c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe
Size

468KB
MD5

3b1bcdf9970ed92c02d78cca8e0d7239
SHA1

94d5951baea884616536f0b4c9ac8bd0a9a82d40
SHA256

c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd
SHA512

b2fc37d63157c0b72bfd3ee63e51fc0c183e3c7d765e3e3f52df14272e70b4fd9c0e71d73b3f0c2ef15e28413894c4066cde97d9593ca2811601311296f64eae
SSDEEP

3072:4belogxaIU57tbYTPzcfmbfD/n2DnsIH9HmyeQV4zE5Kkkh3uxulER:4b4oCc7t8P4fmbfrakNE5D83uxj

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2040	Unicorn-30033.exe
2388	Unicorn-34247.exe
2752	Unicorn-63198.exe
2988	Unicorn-35290.exe
2908	Unicorn-45165.exe
2820	Unicorn-26227.exe
1268	Unicorn-10759.exe
2592	Unicorn-34147.exe
2080	Unicorn-11911.exe
1752	Unicorn-11454.exe
2944	Unicorn-5589.exe
872	Unicorn-11719.exe
1908	Unicorn-33723.exe
1588	Unicorn-29639.exe
2116	Unicorn-2565.exe
2248	Unicorn-20192.exe
856	Unicorn-13686.exe
700	Unicorn-30215.exe
980	Unicorn-21284.exe
956	Unicorn-14433.exe
1396	Unicorn-30215.exe
612	Unicorn-49374.exe
1760	Unicorn-29508.exe
1536	Unicorn-20520.exe
332	Unicorn-3053.exe
1556	Unicorn-61169.exe
3000	Unicorn-11413.exe
2300	Unicorn-43571.exe
108	Unicorn-2944.exe
1336	Unicorn-60484.exe
2484	Unicorn-14812.exe
2536	Unicorn-41163.exe
1668	Unicorn-55461.exe
2072	Unicorn-6799.exe
2244	Unicorn-58999.exe
2844	Unicorn-65129.exe
2832	Unicorn-65129.exe
2836	Unicorn-17774.exe
2716	Unicorn-4039.exe
2736	Unicorn-23905.exe
2636	Unicorn-60661.exe
2748	Unicorn-60396.exe
2668	Unicorn-61024.exe
1296	Unicorn-6115.exe
2596	Unicorn-49047.exe
2052	Unicorn-60744.exe
2516	Unicorn-14481.exe
1492	Unicorn-35856.exe
2584	Unicorn-52555.exe
436	Unicorn-39748.exe
2600	Unicorn-47214.exe
576	Unicorn-53344.exe
672	Unicorn-14157.exe
2224	Unicorn-53152.exe
2232	Unicorn-41262.exe
2196	Unicorn-45155.exe
2004	Unicorn-44600.exe
1744	Unicorn-40516.exe
2376	Unicorn-313.exe
1552	Unicorn-53022.exe
1856	Unicorn-29115.exe
1572	Unicorn-18708.exe
2580	Unicorn-32815.exe
2540	Unicorn-11500.exe

