8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 09:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe
Size

468KB
MD5

738c28b40e0f096665410bb792668e40
SHA1

a99ef03c9cfab82a17c855d1727f0708466079c3
SHA256

8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254
SHA512

32074d9efb583b6ff6b6beb05e83a51bf044b7c8d13bcf135108dbcb0974d454be809e0948e38dd173f889c6e415378f6a6e18db92055e3f700368fce4c0c2dc
SSDEEP

3072:1qm8ognxj28U7bY2Pz3hqf8/lCZjQlpTPmHx8/0kRDd+BA4N+Ml3:1qhoAXU71PDhqfSj2oRDIW4N+

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1936	Unicorn-1013.exe
2888	Unicorn-18824.exe
2940	Unicorn-15294.exe
2996	Unicorn-57967.exe
2564	Unicorn-16935.exe
2712	Unicorn-23056.exe
1236	Unicorn-17489.exe
2404	Unicorn-9809.exe
2052	Unicorn-51444.exe
2272	Unicorn-26001.exe
748	Unicorn-10027.exe
2976	Unicorn-29893.exe
2368	Unicorn-31930.exe
2380	Unicorn-33712.exe
1084	Unicorn-33977.exe
1816	Unicorn-46696.exe
1504	Unicorn-55419.exe
948	Unicorn-51932.exe
1044	Unicorn-17021.exe
2140	Unicorn-24112.exe
1992	Unicorn-65507.exe
1688	Unicorn-35679.exe
1056	Unicorn-10982.exe
844	Unicorn-40650.exe
1556	Unicorn-5703.exe
2304	Unicorn-48398.exe
1664	Unicorn-33924.exe
2372	Unicorn-53790.exe
2860	Unicorn-53790.exe
2892	Unicorn-57682.exe
2824	Unicorn-9228.exe
2588	Unicorn-61766.exe
2872	Unicorn-4397.exe
2804	Unicorn-44668.exe
3020	Unicorn-45684.exe
2684	Unicorn-12.exe
2652	Unicorn-59005.exe
2856	Unicorn-45684.exe
1580	Unicorn-16349.exe
1932	Unicorn-59419.exe
2756	Unicorn-4294.exe
2768	Unicorn-58896.exe
2864	Unicorn-13224.exe
2656	Unicorn-13224.exe
1124	Unicorn-12959.exe
964	Unicorn-39575.exe
2216	Unicorn-45705.exe
2004	Unicorn-13395.exe
2396	Unicorn-49597.exe
1608	Unicorn-30064.exe
1752	Unicorn-4371.exe
2568	Unicorn-48839.exe
1952	Unicorn-59467.exe
548	Unicorn-19181.exe
328	Unicorn-34769.exe
1568	Unicorn-47791.exe
1496	Unicorn-44070.exe
1920	Unicorn-18819.exe
2336	Unicorn-58897.exe
2916	Unicorn-44631.exe
2664	Unicorn-34224.exe
928	Unicorn-19743.exe
1652	Unicorn-64750.exe
3028	Unicorn-44693.exe

