c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 05:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe
Size

468KB
MD5

2db348301e99448b8b87be815b673220
SHA1

09f73ee9dde43257683f08f9b3de3ae85133cae3
SHA256

c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9
SHA512

2acd98400dece243781a7b55796fccdf8fc47960ff7e4ea6bd782365edf8809468cfc6f1c08d327df4ad22c38fa92cf95c9e41c295813dadb573b8a2d37a9892
SSDEEP

3072:ib9eogWCId5ItbYwPztjof8BRCMvPgxaa0HeGfqEclI8UMKLk9lh:ibsoxbItvPJjofgkXcclZNKLk

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2720	Unicorn-51432.exe
2676	Unicorn-61170.exe
2704	Unicorn-80.exe
2748	Unicorn-17803.exe
2856	Unicorn-21760.exe
2692	Unicorn-52395.exe
740	Unicorn-8601.exe
2012	Unicorn-2312.exe
2020	Unicorn-45763.exe
2128	Unicorn-41508.exe
2236	Unicorn-5114.exe
456	Unicorn-24980.exe
2200	Unicorn-10755.exe
2336	Unicorn-10490.exe
2448	Unicorn-61802.exe
2152	Unicorn-10921.exe
920	Unicorn-56401.exe
1596	Unicorn-40901.exe
952	Unicorn-12099.exe
1600	Unicorn-31965.exe
1008	Unicorn-946.exe
316	Unicorn-65021.exe
2268	Unicorn-6583.exe
1932	Unicorn-52255.exe
792	Unicorn-55628.exe
1512	Unicorn-50797.exe
2432	Unicorn-2757.exe
1716	Unicorn-41560.exe
652	Unicorn-15830.exe
1088	Unicorn-49811.exe
360	Unicorn-54258.exe
2292	Unicorn-8586.exe
1588	Unicorn-53577.exe
2700	Unicorn-10506.exe
2812	Unicorn-56754.exe
2860	Unicorn-9245.exe
2660	Unicorn-7429.exe
2736	Unicorn-41948.exe
2708	Unicorn-35612.exe
2572	Unicorn-6085.exe
2140	Unicorn-40112.exe
2204	Unicorn-40377.exe
752	Unicorn-15873.exe
2116	Unicorn-9742.exe
3036	Unicorn-48353.exe
1184	Unicorn-64695.exe
2820	Unicorn-8782.exe
2800	Unicorn-60584.exe
2060	Unicorn-14912.exe
2136	Unicorn-54995.exe
3060	Unicorn-58249.exe
2372	Unicorn-4834.exe
2232	Unicorn-15571.exe
2192	Unicorn-28762.exe
1908	Unicorn-65156.exe
844	Unicorn-14154.exe
648	Unicorn-58223.exe
2028	Unicorn-32183.exe
1872	Unicorn-32183.exe
1896	Unicorn-32183.exe
328	Unicorn-32183.exe
1524	Unicorn-26628.exe
1520	Unicorn-27029.exe
1160	Unicorn-44025.exe

Loads dropped DLL 64 IoCs

pid	Process
2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe
2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe
2720	Unicorn-51432.exe
2720	Unicorn-51432.exe
2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe
2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe
2704	Unicorn-80.exe
2704	Unicorn-80.exe
2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe
2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe
2676	Unicorn-61170.exe
2676	Unicorn-61170.exe
2720	Unicorn-51432.exe
2720	Unicorn-51432.exe
2748	Unicorn-17803.exe
2748	Unicorn-17803.exe
2704	Unicorn-80.exe
2704	Unicorn-80.exe
2692	Unicorn-52395.exe
2692	Unicorn-52395.exe
2676	Unicorn-61170.exe
2676	Unicorn-61170.exe
2856	Unicorn-21760.exe
2856	Unicorn-21760.exe
740	Unicorn-8601.exe
2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe
740	Unicorn-8601.exe
2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe
2720	Unicorn-51432.exe
2720	Unicorn-51432.exe
672	WerFault.exe
672	WerFault.exe
672	WerFault.exe
672	WerFault.exe
672	WerFault.exe
672	WerFault.exe
672	WerFault.exe
2012	Unicorn-2312.exe
2012	Unicorn-2312.exe
2748	Unicorn-17803.exe
2748	Unicorn-17803.exe
2128	Unicorn-41508.exe
2128	Unicorn-41508.exe
2692	Unicorn-52395.exe
2020	Unicorn-45763.exe
2692	Unicorn-52395.exe
2020	Unicorn-45763.exe
2704	Unicorn-80.exe
2704	Unicorn-80.exe
2200	Unicorn-10755.exe
2200	Unicorn-10755.exe
740	Unicorn-8601.exe
456	Unicorn-24980.exe
740	Unicorn-8601.exe
456	Unicorn-24980.exe
2856	Unicorn-21760.exe
2856	Unicorn-21760.exe
2236	Unicorn-5114.exe
2236	Unicorn-5114.exe
2676	Unicorn-61170.exe
2676	Unicorn-61170.exe
2448	Unicorn-61802.exe
2448	Unicorn-61802.exe
2720	Unicorn-51432.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
672	2336	WerFault.exe	43