Loads dropped DLL 64 IoCs

pid	Process
3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe
3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe
2040	Unicorn-30033.exe
3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe
2040	Unicorn-30033.exe
3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe
2388	Unicorn-34247.exe
2388	Unicorn-34247.exe
2040	Unicorn-30033.exe
2040	Unicorn-30033.exe
3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe
3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe
2800	WerFault.exe
2800	WerFault.exe
2800	WerFault.exe
2800	WerFault.exe
2800	WerFault.exe
2800	WerFault.exe
2800	WerFault.exe
2988	Unicorn-35290.exe
2388	Unicorn-34247.exe
2988	Unicorn-35290.exe
2388	Unicorn-34247.exe
2908	Unicorn-45165.exe
2908	Unicorn-45165.exe
3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe
3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe
2820	Unicorn-26227.exe
2040	Unicorn-30033.exe
2040	Unicorn-30033.exe
2820	Unicorn-26227.exe
1268	Unicorn-10759.exe
2592	Unicorn-34147.exe
1268	Unicorn-10759.exe
2592	Unicorn-34147.exe
2988	Unicorn-35290.exe
2988	Unicorn-35290.exe
2388	Unicorn-34247.exe
2388	Unicorn-34247.exe
2080	Unicorn-11911.exe
2080	Unicorn-11911.exe
3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe
2908	Unicorn-45165.exe
3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe
872	Unicorn-11719.exe
1752	Unicorn-11454.exe
872	Unicorn-11719.exe
2908	Unicorn-45165.exe
1752	Unicorn-11454.exe
2944	Unicorn-5589.exe
2944	Unicorn-5589.exe
2820	Unicorn-26227.exe
2820	Unicorn-26227.exe
2040	Unicorn-30033.exe
2040	Unicorn-30033.exe
1908	Unicorn-33723.exe
1908	Unicorn-33723.exe
1268	Unicorn-10759.exe
1268	Unicorn-10759.exe
1588	Unicorn-29639.exe
1588	Unicorn-29639.exe
2592	Unicorn-34147.exe
2592	Unicorn-34147.exe
856	Unicorn-13686.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2800	2752	WerFault.exe	32