Loads dropped DLL 64 IoCs

pid	Process
1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe
1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe
1936	Unicorn-1013.exe
1936	Unicorn-1013.exe
1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe
1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe
2940	Unicorn-15294.exe
2940	Unicorn-15294.exe
2888	Unicorn-18824.exe
2888	Unicorn-18824.exe
1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe
1936	Unicorn-1013.exe
1936	Unicorn-1013.exe
1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe
2996	Unicorn-57967.exe
2996	Unicorn-57967.exe
2940	Unicorn-15294.exe
2940	Unicorn-15294.exe
2712	Unicorn-23056.exe
2712	Unicorn-23056.exe
1236	Unicorn-17489.exe
1236	Unicorn-17489.exe
2888	Unicorn-18824.exe
2888	Unicorn-18824.exe
1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe
1936	Unicorn-1013.exe
2564	Unicorn-16935.exe
1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe
1936	Unicorn-1013.exe
2564	Unicorn-16935.exe
2404	Unicorn-9809.exe
2404	Unicorn-9809.exe
2996	Unicorn-57967.exe
2996	Unicorn-57967.exe
2052	Unicorn-51444.exe
2940	Unicorn-15294.exe
2940	Unicorn-15294.exe
2052	Unicorn-51444.exe
2272	Unicorn-26001.exe
2272	Unicorn-26001.exe
2712	Unicorn-23056.exe
2712	Unicorn-23056.exe
2368	Unicorn-31930.exe
2368	Unicorn-31930.exe
748	Unicorn-10027.exe
748	Unicorn-10027.exe
1936	Unicorn-1013.exe
1936	Unicorn-1013.exe
2888	Unicorn-18824.exe
2888	Unicorn-18824.exe
1816	Unicorn-46696.exe
1816	Unicorn-46696.exe
2404	Unicorn-9809.exe
2404	Unicorn-9809.exe
2380	Unicorn-33712.exe
1084	Unicorn-33977.exe
2380	Unicorn-33712.exe
1084	Unicorn-33977.exe
2976	Unicorn-29893.exe
2976	Unicorn-29893.exe
2564	Unicorn-16935.exe
2564	Unicorn-16935.exe
1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe
948	Unicorn-51932.exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4371.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31859.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57180.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59570.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35778.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34168.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54790.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45684.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55779.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37757.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54598.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45933.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31459.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8792.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48398.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39575.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6525.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56187.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4000.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29397.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23797.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37193.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56102.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46301.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47783.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11984.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20474.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15482.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65174.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23691.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29985.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16349.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48839.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44091.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14428.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4993.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46125.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40796.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49451.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59005.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35264.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe
1936	Unicorn-1013.exe
2940	Unicorn-15294.exe
2888	Unicorn-18824.exe
2996	Unicorn-57967.exe
1236	Unicorn-17489.exe
2712	Unicorn-23056.exe
2564	Unicorn-16935.exe
2404	Unicorn-9809.exe
2052	Unicorn-51444.exe
2272	Unicorn-26001.exe
748	Unicorn-10027.exe
2368	Unicorn-31930.exe
2380	Unicorn-33712.exe
1084	Unicorn-33977.exe
2976	Unicorn-29893.exe
1816	Unicorn-46696.exe
948	Unicorn-51932.exe
1044	Unicorn-17021.exe
1992	Unicorn-65507.exe
2140	Unicorn-24112.exe
1504	Unicorn-55419.exe
1688	Unicorn-35679.exe
1056	Unicorn-10982.exe
844	Unicorn-40650.exe
1556	Unicorn-5703.exe
2304	Unicorn-48398.exe
1664	Unicorn-33924.exe
2892	Unicorn-57682.exe
1580	Unicorn-16349.exe
2856	Unicorn-45684.exe
2804	Unicorn-44668.exe
2588	Unicorn-61766.exe