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16892.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8332.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54258.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54111.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22823.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64695.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38607.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10755.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61653.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20913.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60048.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1845.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10510.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30991.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34317.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40377.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19627.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11789.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25557.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5114.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26628.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13910.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6085.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37138.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35527.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23566.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27247.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34289.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15342.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32919.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36337.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9471.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43353.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17062.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe
2720	Unicorn-51432.exe
2704	Unicorn-80.exe
2676	Unicorn-61170.exe
2748	Unicorn-17803.exe
740	Unicorn-8601.exe
2692	Unicorn-52395.exe
2856	Unicorn-21760.exe
2012	Unicorn-2312.exe
2020	Unicorn-45763.exe
2128	Unicorn-41508.exe
2236	Unicorn-5114.exe
2200	Unicorn-10755.exe
456	Unicorn-24980.exe
2336	Unicorn-10490.exe
2448	Unicorn-61802.exe
2152	Unicorn-10921.exe
920	Unicorn-56401.exe
1596	Unicorn-40901.exe
952	Unicorn-12099.exe
1600	Unicorn-31965.exe
1008	Unicorn-946.exe
1932	Unicorn-52255.exe
316	Unicorn-65021.exe
2268	Unicorn-6583.exe
792	Unicorn-55628.exe
1512	Unicorn-50797.exe
2432	Unicorn-2757.exe
1716	Unicorn-41560.exe
652	Unicorn-15830.exe
1088	Unicorn-49811.exe
360	Unicorn-54258.exe
1588	Unicorn-53577.exe
2700	Unicorn-10506.exe
2292	Unicorn-8586.exe
2812	Unicorn-56754.exe
2860	Unicorn-9245.exe
2736	Unicorn-41948.exe
2660	Unicorn-7429.exe
2708	Unicorn-35612.exe
2572	Unicorn-6085.exe
2140	Unicorn-40112.exe
752	Unicorn-15873.exe
2116	Unicorn-9742.exe
2204	Unicorn-40377.exe
3036	Unicorn-48353.exe
2060	Unicorn-14912.exe
3060	Unicorn-58249.exe
2800	Unicorn-60584.exe
2136	Unicorn-54995.exe
1184	Unicorn-64695.exe
2820	Unicorn-8782.exe
2372	Unicorn-4834.exe
2232	Unicorn-15571.exe
1908	Unicorn-65156.exe
2192	Unicorn-28762.exe
648	Unicorn-58223.exe
844	Unicorn-14154.exe
1896	Unicorn-32183.exe
2028	Unicorn-32183.exe
1872	Unicorn-32183.exe
328	Unicorn-32183.exe
1524	Unicorn-26628.exe
1520	Unicorn-27029.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2720	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	30
PID 2664 wrote to memory of 2720	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	30
PID 2664 wrote to memory of 2720	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	30
PID 2664 wrote to memory of 2720	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	30