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5512.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22281.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58561.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-441.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50171.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39810.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63674.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62120.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54064.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47945.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24507.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49374.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3601.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22158.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61024.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41262.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40712.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6555.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34550.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15437.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58455.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11911.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16592.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32815.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17732.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29283.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23905.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44522.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9367.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39748.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8090.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1583.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25868.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34440.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28432.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10327.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-313.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58038.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8312.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe
2040	Unicorn-30033.exe
2388	Unicorn-34247.exe
2752	Unicorn-63198.exe
2988	Unicorn-35290.exe
2908	Unicorn-45165.exe
2820	Unicorn-26227.exe
2592	Unicorn-34147.exe
1268	Unicorn-10759.exe
872	Unicorn-11719.exe
2080	Unicorn-11911.exe
1752	Unicorn-11454.exe
2944	Unicorn-5589.exe
1908	Unicorn-33723.exe
1588	Unicorn-29639.exe
2116	Unicorn-2565.exe
856	Unicorn-13686.exe
2248	Unicorn-20192.exe
956	Unicorn-14433.exe
980	Unicorn-21284.exe
1396	Unicorn-30215.exe
700	Unicorn-30215.exe
612	Unicorn-49374.exe
1760	Unicorn-29508.exe
1536	Unicorn-20520.exe
332	Unicorn-3053.exe
3000	Unicorn-11413.exe
1556	Unicorn-61169.exe
2300	Unicorn-43571.exe
108	Unicorn-2944.exe
1336	Unicorn-60484.exe
2484	Unicorn-14812.exe
2536	Unicorn-41163.exe
1668	Unicorn-55461.exe
2716	Unicorn-4039.exe
2844	Unicorn-65129.exe
2244	Unicorn-58999.exe
2072	Unicorn-6799.exe
2836	Unicorn-17774.exe
2736	Unicorn-23905.exe
2832	Unicorn-65129.exe
2668	Unicorn-61024.exe
1296	Unicorn-6115.exe
2636	Unicorn-60661.exe
2748	Unicorn-60396.exe
2596	Unicorn-49047.exe
2052	Unicorn-60744.exe
2516	Unicorn-14481.exe
1492	Unicorn-35856.exe
436	Unicorn-39748.exe
576	Unicorn-53344.exe
2584	Unicorn-52555.exe
672	Unicorn-14157.exe
2600	Unicorn-47214.exe
2224	Unicorn-53152.exe
2232	Unicorn-41262.exe
2196	Unicorn-45155.exe
2004	Unicorn-44600.exe
1744	Unicorn-40516.exe
2376	Unicorn-313.exe
1552	Unicorn-53022.exe
1856	Unicorn-29115.exe
2580	Unicorn-32815.exe
1572	Unicorn-18708.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2040	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	30
PID 3040 wrote to memory of 2040	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	30
PID 3040 wrote to memory of 2040	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	30
PID 3040 wrote to memory of 2040	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	30
PID 2040 wrote to memory of 2388	2040	Unicorn-30033.exe	31
PID 2040 wrote to memory of 2388	2040	Unicorn-30033.exe	31
PID 2040 wrote to memory of 2388	2040	Unicorn-30033.exe	31
PID 2040 wrote to memory of 2388	2040	Unicorn-30033.exe	31
PID 3040 wrote to memory of 2752	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	32
PID 3040 wrote to memory of 2752	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	32
PID 3040 wrote to memory of 2752	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	32
PID 3040 wrote to memory of 2752	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	32
PID 2388 wrote to memory of 2988	2388	Unicorn-34247.exe	33
PID 2388 wrote to memory of 2988	2388	Unicorn-34247.exe	33
PID 2388 wrote to memory of 2988	2388	Unicorn-34247.exe	33
PID 2388 wrote to memory of 2988	2388	Unicorn-34247.exe	33
PID 2040 wrote to memory of 2908	2040	Unicorn-30033.exe	34
PID 2040 wrote to memory of 2908	2040	Unicorn-30033.exe	34
PID 2040 wrote to memory of 2908	2040	Unicorn-30033.exe	34
PID 2040 wrote to memory of 2908	2040	Unicorn-30033.exe	34
PID 3040 wrote to memory of 2820	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	35
PID 3040 wrote to memory of 2820	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	35
PID 3040 wrote to memory of 2820	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	35
PID 3040 wrote to memory of 2820	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	35
PID 2752 wrote to memory of 2800	2752	Unicorn-63198.exe	36
PID 2752 wrote to memory of 2800	2752	Unicorn-63198.exe	36
PID 2752 wrote to memory of 2800	2752	Unicorn-63198.exe	36
PID 2752 wrote to memory of 2800	2752	Unicorn-63198.exe	36
PID 2988 wrote to memory of 1268	2988	Unicorn-35290.exe	37
PID 2988 wrote to memory of 1268	2988	Unicorn-35290.exe	37
PID 2988 wrote to memory of 1268	2988	Unicorn-35290.exe	37
PID 2988 wrote to memory of 1268	2988	Unicorn-35290.exe	37
PID 2388 wrote to memory of 2592	2388	Unicorn-34247.exe	38
PID 2388 wrote to memory of 2592	2388	Unicorn-34247.exe	38
PID 2388 wrote to memory of 2592	2388	Unicorn-34247.exe	38
PID 2388 wrote to memory of 2592	2388	Unicorn-34247.exe	38
PID 2908 wrote to memory of 2080	2908	Unicorn-45165.exe	39
PID 2908 wrote to memory of 2080	2908	Unicorn-45165.exe	39
PID 2908 wrote to memory of 2080	2908	Unicorn-45165.exe	39
PID 2908 wrote to memory of 2080	2908	Unicorn-45165.exe	39
PID 3040 wrote to memory of 1752	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	40
PID 3040 wrote to memory of 1752	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	40
PID 3040 wrote to memory of 1752	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	40
PID 3040 wrote to memory of 1752	3040	c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe	40
PID 2040 wrote to memory of 2944	2040	Unicorn-30033.exe	42
PID 2040 wrote to memory of 2944	2040	Unicorn-30033.exe	42
PID 2040 wrote to memory of 2944	2040	Unicorn-30033.exe	42
PID 2040 wrote to memory of 2944	2040	Unicorn-30033.exe	42
PID 2820 wrote to memory of 872	2820	Unicorn-26227.exe	41
PID 2820 wrote to memory of 872	2820	Unicorn-26227.exe	41
PID 2820 wrote to memory of 872	2820	Unicorn-26227.exe	41
PID 2820 wrote to memory of 872	2820	Unicorn-26227.exe	41
PID 1268 wrote to memory of 1908	1268	Unicorn-10759.exe	43
PID 1268 wrote to memory of 1908	1268	Unicorn-10759.exe	43
PID 1268 wrote to memory of 1908	1268	Unicorn-10759.exe	43
PID 1268 wrote to memory of 1908	1268	Unicorn-10759.exe	43
PID 2592 wrote to memory of 1588	2592	Unicorn-34147.exe	44
PID 2592 wrote to memory of 1588	2592	Unicorn-34147.exe	44
PID 2592 wrote to memory of 1588	2592	Unicorn-34147.exe	44
PID 2592 wrote to memory of 1588	2592	Unicorn-34147.exe	44
PID 2988 wrote to memory of 2116	2988	Unicorn-35290.exe	45
PID 2988 wrote to memory of 2116	2988	Unicorn-35290.exe	45
PID 2988 wrote to memory of 2116	2988	Unicorn-35290.exe	45
PID 2988 wrote to memory of 2116	2988	Unicorn-35290.exe	45