2372	Unicorn-53790.exe
2652	Unicorn-59005.exe
2860	Unicorn-53790.exe
3020	Unicorn-45684.exe
2872	Unicorn-4397.exe
2684	Unicorn-12.exe
964	Unicorn-39575.exe
2864	Unicorn-13224.exe
2824	Unicorn-9228.exe
2768	Unicorn-58896.exe
2756	Unicorn-4294.exe
1124	Unicorn-12959.exe
2656	Unicorn-13224.exe
1932	Unicorn-59419.exe
2004	Unicorn-13395.exe
2216	Unicorn-45705.exe
2396	Unicorn-49597.exe
1608	Unicorn-30064.exe
1752	Unicorn-4371.exe
2568	Unicorn-48839.exe
1952	Unicorn-59467.exe
548	Unicorn-19181.exe
328	Unicorn-34769.exe
1568	Unicorn-47791.exe
1920	Unicorn-18819.exe
2916	Unicorn-44631.exe
1496	Unicorn-44070.exe
2336	Unicorn-58897.exe
928	Unicorn-19743.exe
2664	Unicorn-34224.exe
1652	Unicorn-64750.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 1936	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	30
PID 1640 wrote to memory of 1936	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	30
PID 1640 wrote to memory of 1936	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	30
PID 1640 wrote to memory of 1936	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	30
PID 1936 wrote to memory of 2888	1936	Unicorn-1013.exe	31
PID 1936 wrote to memory of 2888	1936	Unicorn-1013.exe	31
PID 1936 wrote to memory of 2888	1936	Unicorn-1013.exe	31
PID 1936 wrote to memory of 2888	1936	Unicorn-1013.exe	31
PID 1640 wrote to memory of 2940	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	32
PID 1640 wrote to memory of 2940	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	32
PID 1640 wrote to memory of 2940	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	32
PID 1640 wrote to memory of 2940	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	32
PID 2940 wrote to memory of 2996	2940	Unicorn-15294.exe	33
PID 2940 wrote to memory of 2996	2940	Unicorn-15294.exe	33
PID 2940 wrote to memory of 2996	2940	Unicorn-15294.exe	33
PID 2940 wrote to memory of 2996	2940	Unicorn-15294.exe	33
PID 2888 wrote to memory of 2564	2888	Unicorn-18824.exe	34
PID 2888 wrote to memory of 2564	2888	Unicorn-18824.exe	34
PID 2888 wrote to memory of 2564	2888	Unicorn-18824.exe	34
PID 2888 wrote to memory of 2564	2888	Unicorn-18824.exe	34
PID 1936 wrote to memory of 1236	1936	Unicorn-1013.exe	36
PID 1936 wrote to memory of 1236	1936	Unicorn-1013.exe	36
PID 1936 wrote to memory of 1236	1936	Unicorn-1013.exe	36
PID 1936 wrote to memory of 1236	1936	Unicorn-1013.exe	36
PID 1640 wrote to memory of 2712	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	35
PID 1640 wrote to memory of 2712	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	35
PID 1640 wrote to memory of 2712	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	35
PID 1640 wrote to memory of 2712	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	35
PID 2996 wrote to memory of 2404	2996	Unicorn-57967.exe	37
PID 2996 wrote to memory of 2404	2996	Unicorn-57967.exe	37
PID 2996 wrote to memory of 2404	2996	Unicorn-57967.exe	37
PID 2996 wrote to memory of 2404	2996	Unicorn-57967.exe	37
PID 2940 wrote to memory of 2052	2940	Unicorn-15294.exe	38
PID 2940 wrote to memory of 2052	2940	Unicorn-15294.exe	38
PID 2940 wrote to memory of 2052	2940	Unicorn-15294.exe	38
PID 2940 wrote to memory of 2052	2940	Unicorn-15294.exe	38
PID 2712 wrote to memory of 2272	2712	Unicorn-23056.exe	39
PID 2712 wrote to memory of 2272	2712	Unicorn-23056.exe	39
PID 2712 wrote to memory of 2272	2712	Unicorn-23056.exe	39
PID 2712 wrote to memory of 2272	2712	Unicorn-23056.exe	39
PID 1236 wrote to memory of 2976	1236	Unicorn-17489.exe	40
PID 1236 wrote to memory of 2976	1236	Unicorn-17489.exe	40
PID 1236 wrote to memory of 2976	1236	Unicorn-17489.exe	40
PID 1236 wrote to memory of 2976	1236	Unicorn-17489.exe	40
PID 2888 wrote to memory of 748	2888	Unicorn-18824.exe	41
PID 2888 wrote to memory of 748	2888	Unicorn-18824.exe	41
PID 2888 wrote to memory of 748	2888	Unicorn-18824.exe	41
PID 2888 wrote to memory of 748	2888	Unicorn-18824.exe	41
PID 1640 wrote to memory of 2380	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	42
PID 1640 wrote to memory of 2380	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	42
PID 1640 wrote to memory of 2380	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	42
PID 1640 wrote to memory of 2380	1640	8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe	42
PID 1936 wrote to memory of 2368	1936	Unicorn-1013.exe	43
PID 1936 wrote to memory of 2368	1936	Unicorn-1013.exe	43
PID 1936 wrote to memory of 2368	1936	Unicorn-1013.exe	43
PID 1936 wrote to memory of 2368	1936	Unicorn-1013.exe	43
PID 2564 wrote to memory of 1084	2564	Unicorn-16935.exe	44
PID 2564 wrote to memory of 1084	2564	Unicorn-16935.exe	44
PID 2564 wrote to memory of 1084	2564	Unicorn-16935.exe	44
PID 2564 wrote to memory of 1084	2564	Unicorn-16935.exe	44
PID 2404 wrote to memory of 1816	2404	Unicorn-9809.exe	45
PID 2404 wrote to memory of 1816	2404	Unicorn-9809.exe	45
PID 2404 wrote to memory of 1816	2404	Unicorn-9809.exe	45
PID 2404 wrote to memory of 1816	2404	Unicorn-9809.exe	45