PID 2720 wrote to memory of 2676	2720	Unicorn-51432.exe	31
PID 2720 wrote to memory of 2676	2720	Unicorn-51432.exe	31
PID 2720 wrote to memory of 2676	2720	Unicorn-51432.exe	31
PID 2720 wrote to memory of 2676	2720	Unicorn-51432.exe	31
PID 2664 wrote to memory of 2704	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	32
PID 2664 wrote to memory of 2704	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	32
PID 2664 wrote to memory of 2704	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	32
PID 2664 wrote to memory of 2704	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	32
PID 2704 wrote to memory of 2748	2704	Unicorn-80.exe	33
PID 2704 wrote to memory of 2748	2704	Unicorn-80.exe	33
PID 2704 wrote to memory of 2748	2704	Unicorn-80.exe	33
PID 2704 wrote to memory of 2748	2704	Unicorn-80.exe	33
PID 2664 wrote to memory of 2856	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	34
PID 2664 wrote to memory of 2856	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	34
PID 2664 wrote to memory of 2856	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	34
PID 2664 wrote to memory of 2856	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	34
PID 2676 wrote to memory of 2692	2676	Unicorn-61170.exe	35
PID 2676 wrote to memory of 2692	2676	Unicorn-61170.exe	35
PID 2676 wrote to memory of 2692	2676	Unicorn-61170.exe	35
PID 2676 wrote to memory of 2692	2676	Unicorn-61170.exe	35
PID 2720 wrote to memory of 740	2720	Unicorn-51432.exe	36
PID 2720 wrote to memory of 740	2720	Unicorn-51432.exe	36
PID 2720 wrote to memory of 740	2720	Unicorn-51432.exe	36
PID 2720 wrote to memory of 740	2720	Unicorn-51432.exe	36
PID 2748 wrote to memory of 2012	2748	Unicorn-17803.exe	37
PID 2748 wrote to memory of 2012	2748	Unicorn-17803.exe	37
PID 2748 wrote to memory of 2012	2748	Unicorn-17803.exe	37
PID 2748 wrote to memory of 2012	2748	Unicorn-17803.exe	37
PID 2704 wrote to memory of 2020	2704	Unicorn-80.exe	38
PID 2704 wrote to memory of 2020	2704	Unicorn-80.exe	38
PID 2704 wrote to memory of 2020	2704	Unicorn-80.exe	38
PID 2704 wrote to memory of 2020	2704	Unicorn-80.exe	38
PID 2692 wrote to memory of 2128	2692	Unicorn-52395.exe	39
PID 2692 wrote to memory of 2128	2692	Unicorn-52395.exe	39
PID 2692 wrote to memory of 2128	2692	Unicorn-52395.exe	39
PID 2692 wrote to memory of 2128	2692	Unicorn-52395.exe	39
PID 2676 wrote to memory of 2236	2676	Unicorn-61170.exe	40
PID 2676 wrote to memory of 2236	2676	Unicorn-61170.exe	40
PID 2676 wrote to memory of 2236	2676	Unicorn-61170.exe	40
PID 2676 wrote to memory of 2236	2676	Unicorn-61170.exe	40
PID 2856 wrote to memory of 456	2856	Unicorn-21760.exe	41
PID 2856 wrote to memory of 456	2856	Unicorn-21760.exe	41
PID 2856 wrote to memory of 456	2856	Unicorn-21760.exe	41
PID 2856 wrote to memory of 456	2856	Unicorn-21760.exe	41
PID 740 wrote to memory of 2200	740	Unicorn-8601.exe	42
PID 740 wrote to memory of 2200	740	Unicorn-8601.exe	42
PID 740 wrote to memory of 2200	740	Unicorn-8601.exe	42
PID 740 wrote to memory of 2200	740	Unicorn-8601.exe	42
PID 2664 wrote to memory of 2336	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	43
PID 2664 wrote to memory of 2336	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	43
PID 2664 wrote to memory of 2336	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	43
PID 2664 wrote to memory of 2336	2664	c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe	43
PID 2720 wrote to memory of 2448	2720	Unicorn-51432.exe	44
PID 2720 wrote to memory of 2448	2720	Unicorn-51432.exe	44
PID 2720 wrote to memory of 2448	2720	Unicorn-51432.exe	44
PID 2720 wrote to memory of 2448	2720	Unicorn-51432.exe	44
PID 2336 wrote to memory of 672	2336	Unicorn-10490.exe	45
PID 2336 wrote to memory of 672	2336	Unicorn-10490.exe	45
PID 2336 wrote to memory of 672	2336	Unicorn-10490.exe	45
PID 2336 wrote to memory of 672	2336	Unicorn-10490.exe	45