C:\Users\Admin\AppData\Local\Temp\c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe
"C:\Users\Admin\AppData\Local\Temp\c63608d0ed5ec517f7c57eee79ab17dfff3985433dddc63c10c509e4165bfafd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35290.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3053.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53152.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        9⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15437.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        9⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe
        9⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44522.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        8⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        8⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19271.exe
        8⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
        8⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10400.exe
        7⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11163.exe
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        7⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
        7⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53344.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43744.exe
        9⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        9⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59611.exe
        9⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        9⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27578.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        8⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        8⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55217.exe
        7⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8601.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29775.exe
        8⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        8⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60800.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        7⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14157.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40874.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
        8⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50166.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-702.exe
        8⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        8⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56307.exe
        7⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63797.exe
        7⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        7⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        7⤵
        
        PID:5364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4812.exe
        6⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36358.exe
        7⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        7⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56417.exe
        6⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54027.exe
        7⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        7⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        7⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        6⤵
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41948.exe
        6⤵
        
        PID:3248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
        6⤵
        
        PID:4268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56403.exe
        6⤵
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58038.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10585.exe
        7⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        7⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
        7⤵
        
        PID:5520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12534.exe
        6⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25395.exe
        6⤵
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
        6⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18074.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        6⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17774.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
        6⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        6⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48302.exe
        6⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
        6⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35726.exe
        5⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe
        5⤵
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28966.exe
        5⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13609.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56403.exe
        5⤵
        
        PID:5428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34147.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29639.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11413.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35856.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8746.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        8⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16592.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        7⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
        7⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        7⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        7⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23467.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51743.exe
        8⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14174.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
        7⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        7⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60976.exe
        6⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24510.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30290.exe
        7⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        7⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:5044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45835.exe
        6⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43618.exe
        6⤵
        
        PID:4076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41919.exe
        6⤵
        
        PID:4548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        6⤵
        
        PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39748.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        7⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18531.exe
        7⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        7⤵
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        7⤵
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40712.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        6⤵
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47234.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
        6⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
        6⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21115.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        6⤵
        
        PID:4440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        6⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
        5⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2192.exe
        5⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        5⤵
        
        PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23905.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56795.exe
        6⤵
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        6⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        6⤵
        
        PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41589.exe
        5⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48286.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14177.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        5⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16741.exe
        5⤵
        
        PID:5916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4854.exe
        5⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        5⤵
        
        PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43192.exe
        5⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        5⤵
        
        PID:5668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44165.exe
      4⤵
      PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28950.exe
      4⤵
      PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe
      4⤵
      PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56403.exe
      4⤵
      PID:5268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45165.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11911.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40516.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57021.exe
        8⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        8⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24848.exe
        8⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4880.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe
        7⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61445.exe
        7⤵
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29554.exe
        7⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        7⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        7⤵
        
        PID:4216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7323.exe
        6⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        6⤵
        
        PID:3612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43922.exe
        6⤵
        