C:\Users\Admin\AppData\Local\Temp\8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe
"C:\Users\Admin\AppData\Local\Temp\8504b2a2299f1b23239f9b569a96f2d74bff205b3904a0bba64841cef0803254N.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18824.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33977.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8767.exe
        7⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
        7⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15877.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41313.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        7⤵
        
        PID:4792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
        6⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        6⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
        6⤵
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
        6⤵
        
        PID:4272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        6⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        6⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
        6⤵
        
        PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
        5⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        5⤵
        
        PID:3740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        5⤵
        
        PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20845.exe
        7⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50204.exe
        6⤵
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
        6⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
        6⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46125.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6408.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
        6⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-867.exe
        5⤵
        
        PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44091.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
        5⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
        5⤵
        
        PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5703.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        6⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
        6⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49481.exe
        6⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13349.exe
        6⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
        5⤵
        
        PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64737.exe
        5⤵
        
        PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9322.exe
        5⤵
        
        PID:992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18819.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31459.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        6⤵
        
        PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59980.exe
        5⤵
        
        PID:3164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
        5⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45933.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
      4⤵
      PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57710.exe
      4⤵
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51636.exe
      4⤵
      PID:3732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
      4⤵
      PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17489.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57350.exe
        6⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7962.exe
        6⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
        6⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
        6⤵
        
        PID:4488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37292.exe
        5⤵
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4457.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36482.exe
        5⤵
        
        PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        5⤵
        
        PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        5⤵
        
        PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63846.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2581.exe
        5⤵
        
        PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49876.exe
      4⤵
      PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40007.exe
      4⤵
      PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
      4⤵
      PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
      4⤵
      PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35679.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35679.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16349.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        6⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51439.exe
        6⤵
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49679.exe
        6⤵
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64151.exe
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46125.exe
        6⤵
        
        PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20930.exe
        5⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
        5⤵
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2698.exe
        5⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46125.exe
        5⤵
        
        PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58896.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
        5⤵
        
        PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
        5⤵
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58286.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
      4⤵
      PID:756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64444.exe
      4⤵
      PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
      4⤵
      PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
      4⤵
      PID:3376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40650.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
      4⤵
      PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8502.exe
      4⤵
      PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
      4⤵
      PID:4972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
      4⤵
      PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36320.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8852.exe
      4⤵
      PID:4064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8828.exe
    3⤵
    PID:2544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
    3⤵
    PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
    3⤵
    PID:3972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40401.exe
    3⤵
    PID:3488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48398.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4371.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18726.exe
        9⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62659.exe
        10⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
        10⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
        10⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        9⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49490.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47783.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
        8⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26466.exe
        7⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46655.exe
        7⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19181.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33877.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64738.exe
        7⤵
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
        6⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8502.exe
        6⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4052.exe
        6⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
        6⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-640.exe
        6⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
        6⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59002.exe
        6⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37696.exe
        6⤵
        
        PID:1736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34029.exe
        5⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46655.exe
        5⤵
        
        PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55419.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52690.exe
        6⤵
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        6⤵
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48665.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        6⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34168.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
        6⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55355.exe
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        5⤵
        
        PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
      4⤵
      PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42795.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42795.exe
      4⤵
      PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20474.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20474.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52077.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52077.exe
      4⤵
      PID:3924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51444.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
        6⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
        6⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51090.exe
        6⤵
        
        PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        5⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56001.exe
        6⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35998.exe
        6⤵
        
        PID:3352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
        6⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        5⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46633.exe
        5⤵
        
        PID:3544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
        5⤵
        
        PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
        6⤵
        
        PID:4380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
        5⤵
        
        PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57355.exe
        5⤵
        
        PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34224.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32332.exe
      4⤵
      PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56102.exe
      4⤵
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
      4⤵
      PID:1564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13224.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
        6⤵
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7100.exe
        6⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29397.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35264.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30346.exe
        5⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57412.exe
        5⤵
        
        PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
      4⤵
      Executes dropped EXE
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        5⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        5⤵
        
        PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61859.exe
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
      4⤵
      PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25363.exe
    3⤵
    PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10738.exe
    3⤵
    PID:2816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60100.exe
    3⤵
    PID:4056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25124.exe
    3⤵
    PID:3848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24112.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        6⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
        6⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        6⤵
        
        PID:3416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        6⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57355.exe
        6⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39208.exe
        5⤵
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39530.exe
        5⤵
        
        PID:4496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45684.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29985.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10109.exe
        5⤵
        
        PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65174.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59570.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
      4⤵
      PID:4076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13224.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35778.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
        6⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31859.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41950.exe
        6⤵
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        6⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6322.exe
        5⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45595.exe
        5⤵
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55424.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57794.exe
        5⤵
        
        PID:3208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
      4⤵
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40796.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
        5⤵
        
        PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
      4⤵
      PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
      4⤵
      PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
      4⤵
      PID:3160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39575.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39575.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65163.exe
      4⤵
      PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4000.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34029.exe
    3⤵
    PID:2468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47412.exe
    3⤵
    PID:3408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
    3⤵
    PID:4760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
      4⤵
      PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
      4⤵
      PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49490.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49490.exe
      4⤵
      PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
      4⤵
      PID:3532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12876.exe
      4⤵
      PID:3960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
    3⤵
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38792.exe
      4⤵
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53574.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13191.exe
      4⤵
      PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
      4⤵
      PID:3988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
    3⤵
    PID:1868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
    3⤵
    PID:3724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
    3⤵
    PID:3292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44668.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44668.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59467.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7049.exe
      4⤵
      PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16338.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
      4⤵
      PID:3760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23556.exe
    3⤵
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
      4⤵
      PID:4440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4993.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
    3⤵
    PID:3436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61878.exe
    3⤵
    PID:3948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47374.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47374.exe
    3⤵
    PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4000.exe
    3⤵
    PID:3576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24196.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24196.exe
  2⤵
  PID:2388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36179.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36179.exe
  2⤵
  PID:3152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23797.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16935.exe

Filesize
468KB

MD5
68c69baf2a43b30cd7dca9713c86bee5

SHA1
88597fde5ea6e26eb6d30ee51c15eabc6d3655cb

SHA256
62e511d8fb89f1a9a5d0b2b1976d3e2027d5102bb2875bcda9abe8f1634f5ed6

SHA512
d20df9cda7498df9f1211eb42a724fd0db51515006be1f23a52e292f3ef0199d6cf33510a9d2e15c6d41b4e108992d42d63b49737f440bce0f8ebb9c0fb8effb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17489.exe

Filesize
468KB

MD5
99bae6d46f5dec131c2921f016ebf528

SHA1
33b22b2cdb089454c4e30d59f3e63927bdd2b0ff

SHA256
e2da52183c84a4e110cdf67ff58cf6a1c3a56391b1b055b5db243e2872859fe0

SHA512
88f67ac4aece953f61709653987c4298d83118b830fe885a55bc015f7f150e72b23b387c66cec2ee0a58c26733b99651e2e8dd9b81081cc9f2959df5635ceab0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18824.exe

Filesize
468KB

MD5
b0c95579d885ac51ef3c39ac26f075a5

SHA1
d0fef3bb5ff8d24777d635ab4e1aa8b4fda4f546

SHA256
0dd901a6cfeb93a0e37c121fe3ea61eb065e095c78c69473b0f45f0beccdb969

SHA512
17a95068b28b44a0536d15c5541b589964036de15779d47b160e246ec617c14749ea1548038378cf3bcd5bc8ea0be66f3de6097f498778416a017d139b4e7089

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe

Filesize
468KB

MD5
978708f9c8dd324d3c4a2c7c63e02207

SHA1
ed47d576493a506545d144c7741d796426092cbd

SHA256
14c0cb2735493e8793fee4f144ec40dd4fd946875d80cfaebcdc083cdfc3c36f

SHA512
e65466b6ec0ae88ce58857ab884db8a372a3a4078a08bebe3b3cbc8c3b42dcfe77f367c1124976d41fac10a7d9bdc535745cf582c45e45c45aeaee32459a909a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe

Filesize
468KB

MD5
5f2af61d4b6b69da01806b6a435a6a05

SHA1
63c15785f4a9677bcc35573458e22cef57cedb97

SHA256
3b2277ce299e1d3b7e9dbb937e167a02eff64187169273dc68f00c0e5faf2833

SHA512
2c11e2e8c2b2616fc24876743b00e98a5b4de475ecb3f71544b043bf00c760d9d4ed823cb00ced5c31feab6815d911137470dbe6c080bc36fc5a28cdbdcbd076

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10027.exe

Filesize
468KB

MD5
3543de30dec0c3c7ddb924f42d8bc74d

SHA1
7b15f6fc4ef1ace20e4ead30f6f41208b783ef27

SHA256
c5e5996bb0ed14e2a27c081a53f57f5860fa509a64f36edf9af4da05c689a5d0

SHA512
6a21d8c1247868e98fa5d061c8aa489b120c034556c4f95f9488a8f930d1840cf06ba5454a2a90df12a4e7d79a3e3438e9d81c1c1a9a1a6264f62ef010eb93b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1013.exe

Filesize
468KB

MD5
311e6e88c5970f988adf7f33b0ae6f35

SHA1
dedfaea0dc2fd76a411fdd54816810bb052bd61c

SHA256
6047c9f3efc87554d998d28a9d73057b9eec092040b13bf61e5148df7b933157

SHA512
7be6c6c71a122657ad52bab3544b8c4d7b721fe48bf6a81b732f2e943314e434116f5c3dcc4f9e4aef6509faf5334720729d5fd4bddbaf31b4080ed1f6c3f1e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe

Filesize
468KB

MD5
d364bde0f44d8fd08a129b6534f9efb9

SHA1
5d0501309369f53bb1c3abbf49f9d12dd7519dff

SHA256
dfe2c38cb9e21bfcc99075a9cf1f4a549ab18c437ae6fa1202227af95a349deb

SHA512
08fba46ffdf53308d24df75be0059093112b872debd49aaa65b9f6e01245239c446db6935ff9f1d67a2e18233d7a267b1823c487034eb308f021b418cb0c4e17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe

Filesize
468KB

MD5
424527f084d5b8bb73a383959e76a69c

SHA1
d7b7b385422220265653c4872c04c06a8c8b5deb

SHA256
f34a884752f88bdd852fe63ef725e5bb52163f5037fc5be5d2dac277d6d11281

SHA512
630e1ba0483d9bf2523e9d4e8a787dca8fd311628ffabfb8c60389cf6c0b2c0c843b2f6f76dee496877f04a53d192dbcde80e387f9d5413bf812a41a8920b4da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe

Filesize
468KB

MD5
4842ce2d0d851be33bff0bf7282e277e

SHA1
94565ba9b885a7c85627653bb5091d02b7ae8d23

SHA256
9974b4623c3b2f9f086fccdade0ba884c8b6f1035403db4315f8053248033c78

SHA512
6b719de83e1d1824ab1368ee9178db6c11cbc9465e6c13cc7d0e8d5bea472db038b7a412cf965385c586e6d65e9526443b98772f4078fdf0e7c8ae85bd6a495c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe

Filesize
468KB

MD5
32564d6d8ef66866bb00ebc5b06f15d3

SHA1
3d0a3077c098d5a50d5c636aa8478c2dc0c12dc0

SHA256
cb7d64cd814a9da8469d2429b97aff2d4f609ae7a3df5ebfe7d55e323b4aa5c9

SHA512
4aea5e461eba0c99a422f205e4ec2f9583ad163c173d2e19e2a9fe60ae0abc0ccefd78e54ba403346ec6f0c972b218d1213366f5039eceaf234582fb9220c59c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31930.exe

Filesize
468KB

MD5
854f0727b31b7f4c4822e6e837fdaf2c

SHA1
f763c98ee3cc49ca510e246cb326559c709290fd

SHA256
db529a943e7c889b2f47e65bb6353f8fb383f01326270b7b795cc85ed0c5ff42

SHA512
2ed27074dea63c82bee644d54c8d3212f86c2005f5abc220762a9af1b15e135d2df5e4306cceaf123d8e98fd991c880451c5ee379f1289111c72bb32d3ad3989