C:\Users\Admin\AppData\Local\Temp\c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe
"C:\Users\Admin\AppData\Local\Temp\c511b15a2e9e25c197945340e84ec8bb1412429de869d0d6678aa811af9cd0f9N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40901.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10506.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11127.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
        10⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
        10⤵
        
        PID:5104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        10⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        9⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
        9⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        9⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
        8⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19627.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11051.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15169.exe
        7⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        7⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        7⤵
        
        PID:5500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53169.exe
        8⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        8⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
        8⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
        8⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19463.exe
        7⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        7⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25057.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        7⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41392.exe
        6⤵
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        6⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30661.exe
        6⤵
        
        PID:4180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45980.exe
        6⤵
        
        PID:4172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
        6⤵
        
        PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        8⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        8⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51951.exe
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        7⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59284.exe
        7⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        7⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
        7⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        7⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        6⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
        7⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        7⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        6⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        6⤵
        
        PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
        6⤵
        
        PID:3124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
        6⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
        6⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51488.exe
        6⤵
        
        PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52764.exe
        5⤵
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5446.exe
        5⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23566.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        5⤵
        
        PID:4684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57187.exe
        5⤵
        
        PID:4340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5114.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10787.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
        7⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34818.exe
        7⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
        7⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27247.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
        6⤵
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        6⤵
        
        PID:3788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48918.exe
        6⤵
        
        PID:5100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        6⤵
        
        PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        5⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        6⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        6⤵
        
        PID:3564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        6⤵
        
        PID:4800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        6⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60957.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        5⤵
        
        PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52436.exe
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21822.exe
        5⤵
        
        PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2757.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        6⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        6⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
        6⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        6⤵
        
        PID:5696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41392.exe
        5⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
        5⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14806.exe
        5⤵
        
        PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54995.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17153.exe
        6⤵
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59687.exe
        6⤵
        
        PID:3816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        6⤵
        
        PID:4220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35806.exe
        6⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        5⤵
        
        PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
        5⤵
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        5⤵
        
        PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29962.exe
      4⤵
      PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
        5⤵
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34798.exe
        5⤵
        
        PID:4024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        5⤵
        
        PID:4224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        5⤵
        
        PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
      4⤵
      PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14913.exe
      4⤵
      PID:3536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10697.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51472.exe
      4⤵
      PID:5348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8601.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8601.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27029.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
        7⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29166.exe
        7⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15048.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
        7⤵
        
        PID:4308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        6⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        6⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60584.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
        6⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        6⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
        6⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13181.exe
        6⤵
        
        PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
        5⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe
        6⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13910.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41392.exe
        5⤵
        
        PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1845.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        5⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
        5⤵
        
        PID:5480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48353.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        6⤵
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        6⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        6⤵
        
        PID:3900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50431.exe
        6⤵
        
        PID:4492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        6⤵
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        5⤵
        
        PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
        5⤵
        
        PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42327.exe
        5⤵
        
        PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
        5⤵
        
        PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        5⤵
        
        PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        5⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        5⤵
        
        PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
      4⤵
      PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
      4⤵
      PID:784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
      4⤵
      PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28454.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28454.exe
      4⤵
      PID:5088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58249.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8332.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        6⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14806.exe
        6⤵
        
        PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13899.exe
        5⤵
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        5⤵
        
        PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13181.exe
        5⤵
        
        PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe
        5⤵
        
        PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        5⤵
        
        PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        5⤵
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        5⤵
        
        PID:5076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46899.exe
      4⤵
      PID:544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
      4⤵
      PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
      4⤵
      PID:4812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
      4⤵
      PID:4572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15830.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15873.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53029.exe
        5⤵
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe
        6⤵
        
        PID:4244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57301.exe
        5⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46792.exe
        5⤵
        
        PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        5⤵
        
        PID:5372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
      4⤵
      PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
      4⤵
      PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
      4⤵
      PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
      4⤵
      PID:5320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64695.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe
      4⤵
      PID:1904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
      4⤵
      PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
      4⤵
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
      4⤵
      PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
      4⤵
      PID:4652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12903.exe
    3⤵
    PID:1556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
    3⤵
    PID:1788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21130.exe
    3⤵
    PID:3988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17433.exe
    3⤵
    PID:4916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
    3⤵
    PID:4628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-80.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-80.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2312.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        8⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22502.exe
        8⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
        8⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        8⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        7⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11288.exe
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
        7⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
        6⤵
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
        6⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40102.exe
        6⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27233.exe
        6⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44313.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
        6⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        7⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41674.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        6⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        6⤵
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        6⤵
        
        PID:4472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        6⤵
        
        PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57760.exe
        5⤵
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
        6⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        6⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        6⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        6⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        6⤵
        
        PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59614.exe
        5⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50847.exe
        5⤵
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        5⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
        5⤵
        
        PID:5416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8586.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
        7⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        7⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        6⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
        6⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43769.exe
        6⤵
        
