30da31748f4a28

SHA512
3dc866e01aa723c01228cb3557ec3affc1905700062c2f890d125a016c8bddd594598f2a0d5b5e35b7f1292f40bae2e799497e09526a162edc02cad7a8f1918a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51001.exe

Filesize
468KB

MD5
5df3e1625bc6246752d8da5ea5079851

SHA1
78791356dc2a952224a38cb36c33b154eee05c7c

SHA256
5b8ee8eba3d24ba9debc6065ff9c587572efcd6bbcb352393d5151b6e8bab016

SHA512
8a323289163f9a309d8a6d58e44e2a8d25bd04c39e1b6d8daadb2c6cbf4138a19ce271995d3af0ff4bb026dd9b127746dab9f315c44e8ea215115fc1ca8cd679

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10815.exe

Filesize
468KB

MD5
ab9d744dcc3474f696abe0f85410a092

SHA1
7810fd257b10fe5926517961dcd827a90ae6b4b0

SHA256
6b93e89325da7c8467333c577d35426f40317744a08b54b98183ba6838c8922c

SHA512
db090f7f00571dbe283c980e1408ad67007f4f1005ef29d77027883d535edf0c5ea7d07e24e4ff9635af4c7c1aad5e558f2a8e67bb451034674a3db206c8ae55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1546.exe

Filesize
468KB

MD5
515cdf104835e8eda5bb4543e7fc3455

SHA1
363ebb4eb74a679db3a63697acbb652e090f784d

SHA256
b45879e269122c1e4a2fbc1b2fc85d6c3be4914ae9c051e48d006d01af7da68c

SHA512
597b9667cdfa4f9c0a7d5af9a9864bcd7e28bfeb508add5fa725212321e9a06da76dcb0055d224c195d01be1fd46b29dcbc1168bbd24c596100e661e0285c7c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24817.exe

Filesize
468KB

MD5
7a87d0089cc0209162aec580eb1a4fc4

SHA1
ede7782213d1630293e73e6c858767095db28c35

SHA256
85d271d7b9882d3fc3c249aea8411b3089fe8086ff1f068037107894000a2e4c

SHA512
2441cb1fb13ed435f538225c97007228355c69dc4b420e62bb481216c6b0266d3261ae819a8b6d7c6a4efb971f771d9998c5683ea7b8b29331a3eb091d6c9f87

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42740.exe

Filesize
468KB

MD5
0033a648d0ecb3061fbcdf3643cb1768

SHA1
f41c8d7d409f68f6eb7fa87832540817b5b69ffc

SHA256
74799865d84b1dc2e7e170763400b41c377b94186b3f3f37498f22ed6a1e42e9

SHA512
395e57e259b0a26d41a38a6edb8d1c90ce44b582b05c2bd2876a4a28804315def851517a4604bb68aa338f3f9867615fa1ff85d0a456fd06e766bda098d45031

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe

Filesize
468KB

MD5
0cfbafc6a74baa4d1fa0a18572ac6f37

SHA1
1cd8d90c55fd136f6cb46cafe4e79dce943d7529

SHA256
569fab325909112150037881aa5bb746bf6653b286d5f4b4062b0eff62b2925c

SHA512
5e820c70800b2e4f7d1fbe392e4182ef4bfdfa5eb5dbe7c14a2d2e7d396ec9826c493f70da1220193dd12e8785c2cbcb7554c8eb2b4e1a0ea0648c12c038bc38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53348.exe

Filesize
468KB

MD5
23b8c85c223c87a02b956a1a9b1c36a4

SHA1
544e4377626bf7a97d759886f7ed41bd5d31c310

SHA256
6606cc023ed04d2c593499ac4eba55e9dce8b8cb7e8e2f8f348cf5fa01a35496

SHA512
5bb5e1e13e9e8bcb102f140bcdf367a8ebb7f722527c55a9a597b9c75090c75605a88bf20216790ed02784a205a166a274a711047159736756eb1fab493614f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54438.exe

Filesize
468KB

MD5
76339f75e8eafcd6c25021af56ad7546

SHA1
134eceef444f84f8ab4bfaad00539b11820ee6c0

SHA256
1692efdc5df16cd90cd47737105b85f73ef12d6e96dc596d04839a2cd4ba137f

SHA512
78517272a7278a022d5fd4aa6a6132471c27753f942f1a20ce3a99c91c9d709a1f94a50abe714e9441554e1894639c2ce6ac948d9168fc11b0574ab90991ef13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe

Filesize
468KB

MD5
ea3e1bad294c6d4bacb1fe263f44394a

SHA1
98f8c5fa9aa2be03de36e98e1ad657fa2ab69c8f

SHA256
dde82d100d7d19ba1bcd595a794c8c71b0be84eff5e684a0dce1796b883593ee

SHA512
1db01f5dfe7184e939049c3017707790215761eedad98a937065fd34222776bded8b16c27a59f5c4542ceb35daebe6d6dfc6b838ab062261e4fb7516361aa878

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58994.exe

Filesize
468KB

MD5
850c4d5520359da59764018c25a26c5e

SHA1
2a76681456df16881ad960395bd385d4f1a81301

SHA256
15d3ad2ad1e43de6a31e6c51d1af4d50b56483022da27b73261af8c2c6afa364

SHA512
8d97c162fe401c1517bd9e78bea5aa1a0ba6684bd72b3478ace80bdce396ad3f13fa194578e6fee383212e655d670a53ac811eb500d17d2a29900f987746b136

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe

Filesize
468KB

MD5
1e6c9a1dc9733b7357a625e423a649b5

SHA1
3749efc5fe3ea1bdbad09d1f334c22a60bb107ae

SHA256
ebf098cd4aaec676afc679cbb9e4985fc63215b063da7945c7fcec35558f1eb9

SHA512
d25cca3e31c06e9c89fd5a9817fab1ad6a39fe35290445cd0330f033d16ef6c17d9379c00785fb3e12f699860f17a332f7e50813643d1eeebd9bd56a132d4cb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe

Filesize
468KB

MD5
e635af2d9eaa5c7a8227c7362336a7c6

SHA1
fcccd4ffd3d8270a375f514fb9e5bb0eb4542f02

SHA256
a72d478b00143fc596e1071bde38ba64abab3afbc06349b632db92b64d199d7e

SHA512
6bfa1cecef26c244741f6d43e59ff96fb08eb0fa82b258c9ea41bac2418b1124033cc98220c3ba69fa1a83a481d98ee93daa3b605d516c0e737ee208415baf15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7676.exe

Filesize
468KB

MD5
14664a0f4a7e28f7d2493a53e0fa7145

SHA1
942c64952910f90a5bfb86566dd002f3948b9cbf

SHA256
35d651a8e07b826b389916d8d2a3e6c7f19b783d2b6707ae13237b8ece793352

SHA512
e6886e43a055552b66ad0a978925eb96d238b7a90d592efc416763877f042ec3013893736d14e2186aa3b4e677fc17b0d6a92a74dc9ab886101a22cf2293b88b

Download Submit