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe

Filesize
468KB

MD5
b3e84e850d16cecac837c87a404f3db1

SHA1
90bc4678daf5bc4db8d5b58db249809504310b76

SHA256
28376b7f0aaef683cda570d26efeaab1cc2cbc272ac4ede314b881bb4ae41d91

SHA512
6386e758081303d23e0408ee6036306704e0854d8d82676c20baaa6dc75190bd3914a5eadc2035dd93cae6667241d74920f2e76cd3718aab2a1e179d49588367

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33977.exe

Filesize
468KB

MD5
71f72f961cd2d6399c12e9ebf4cbf32e

SHA1
86fbdf594c5764041940156870a3c448915627e3

SHA256
16c83c5909c0df5b0e823604dc220e0df57c50fa351a4332cbf9f8d4d204c21b

SHA512
64b665467213a65139069900dee1f9fccb1d41b00866cf8c2fad972d4749eaf3cd599b2e15260513ff46f9c4b44628d4288a4de24f881dfb56d71800cce981df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51444.exe

Filesize
468KB

MD5
6ee30b6f1d1809545ff2d35819aec449

SHA1
fc6eee8985b346a52107d568538004f008a2b628

SHA256
c9edb12414ebef02ead9e1a1dd892d6b1d90861bfd7ac264aecc88d1d8a167c7

SHA512
b7a361d567ec7c9b30fdc4e45674e377ed04bba7709ec6f66d8ba1b4faf35039f36572e6b93a20df70f13cb1650b2545fa98f909c19ed608c007bd9604725009

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe

Filesize
468KB

MD5
1a67a7532fe06cf2530414597947a775

SHA1
8d2531179f50d6c0f271d78955310fcb5af4cd41

SHA256
420e02b3cea6846828d93a543dead9045ff717e52487c4c23805e6e147b23e3e

SHA512
b47f7a71e5785ef95d75d69a2c75ef266dab5ec1dd8b00f7edc7762d22b7ddd34db7be5180d47dfe95fc74cd82a707cd8e965c5347885860c7889d50c54ea9cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55419.exe

Filesize
468KB

MD5
2f8f7b09119bbc32397965d3347658b9

SHA1
8aed65d20a1897e4e14c0646d02043ec4f71d27f

SHA256
3ddfc3669b612668862742e781d377cb22964da422760350415b9270a15e9833

SHA512
1b1fa7d7fa4c91c8333ca5eebcbaa7d70145b2bc84b9003a821129b07ba4b99918d2307b4b83baa43f1b5ba0a1c70d2a95556aeb60065d204e6013e4804b7ab2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe

Filesize
468KB

MD5
fe30cf54d9b03ebd4ebec963159b2560

SHA1
f140466cdf5e07027d0739b97ca2c2171c68090f

SHA256
406505cc6bf55bc2ef0872288cfc9f68467f26e8e37a35102e3dc9d51c109503

SHA512
1aa9cbb701cebc3cf7acb3ec13e2aed2165ba95701b9758f3208dc0a3b15c0823e5b46efc0264d31afdb4a4f1a5bb9241dd9695a487ee45954822b709cbfb289

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe

Filesize
468KB

MD5
bc548cec706f19a062193f5b1ddf53f4

SHA1
15fe2f6a606e0e23c6a2b33b8b116e6d872b92c3

SHA256
ee1f907db612974b8deef7f5013d132fc19116d52db1ff0217c9b90b7b70a90f

SHA512
28a1962dd78fc94eb72ae39894fdf7ca36eaa98bc8202772f38004c3902ac79cb946ed3bd8bd829450b6e8a6b70f30c4e5f0d24a266295e7aaa9411ed71552a7

Download Submit
memory/748-272-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/748-274-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/748-152-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/844-285-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/948-359-0x00000000031C0000-0x0000000003235000-memory.dmp

Filesize
468KB

Download
memory/948-231-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/948-357-0x00000000031C0000-0x0000000003235000-memory.dmp

Filesize
468KB

Download
memory/1044-232-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1056-273-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1084-323-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/1084-316-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/1084-179-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1236-80-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1236-389-0x0000000002540000-0x00000000025B5000-memory.dmp