        PID:5056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35415.exe
        6⤵
        
        PID:4600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
        5⤵
        Executes dropped EXE
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
        6⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        6⤵
        
        PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        5⤵
        
        PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        5⤵
        
        PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
        5⤵
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10775.exe
        6⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
        6⤵
        
        PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
        5⤵
        
        PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        5⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
        5⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        5⤵
        
        PID:5284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe
      4⤵
      PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32726.exe
      4⤵
      PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50847.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
      4⤵
      PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9471.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31965.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
        6⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
        6⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4645.exe
        6⤵
        
        PID:3232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
        6⤵
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33758.exe
        6⤵
        
        PID:4360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        6⤵
        
        PID:5332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26230.exe
        5⤵
        
        PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        5⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
        5⤵
        
        PID:3700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33597.exe
        5⤵
        
        PID:4444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        5⤵
        
        PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        5⤵
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
        5⤵
        
        PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
        5⤵
        
        PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
      4⤵
      PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
      4⤵
      PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60290.exe
      4⤵
      PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49985.exe
      4⤵
      PID:4872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6085.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
        5⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        5⤵
        
        PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
      4⤵
      PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
      4⤵
      PID:3616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
      4⤵
      PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
      4⤵
      PID:4168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40112.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40112.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
      4⤵
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        5⤵
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        5⤵
        
        PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
      4⤵
      PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
      4⤵
      PID:3340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
      4⤵
      PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
      4⤵
      PID:4124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
    3⤵
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54111.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58023.exe
      4⤵
      PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
      4⤵
      PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12248.exe
      4⤵
      PID:4748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32919.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
    3⤵
    PID:1672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
    3⤵
    PID:3684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
    3⤵
    PID:3524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
    3⤵
    PID:4576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47884.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47884.exe
    3⤵
    PID:4104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24980.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7429.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        6⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
        6⤵
        
        PID:4756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12651.exe
        6⤵
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
        5⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        5⤵
        
        PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2944.exe
        5⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33597.exe
        5⤵
        
        PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61653.exe
        5⤵
        
        PID:4156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
        5⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
        5⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44931.exe
        5⤵
        
        PID:4056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60135.exe
        5⤵
        
        PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56817.exe
        5⤵
        
        PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15988.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55628.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40377.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22823.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45623.exe
        5⤵
        
        PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
      4⤵
      PID:608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
      4⤵
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17223.exe
      4⤵
      PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
      4⤵
      PID:5300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7839.exe
      4⤵
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
      4⤵
      PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
      4⤵
      PID:4276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17389.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43353.exe
      4⤵
      PID:5520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
    3⤵
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        5⤵
        
        PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35806.exe
        5⤵
        
        PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4645.exe
      4⤵
      PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46792.exe
      4⤵
      PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
    3⤵
    PID:1496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54448.exe
    3⤵
    PID:3608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
    3⤵
    PID:3872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22768.exe
    3⤵
    PID:4924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
    3⤵
    PID:4176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2336
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 200
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
  2⤵
  PID:2528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16191.exe
  2⤵
  PID:2952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
  2⤵
  PID:3264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53841.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53841.exe
  2⤵
  PID:3288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
  2⤵
  PID:4332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13671.exe
  2⤵
  PID:5424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe

Filesize
468KB

MD5
f89c4b875bd6632c1b0d685b68de312f

SHA1
bbd1008e03c6ec18c393555314b49223f07a95cd

SHA256
9f6ee481573311ff1f2620011129e8a94c98a7ada0668c41c0f61c57a38db888

SHA512
abb7015ca38630c9708ac79faba6422509fcc66b56bc475a2142a8caf33317ca30179bebb0972be99a115dd5761f21e078d19c340516168c2305b700ec9a6053

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe

Filesize
468KB

MD5
5fb4cd4d9d790c7cccf3cdc00be5dbb8

SHA1
6c83f0cab49fbd1be785afc243c1e29b461d7192

SHA256
6b3e37e0fd6b954c1bcca2e600d11e0da93a51fed73452cc33e0fc11b8fe8381

SHA512
fd6e5d1fad8180b684bb82aad39d5f193208784ea57370287df93fbf5eef88ae7b1146c86ba7272808533a2b0f1ad29ef5da7e6d7a291942af69a35e1092665c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21822.exe

