333c810e67b1a169eb1e1fe7e9af272afc3ae620df23e475e6cee43bd6dd9d63

Analysis

max time kernel
150s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-09-2024 07:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe
Size

184KB
MD5

0016c95d95348918f9235f1e8142370a
SHA1

f1de140f960a1868a4e1e48ccb96ad8bf4189f4f
SHA256

333c810e67b1a169eb1e1fe7e9af272afc3ae620df23e475e6cee43bd6dd9d63
SHA512

d8428b7e4d1f0c9fbaa3adbbf6c6359553e7fc9a0f9065d868e1f6854103616a7ba925dc6db1de92138691c6345fb1aa01ddd877222d3ba3f6a8060943e43cd1
SSDEEP

3072:Sh5eoz/PfYA01OjcdTCLI8FyKGt62D2IZDyxKqPgVNlPvpF+:Sh0oj501fdmLI823hPNlPvpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1264	Unicorn-45402.exe
2336	Unicorn-46863.exe
2092	Unicorn-35165.exe
2840	Unicorn-24518.exe
2760	Unicorn-41238.exe
2144	Unicorn-37708.exe
2560	Unicorn-15311.exe
652	Unicorn-39816.exe
1520	Unicorn-53692.exe
2784	Unicorn-44455.exe
1064	Unicorn-64320.exe
316	Unicorn-26983.exe
1516	Unicorn-15477.exe
2944	Unicorn-12566.exe
2112	Unicorn-20735.exe
2108	Unicorn-61959.exe
416	Unicorn-50262.exe
3052	Unicorn-4590.exe
1308	Unicorn-1253.exe
296	Unicorn-47206.exe
1788	Unicorn-34439.exe
1684	Unicorn-39697.exe
2432	Unicorn-65462.exe
2420	Unicorn-62125.exe
2284	Unicorn-57678.exe
824	Unicorn-31830.exe
2344	Unicorn-60973.exe
2516	Unicorn-23470.exe
2460	Unicorn-56526.exe
1592	Unicorn-36660.exe
2736	Unicorn-41472.exe
2400	Unicorn-64367.exe
2676	Unicorn-18888.exe
2968	Unicorn-31694.exe
2668	Unicorn-27248.exe
2844	Unicorn-23718.exe
2548	Unicorn-11103.exe
2628	Unicorn-47263.exe
1676	Unicorn-9759.exe
1708	Unicorn-39286.exe
2536	Unicorn-2660.exe
2300	Unicorn-43885.exe
2092	Unicorn-7875.exe
1720	Unicorn-54549.exe
564	Unicorn-54549.exe
1352	Unicorn-34683.exe
1168	Unicorn-34683.exe
3056	Unicorn-4793.exe
1900	Unicorn-34320.exe
1652	Unicorn-62463.exe
2840	Unicorn-18477.exe
2488	Unicorn-13682.exe
1672	Unicorn-56900.exe
1624	Unicorn-16060.exe
1992	Unicorn-65452.exe
2076	Unicorn-53755.exe
1492	Unicorn-20890.exe
1864	Unicorn-40756.exe
1356	Unicorn-8275.exe
2492	Unicorn-1835.exe
2340	Unicorn-34700.exe
1812	Unicorn-34700.exe
572	Unicorn-64419.exe
2136	Unicorn-26916.exe

Loads dropped DLL 64 IoCs

pid	Process
2848	0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe
2848	0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe
1264	Unicorn-45402.exe
1264	Unicorn-45402.exe
2848	0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe
2848	0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe
2092	Unicorn-35165.exe
2092	Unicorn-35165.exe
2336	Unicorn-46863.exe
2336	Unicorn-46863.exe
1264	Unicorn-45402.exe
1264	Unicorn-45402.exe
2840	Unicorn-24518.exe
2840	Unicorn-24518.exe
2760	Unicorn-41238.exe
2760	Unicorn-41238.exe
2092	Unicorn-35165.exe
2092	Unicorn-35165.exe
2336	Unicorn-46863.exe
2336	Unicorn-46863.exe
2144	Unicorn-37708.exe
2144	Unicorn-37708.exe
2560	Unicorn-15311.exe
2560	Unicorn-15311.exe
2840	Unicorn-24518.exe
2840	Unicorn-24518.exe
1520	Unicorn-53692.exe
1520	Unicorn-53692.exe
1064	Unicorn-64320.exe
1064	Unicorn-64320.exe
2784	Unicorn-44455.exe
2784	Unicorn-44455.exe
2144	Unicorn-37708.exe
2144	Unicorn-37708.exe
652	Unicorn-39816.exe
652	Unicorn-39816.exe
2760	Unicorn-41238.exe
2760	Unicorn-41238.exe
316	Unicorn-26983.exe
316	Unicorn-26983.exe
2560	Unicorn-15311.exe
2560	Unicorn-15311.exe
1516	Unicorn-15477.exe
1516	Unicorn-15477.exe
2112	Unicorn-20735.exe
2112	Unicorn-20735.exe
1064	Unicorn-64320.exe
1064	Unicorn-64320.exe
1308	Unicorn-1253.exe
1308	Unicorn-1253.exe
2944	Unicorn-12566.exe
2944	Unicorn-12566.exe
1520	Unicorn-53692.exe
1520	Unicorn-53692.exe
2108	Unicorn-61959.exe
2108	Unicorn-61959.exe
416	Unicorn-50262.exe
416	Unicorn-50262.exe
2784	Unicorn-44455.exe
2784	Unicorn-44455.exe
296	Unicorn-47206.exe
296	Unicorn-47206.exe
316	Unicorn-26983.exe
316	Unicorn-26983.exe