        PID:4224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        6⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5077.exe
        6⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        7⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
        7⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        7⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        7⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44216.exe
        6⤵
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        6⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        6⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        6⤵
        
        PID:5676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2647.exe
        5⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43861.exe
        6⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
        6⤵
        
        PID:4140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1363.exe
        6⤵
        
        PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33775.exe
        5⤵
        
        PID:528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54172.exe
        5⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14812.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44600.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37067.exe
        8⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        8⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        7⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        7⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        6⤵
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        6⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        6⤵
        
        PID:4344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        6⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-313.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        6⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        6⤵
        
        PID:3164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-441.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        6⤵
        
        PID:4504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        6⤵
        
        PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30327.exe
        5⤵
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
        5⤵
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54796.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17991.exe
        5⤵
        
        PID:4396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        5⤵
        
        PID:5548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        5⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        5⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10327.exe
        5⤵
        
        PID:5056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13118.exe
        5⤵
        
        PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
      4⤵
      PID:1692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
      4⤵
      PID:3520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
      4⤵
      PID:4184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27932.exe
        6⤵
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12812.exe
        6⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50946.exe
        6⤵
        
        PID:4900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
        5⤵
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26163.exe
        5⤵
        
        PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50083.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58455.exe
        5⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4039.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
        5⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
        6⤵
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        6⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37176.exe
        5⤵
        
        PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55444.exe
        5⤵
        
        PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        5⤵
        
        PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
      4⤵
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
        5⤵
        
        PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54064.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54151.exe
      4⤵
      PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30243.exe
      4⤵
      PID:4108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
      4⤵
      PID:5560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60220.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18753.exe
        5⤵
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        5⤵
        
        PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27387.exe
        5⤵
        
        PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44247.exe
      4⤵
      PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
      4⤵
      PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
      4⤵
      PID:4588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
      4⤵
      PID:5404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14481.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14481.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1569.exe
      4⤵
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26448.exe
        5⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        6⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
        6⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:4712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        6⤵
        
        PID:4280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11660.exe
        5⤵
        
        PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41909.exe
        5⤵
        
        PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26234.exe
      4⤵
      PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46418.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30525.exe
      4⤵
      PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
      4⤵
      PID:5388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41256.exe
    3⤵
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
      4⤵
      PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30482.exe
      4⤵
      PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
      4⤵
      PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
      4⤵
      PID:5144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34768.exe
    3⤵
    PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53582.exe
    3⤵
    PID:3552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32119.exe
    3⤵
    PID:4572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
    3⤵
    PID:5092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26227.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26227.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6115.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10723.exe
        6⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12808.exe
        6⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49669.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49703.exe
        6⤵
        
        PID:4852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        6⤵
        
        PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
        5⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30724.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        6⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        6⤵
        
        PID:4424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        6⤵
        
        PID:5244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57951.exe
        5⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56367.exe
        5⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
        5⤵
        
        PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32815.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29681.exe
        6⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55510.exe
        6⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59611.exe
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26151.exe
        5⤵
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
        5⤵
        
        PID:4116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3738.exe
        5⤵
        
        PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11500.exe
      4⤵
      Executes dropped EXE
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18197.exe
        5⤵
        
        PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
        5⤵
        
        PID:4748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43923.exe
        5⤵
        
        PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50796.exe
      4⤵
      PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2419.exe
      4⤵
      PID:3644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
      4⤵
      PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48425.exe
      4⤵
      PID:4200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29508.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32208.exe
        5⤵
        
        PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
        5⤵
        
        PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
        5⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59114.exe
        5⤵
        
        PID:4804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        5⤵
        
        PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52991.exe
      4⤵
      PID:296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
      4⤵
      PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8090.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58975.exe
      4⤵
      PID:4220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58999.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8312.exe
      4⤵
      PID:3988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39108.exe
      4⤵
      PID:4252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23282.exe
    3⤵
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
    3⤵
    PID:3104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22033.exe
    3⤵
    PID:3708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
    3⤵
    PID:4152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60661.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
        5⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe
        6⤵
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47945.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
        6⤵
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        6⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64610.exe
        5⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22837.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34609.exe
        5⤵
        