Filesize
468KB

MD5
3a6f1fe4977c076d6eafedcd12c82087

SHA1
686c1f5b4bbc250217ae0c574715ff9a1acaabf6

SHA256
5bbfa063027a56ca277a036d6c663a6238f474d9bb2776911e67cb0ef1c94a77

SHA512
e432cb62a31417ba5c178c424f052eaefb99550e18d74f42aadb2f7581bb10d7668ba4135dfe0221d79f7cca0021b32892709fd905438adaed97f59747dfb855

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe

Filesize
468KB

MD5
25aee414eead9c503117a5691da2e182

SHA1
98e8f2f64dadfffaf157f1d1269d06063e30b289

SHA256
b2f60035a8617f2019ec874f1b325a8984838e35bbbc474e5e3c4822e8a60b7e

SHA512
cacc2c64e960746b9c6e1461a5ca0496d8726d3e53f44762fe88aa8d8ee02b3a87d73f13c21fd2a32553a20fc3ca7b8be8f39346a5d7fab1cb16483d9747dece

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe

Filesize
468KB

MD5
cd8d82239bac5043317af7a8af921b24

SHA1
5cd5e08335d539e5605e74645c0968e584f736ea

SHA256
ca257210a3b72fb283e074b3b7a1a05234fb40d454e968068b39a9c7013faa50

SHA512
4dfee77f277a6ea4ed76afeb25cc29b59586749a913d7c7f31d582c54f4979ca4827fde01197045afb1fe50b0b1d39401e392dbddd80dfb4c0bc48259059a684

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5114.exe

Filesize
468KB

MD5
62bb8675b2722b56e82d52e97fa6800a

SHA1
e0304e00b9b2a22396ae93a898d43c8bdd309bf3

SHA256
199bb4c08b64a2b12ee225722f9a797e7a548e682f5beb5c6dc87c9ff7f966f7

SHA512
040afef765a27878d70ee0c636400ae3f582363ef95e7c4071658057c6586475e539926c710ff5f434bf69b179aaf2662d20e655da012f72989e8bc22358c69a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe

Filesize
468KB

MD5
dc85853c72ce91603e6c9504fa8ae3df

SHA1
e4002816f17e8837358e36728908eebe3d1fc5dc

SHA256
4db7d2fdb48b9eaba3cbed137c0b6237f2a06adb5b11f1152ee287a2a4eb5e54

SHA512
8c4c3ecd1d875aafbd952ffaa153a9d404b61f1d0865e759a4a5ac260f2fa1c53a85fc064163570b232f95814d8f21175008ee0b33884030963cfd0536632e9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8601.exe

Filesize
468KB

MD5
f55a7ab31c06acea621322fe82ecdc55

SHA1
a7f9b4f0353fb82af4f2023a5288133b8a7f3912

SHA256
7ede55857a80681a36b9a66ac1a748f3232a3052cd42aede6587a4fb8cac4264

SHA512
79e1540a636f44591eec7629219ad1d6fc9b0be73889cd47f4f90e08066b887c74afd4dd15437e0ac6f5d46e3c83a7c3c43243ebe58d84cf537ba4840b3d04f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe

Filesize
468KB

MD5
4a6ae9ab3b695a3129382579180f7d05

SHA1
3ea3940bd1d97d91d464e9a2934c243c3c96c131

SHA256
e340703ce0a05ebe97f3c242104c07368391aed05204db08c9f37f7e5a7ffc84

SHA512
dc46b384e001039b7bbfa9018249bfffacf85182740df68b0e1f1db3a29fee1dbdf1f040d1ca8e5aa690a8aad27af2f4d597b33cd885875599c09431aeaabe0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe

Filesize
468KB

MD5
b05a6d30b9155d4a59a4ee0fadd60758

SHA1
62e702e09cd03ae6d4de0bbd5888ac692890795b

SHA256
8fea616eeddb9aa87c46cacc3c46c8205cbd97dd6bd48f699dea9998182ebd94

SHA512
d4bc6dc761896cfcc4b6bb7208d07d060218872614ad762fab346f56ca1fba3efdb4d6782f0e1f63e680651b3cd67f2daa0d740bcafcb5acee6d40ff18ad8352

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21760.exe

Filesize
468KB

MD5
02537582572fbc61a0ea67d602155b56

SHA1
b0625e7a3973860050c9c984905aa4c299dc639b

SHA256
c31daf0e8fd8c25bcfbcd081b36f57ec7e0658858f54d495409b1af4a91e8a29

SHA512
465832788bfe7319bb14b0d23cb6f38aef4599382eb1e5c11501326af12c1ff0db6263d9e21f7257cfa13758a458177cd903b8c1e89cfe8354e6733c221689ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2312.exe