Filesize
468KB

Download
memory/1236-149-0x0000000002540000-0x00000000025B5000-memory.dmp

Filesize
468KB

Download
memory/1236-380-0x0000000002540000-0x00000000025B5000-memory.dmp

Filesize
468KB

Download
memory/1504-212-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1556-296-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1580-398-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1640-32-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/1640-11-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/1640-10-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/1640-153-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/1640-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1640-363-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/1640-172-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/1640-364-0x0000000000360000-0x00000000003D5000-memory.dmp

Filesize
468KB

Download
memory/1664-319-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1688-397-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/1688-267-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1688-396-0x0000000002640000-0x00000000026B5000-memory.dmp

Filesize
468KB

Download
memory/1816-199-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1816-305-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/1816-304-0x0000000002470000-0x00000000024E5000-memory.dmp

Filesize
468KB

Download
memory/1932-399-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-154-0x0000000001D70000-0x0000000001DE5000-memory.dmp

Filesize
468KB

Download
memory/1936-283-0x0000000001D70000-0x0000000001DE5000-memory.dmp

Filesize
468KB

Download
memory/1936-284-0x0000000001D70000-0x0000000001DE5000-memory.dmp

Filesize
468KB

Download
memory/1936-31-0x0000000001D70000-0x0000000001DE5000-memory.dmp

Filesize
468KB

Download
memory/1936-13-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-168-0x0000000001D70000-0x0000000001DE5000-memory.dmp

Filesize
468KB

Download
memory/1992-252-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2052-229-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2052-390-0x00000000028D0000-0x0000000002945000-memory.dmp

Filesize
468KB

Download
memory/2140-360-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2140-358-0x0000000002940000-0x00000000029B5000-memory.dmp

Filesize
468KB

Download
memory/2140-240-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2272-239-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2272-391-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2272-238-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2272-400-0x0000000000480000-0x00000000004F5000-memory.dmp

Filesize
468KB

Download
memory/2272-119-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2304-306-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2368-266-0x0000000002840000-0x00000000028B5000-memory.dmp

Filesize
468KB

Download
memory/2368-261-0x0000000002840000-0x00000000028B5000-memory.dmp

Filesize
468KB

Download
memory/2368-173-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2372-321-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-178-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2380-320-0x00000000028F0000-0x0000000002965000-memory.dmp

Filesize
468KB

Download
memory/2404-200-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/2404-317-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/2404-315-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/2404-198-0x00000000025F0000-0x0000000002665000-memory.dmp

Filesize
468KB

Download
memory/2404-96-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2564-60-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2564-169-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2564-167-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2564-340-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2564-339-0x0000000002510000-0x0000000002585000-memory.dmp

Filesize
468KB

Download
memory/2588-361-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2652-394-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2684-392-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2712-250-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2712-251-0x00000000028A0000-0x0000000002915000-memory.dmp

Filesize
468KB

Download
memory/2712-76-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2804-365-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2824-356-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2856-395-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2872-362-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2888-150-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2888-295-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2888-294-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2888-151-0x00000000025E0000-0x0000000002655000-memory.dmp

Filesize
468KB

Download
memory/2892-341-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2940-48-0x0000000003410000-0x0000000003485000-memory.dmp

Filesize
468KB

Download
memory/2940-102-0x0000000003410000-0x0000000003485000-memory.dmp

Filesize
468KB

Download
memory/2940-49-0x00000000027A0000-0x0000000002815000-memory.dmp

Filesize
468KB

Download
memory/2940-35-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2940-230-0x00000000027A0000-0x0000000002815000-memory.dmp

Filesize
468KB

Download
memory/2940-228-0x00000000027A0000-0x0000000002815000-memory.dmp

Filesize
468KB

Download
memory/2976-337-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2976-338-0x0000000002630000-0x00000000026A5000-memory.dmp

Filesize
468KB

Download
memory/2976-170-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2996-393-0x0000000002550000-0x00000000025C5000-memory.dmp

Filesize
468KB

Download
memory/2996-203-0x0000000002550000-0x00000000025C5000-memory.dmp

Filesize
468KB

Download
memory/2996-210-0x0000000002550000-0x00000000025C5000-memory.dmp

Filesize
468KB

Download