        PID:5028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        5⤵
        
        PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
      4⤵
      PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41501.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29283.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29115.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22281.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        5⤵
        
        PID:4484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        5⤵
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13899.exe
      4⤵
      PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47404.exe
      4⤵
      PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
      4⤵
      PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62568.exe
      4⤵
      PID:5820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18708.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
      4⤵
      PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
      4⤵
      PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
      4⤵
      PID:5192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21055.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63674.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
      4⤵
      PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
      4⤵
      PID:3224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
    3⤵
    PID:3620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25073.exe
    3⤵
    PID:4248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61886.exe
      4⤵
      PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
      4⤵
      PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:4864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
      4⤵
      PID:5580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59325.exe
    3⤵
    PID:3528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
    3⤵
    PID:3820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
    3⤵
    PID:5596
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6799.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22940.exe
    3⤵
    PID:1248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50327.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61255.exe
    3⤵
    PID:4524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
    3⤵
    PID:5156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27399.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27399.exe
  2⤵
  PID:2648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
  2⤵
  PID:3004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12233.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12233.exe
  2⤵
  PID:3756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
  2⤵
  PID:4236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26227.exe

Filesize
468KB

MD5
9660960f4eab76de6c214d232d751a46

SHA1
baf479a84e60ffdb2ab3742ccc6ca3a68f1f44ad

SHA256
b28bfea30fa6d237eecf523882bae6aa0cbf905b51286e6110580a330eb6fc1f

SHA512
348cb22f0474432a1222637cdaac370214ab75800f63f61cf9679072b39873bfe8ae1980ed27404c2ee06e308edad2d074448549f8b7d3462bde7719ab4aec88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29639.exe

Filesize
468KB

MD5
73dcdb52116034d48d44676e42f3490c

SHA1
58d8216c2abf83ad7a71fe965f2a03532308cfb8

SHA256
09e403a02c078737b4bb6373bd03b63f1451d1ca8a91bb114f871401421a97a1

SHA512
d35321d8edc7cb8e2eedc15f2eec6042a0a13b1eb385528f59818e3664b6dfff97acf809027a820f65c55768af5658295d6bef3ee6564192f066eead06a220be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35290.exe

Filesize
468KB

MD5
6ffe7086a7444d1feb2b10ee8e553a1d

SHA1
658ccb97dc9cec8553997c921792b4d28ef51ce1

SHA256
27fe03f9a4733d0f6a2ca62a5c73ceeb0969b9261af634979ab3708229e2bd1e

SHA512
0c62e14b4dcc6d1a721fb299221e1ce9c5690b83a817cc67a81f45ebc8652b42803371113ef1f164f850bce08e205c2323f930b781a6a362e67acbb0ffc7f09c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe

Filesize
468KB

MD5
eeaf9ae18cde68cc5f7ea86deff6228d

SHA1
c9359beb073cb8ecd6964a70c205e5ac675d3c42

SHA256
9bdadb5056de8dce3120e489b0a7f3a786cf86fabe187998c09585d239c35d56

SHA512
7b93806588e082cb13f20e43951c7a2a5208b90d7390a06b244081b5aa36d9a7f3b870b1f37bab5011d12fc17ddf297409db9f0d5863e25fe780c7a445f30330

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50171.exe

Filesize
468KB

MD5
724b6b7137042e148eb369a002ca7a14

SHA1
56554a4fb399df94938eaefe31fafc51897062f2

SHA256
21015aadb19b543a04811318266a17ccef6876ecc887fb063c845ba1132d622e

SHA512
7831f5efd53e599ae7733287b0bcf26b84bb5f911e103cf21c9ddea1549483b46029d7055b4a2040165bdbe8046e41b87de913767f840d79b123981d93145caa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe

Filesize
468KB

MD5
f7cdc1d913ee2f8a5e6edc5247b7f182

SHA1
c78f4fbaf5c52c1561844520c47e3fa97c011f60

SHA256
58751c6f017703fdcc262090407c9f1c2ed2330db2d3902f60e6195751ddb007

SHA512
38e1e84ccfa567803a51d420a543d7d7b07aa67deddcdf5d820ac1d816d1d171daa08fd07c7588029d1e1b73af29de78636308b305308712f82f96d486b0917d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe

Filesize
468KB

MD5
2d538919edff3d4a3c770fc61e3cc236

SHA1
06c407aa1ad4b6597ce574fd89e7edf865d4b149

SHA256
b56d2e248125eab1e798be1df6019f1b321d6335ebd773586511cabbd82c91c5

SHA512
d825e04f1998f53e4d0f1b4c65f9bfb80aaf8cb64345718bbcf275362cbe62205506f26641873fe517f40bdf6622959f1d487ebd8c3afe3fa073fc6ae5e79ddd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10759.exe

Filesize
468KB

MD5
b3854159656bbecf4a60b19cfd565258

SHA1
b33e8f03466c2a3d86287ab124d69268d08d69f3

SHA256
f829ebf601324eadc879faebb3d8255326c00082f2232d04f788052b96870e3c

SHA512
b9a7b7044cd077dc6681838f9613cfacf59c497a56097b209b6eeaf255f0552cd7e08a411e3f5e0d06445b132676393b1525fa0c9fd80e26f000e39d0bccc121

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11454.exe

Filesize
468KB

MD5
3a348dd7ff75b70791c549b3a68a0a32

SHA1
a4df09aeb2cd6c25ce9b3a23445af425e1c2eb72

SHA256
86ef2229f11011408a9609987bf1bbb9bbdf466b16f5c31056d9d0ac9c803eb3

SHA512
6ed3813a36805433572b664354bc1626316ca4770264f465ae8c46a28be624fd7a5e3596d3ea679a97673a8a7c4029f0f20b630bc47cd6b2c8477406548c7e1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe

Filesize
468KB

MD5
6d48663426202768cd10fcd0ede59686

SHA1
4a5c78d6e539d5cb32f17e39783932be3897beb8

SHA256
5152923726028f87a4f0d878bc8c8dc1bc877dd0b5c473b1eb4dd3b25b413c33

SHA512
3bc549134c6c53c181ec87a8fbe2c057d956e2f235afca79804693c0d0836c5f365f34ea1a9c1ab313dd3f15d7a016a2e453d7deb8bfea933e0cac69483378cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11911.exe

Filesize
468KB

MD5
a0a8fcc3eee1725a85dfa78952165acb

SHA1
f81a388d131a677071a4bb87dd3edf431a1a2de9

SHA256
f75e260851094d8b08ff3407525e611f7479bb7841be2095b6fc7fe284aef26f

SHA512
68f7c50ce35a2aafa35abfd3349767eaf996da6ddb01fc9a6d99da9bde81873d250188373bea1db8dd00b10a42abbdd971eaca3447fa6bedce324a2dc06d612f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe

Filesize
468KB

MD5
61a720241ad5e4a8ed052cad40c098c1

SHA1
e6dcbd8c19cb6380a94044f0c6c2cbd4434e84a9

SHA256
c317c5eb2d6a2f0f3d720b3a976fdecd50e18f9431e56abc688de89bb803cbb6

SHA512
169482d5d3caaaf4f9173a3a4b89432fb2fe25aec3213bdf0f6da08183519f0cfb1c4fbe89f4aef9d8a6dd370b4f7ee00cfb0bdc4efa8e05fe79b17595b16b2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe

Filesize
468KB

MD5
4dc6d377ef3375a5ab61c552a92f38dc

SHA1
369742b93398671f16444e2304d70425798da3e4

SHA256
4089914cbc016a914c0aa3663d0438823f3a9573411f3322d10caf4499309974

SHA512
7dd79e720a5ab53454e483f86f5d75941e94ea82cec939c05fb68d9d355ec71d9c0776dd06a2ca57c1164c5c6a9b8ec6084e3435857176f78882325620c016cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2565.exe

Filesize
468KB

MD5
4856e2b21a8ef0bacf9fc4d180a67412

SHA1
48b845bf08e519b4b69fef02fb7ed1d9c52223a3

SHA256
54fd72092a82e913c2586424d7024f70829acf76fa1379b1b6569604e4b48ea0

SHA512
0ba4479160c32e58ce034b34eb891c62e1aab6c02f2b44d0925d7ddbcb312870136dfdde3a831c44dbc920046b43caedfec07d57d9a3a404e92abadb78c3bc67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe

Filesize
468KB

MD5
01ff53b741e7200dff3fa40e99faad69

SHA1
e0a35d639de96c07052da65d2bbdc5ad18c90cdb

SHA256
9ad94bb89a59ba0caffc25363ec3a55c88aaa50e83c4f52f6470a6d2e6c19459

SHA512
a7b52b44447f74e02b2e7ed84343d7a1878c63bb81c4e2de9a862bd6068c03563f7dbb704e0cf75463993e5e6859d73922fcc1c08903423317c0b0f37480ea89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe

Filesize
468KB

MD5
92e19532d0f58fb33fdf9c24227d5054

SHA1
fa6860c86cd520951f12103e5ea934b69c5c2202

SHA256
67216eeffab858a633ce19893d67abbd870b4b0b99486902cfa5feb6e0660496

SHA512
8639cf8074d6df81f288c8c97f2cd547151cda78ceffea7b8e0596b11c0b605cfadfe26941c830c3e7b3b94171d7bf651d09110c35c434df1a6a0a3c57bd3b2a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34147.exe

Filesize
468KB

MD5
19a416f071c66b721284b3b8955fded5

SHA1
3349fceec5fd3df9b97c404e3aac8e75c117bc19

SHA256
d3fe10175faf32ad6b4a39ce9b0a892c7be1f0764ded04a9e0b4ba1f3c0e5d17

SHA512
6a42eeb3e8b9181e3dee2dd8fb74875b0bd84179310e3746ad0e678b377ba6424690d11e504796ffae396bd595edf3d42f3c5221389cb019c3c19975179cf79f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe

Filesize
468KB

MD5
cfa4c447eba95cda31405cc89b9af363

SHA1
30d888e6ad5a7163fadd15706278047e752e32df

SHA256
3084794aa4c41f8aabe8bfeddcfa4819ba7737e4140bec6e11cc980f46a5dbaa

SHA512
7ef8ea185db1eb2d540a5ee77f1dae2c5824acad515340e435a26e33160599de6ab8b5078da7d009178413bafcd7b51046f91fdac243bb1e80d447c57a59cbf1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45165.exe

Filesize
468KB

MD5
f14430c7c183f82fd6eb222b656d1dfc

SHA1
e1f53e0735084324b521179021dcd7fb82f4e127

SHA256
d5f7287d1f369493311dde72c059ae6f5400153ed6c931045d95e4c44269ba2e

SHA512
63afa9c25ab1f8c3b94a0caf5c22d755c2ffbc4dd61891d15e120eaef86c692e8e0093d2c077cd385e3ea3dfba578bf3fbf3b1b2c66af636cdda7b744a82c941

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe

Filesize
468KB

MD5
310f917fcf207de13c7074c92d65a20a

SHA1
808c96e6a74459506e914da62e31e885d4805684

SHA256
c9a6cf37e77f1f30db5a0086219761d1f00e20028bc440a164e8b15c10f46530

SHA512
735b5eaa7d91ac7c53218691ae822828651f5f3fd12f6067147beacfe86e15dd463eb56029c58e3ef81bec8e3f42bcaa25b62d36923f906841edbe6c228cb390

Download Submit