Filesize
468KB

MD5
478755c7a4a01fe18c41ec245f3df7b1

SHA1
85f1b377a53b9ccdeb5e1093dae2f9635386bbe7

SHA256
9dd714e82991c00a96f7a9f9616d7785ce681aff0c9dc30caa12f128fa72885a

SHA512
2eac42478628d5aa9b377945ace4e87fee75e3e9b6d68514d9894565436240fe9d15085e0e49d3c14de542e146fee66b16df3f6145582bf6413498aea9e80748

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24980.exe

Filesize
468KB

MD5
bec9b82185a25d03364462254a91939d

SHA1
269699e3ff54bc7f8edfac62dc48e0babec6da34

SHA256
d0c66decf23ba10fddeb7c15869172aa7195df1abeba499160176a2e9927ad58

SHA512
bac8f921a574ef431ca7809df3b44ddbae9110b527a3876600ac9c7ded080d4d542d68008be3520cd1a6ef4071ec8a989cd8200be66b2313fcba7e9ba9815d14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe

Filesize
468KB

MD5
88899ac9d9b3cdd195ae14ccc7785a40

SHA1
cd1f44dc93fd03f6e06ab9d777459a53d6097f59

SHA256
750351a9c56f59a039ad32d81b63c682296799eb6b4e2a24d1cd28882568b912

SHA512
86b0c02bea1e7862686deaf17da8de98dedbb7f4ada8161cfd2dabfc4faa58be254381dffcb93f82f8b135da07c9c95df0830cf82f751bab6200d7cb7f986a16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51432.exe

Filesize
468KB

MD5
76787397dd03f3a1938d503341ea7c69

SHA1
2924f4afe1045c284208770ab71a9be98796c13a

SHA256
537088512d279c908bc2bd6e80036e0cfb6084f814ea02f99c9fb4e32d3a009e

SHA512
c2691f3a90a78b9717708eeef9e900b3c612879e3d9703a9fff41cccae33e63f4042352cc4fb7c80c2d81c6ed4b786d74c882cf11d03b3c55f8f4d439f126114

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe

Filesize
468KB

MD5
2f60940f7ec748f178ae0d941b47ff01

SHA1
9ac1c3f673be83d4139c3f2c654f0437c50c3753

SHA256
790d25ec112314b6722853af3425e3fed30d7e4dc01dc999669c14847f3afc76

SHA512
50f58b4ce82aa4a78aa019ba31c06f9c6ec172361c9e9a56d80fa808a710376948f1db6cabaf76ddb72dbc58c416afa70b38e50248cdc4c8eecd6a54a6d46d50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe

Filesize
468KB

MD5
c1b550fccf30f7ee9bd3fb0127ee3560

SHA1
a4164a4762621282aad362a0790b1164bfd5b982

SHA256
46138e3de47e1045eef049bc232a2f5c38d1df2c377c89e174882ad3ecdd9a19

SHA512
b499eabf6da0769f3a6f045fdde134b7aab4b80a0301e53290c56194572c0bb15bb6bd226091bfded6b1dff5236336dc4b04b50548d29b4a778e0a56025bdb34

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe

Filesize
468KB

MD5
5087e6415ad7bd6c59f6064e5f1d3e19

SHA1
2bd90e372158fd11f4ab29869e100308de29c6fd

SHA256
b8a453b657f984999cd17929031d0a901e99b87ef3cb3896960a5883f9e02e50

SHA512
dcd4b6e902a624a33caedcecda128bec3e2f4d13e40adf3c99fa9498e8728948497519c3123a400d4165ee92c1b58ad979adc1b93eb794a6ab0f13cbc185bb9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-80.exe

Filesize
468KB

MD5
103f5cc72aeca113832f507568b79265

SHA1
aed8b570976b6dc093bc66a1a876697d6fb84c5d

SHA256
86d0499ceaacd6d86d6dabb3d8ceb5eabbd293e8be13767eb41f3acd0b42c57d

SHA512
40bae81504ae7ab1be1b9c23a919fb37a01581dc186fab2bcbf17fd6e9451dcaaae3b4eebd68011462612bc24a80c37ac6dd7ad48fc47c1bebb3432eb25c7b9a

Download Submit