Program crash 59 IoCs

pid	pid_target	Process	procid_target
2480	1788	WerFault.exe	51
2932	1864	WerFault.exe	89
1980	2492	WerFault.exe	91
3024	1168	WerFault.exe	78
2316	1352	WerFault.exe	77
2236	944	WerFault.exe	114
768	1692	WerFault.exe	152
2400	2500	WerFault.exe	116
2836	2468	WerFault.exe	117
1960	1564	WerFault.exe	118
2840	948	WerFault.exe	148
1880	2784	WerFault.exe	126
2076	2888	WerFault.exe	127
2536	1852	WerFault.exe	162
2940	1356	WerFault.exe	161
2644	2804	WerFault.exe	143
2444	2268	WerFault.exe	165
1948	2672	WerFault.exe	160
1224	1312	WerFault.exe	163
2884	2012	WerFault.exe	170
2860	2564	WerFault.exe	195
1872	2548	WerFault.exe	194
1656	1316	WerFault.exe	186
2476	2368	WerFault.exe	197
1644	1768	WerFault.exe	253
844	2096	WerFault.exe	212
2108	2696	WerFault.exe	213
3032	1636	WerFault.exe	218
2328	2720	WerFault.exe	233
1928	2856	WerFault.exe	236
3152	1992	WerFault.exe	271
3596	2676	WerFault.exe	237
3700	1676	WerFault.exe	258
3744	2588	WerFault.exe	273
4092	1752	WerFault.exe	263
1680	416	WerFault.exe	303
2796	2152	WerFault.exe	267
1408	1612	WerFault.exe	286
3544	2360	WerFault.exe	288
2392	2148	WerFault.exe	257
3440	2216	WerFault.exe	299
3696	1488	WerFault.exe	315
3576	3528	WerFault.exe	330
2020	2072	WerFault.exe	320
3592	2764	WerFault.exe	309
2132	2124	WerFault.exe	313
3508	3128	WerFault.exe	322
2180	3880	WerFault.exe	361
3720	1324	WerFault.exe	359
1344	3984	WerFault.exe	362
2036	3860	WerFault.exe	360
824	3120	WerFault.exe	404
3396	2248	WerFault.exe	399
3280	3080	WerFault.exe	405
1576	3184	WerFault.exe	400
652	3136	WerFault.exe	419
4628	996	WerFault.exe	407
4756	4028	WerFault.exe	439
4488	3312	WerFault.exe	441

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62010.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14513.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28469.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33539.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1041.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14419.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19248.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11791.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61738.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9893.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56425.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48427.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43573.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64413.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-3531.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15532.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50347.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15311.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18181.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45802.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34700.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28207.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65452.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11254.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45844.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14966.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11707.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10727.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39286.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64224.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20713.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41472.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31694.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-932.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60364.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41582.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50200.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61959.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13375.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9841.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25360.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22145.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56526.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59664.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29265.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42383.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61172.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2848	0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe
1264	Unicorn-45402.exe
2336	Unicorn-46863.exe
2092	Unicorn-35165.exe
2840	Unicorn-24518.exe
2760	Unicorn-41238.exe
2144	Unicorn-37708.exe
2560	Unicorn-15311.exe
652	Unicorn-39816.exe
1520	Unicorn-53692.exe
1064	Unicorn-64320.exe
2784	Unicorn-44455.exe
316	Unicorn-26983.exe
1516	Unicorn-15477.exe
2944	Unicorn-12566.exe
2112	Unicorn-20735.exe
2108	Unicorn-61959.exe
416	Unicorn-50262.exe
3052	Unicorn-4590.exe
1308	Unicorn-1253.exe
296	Unicorn-47206.exe
1788	Unicorn-34439.exe
1684	Unicorn-39697.exe
2432	Unicorn-65462.exe
2420	Unicorn-62125.exe
2284	Unicorn-57678.exe
824	Unicorn-31830.exe
2344	Unicorn-60973.exe
2516	Unicorn-23470.exe
2460	Unicorn-56526.exe
1592	Unicorn-36660.exe
2736	Unicorn-41472.exe
2400	Unicorn-64367.exe
2676	Unicorn-18888.exe
2968	Unicorn-31694.exe
2668	Unicorn-27248.exe
2844	Unicorn-23718.exe
2548	Unicorn-11103.exe
2628	Unicorn-47263.exe
1676	Unicorn-9759.exe
1708	Unicorn-39286.exe
2536	Unicorn-2660.exe
2300	Unicorn-43885.exe
2092	Unicorn-7875.exe
564	Unicorn-54549.exe
1168	Unicorn-34683.exe
1352	Unicorn-34683.exe
1720	Unicorn-54549.exe
3056	Unicorn-4793.exe
1900	Unicorn-34320.exe
1652	Unicorn-62463.exe
2840	Unicorn-18477.exe
2488	Unicorn-13682.exe
1672	Unicorn-56900.exe
1624	Unicorn-16060.exe
1992	Unicorn-65452.exe
2076	Unicorn-53755.exe
1864	Unicorn-40756.exe
1492	Unicorn-20890.exe
1356	Unicorn-8275.exe
2492	Unicorn-1835.exe
2340	Unicorn-34700.exe
1812	Unicorn-34700.exe
2136	Unicorn-26916.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 1264	2848	0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe	31
PID 2848 wrote to memory of 1264	2848	0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe	31
PID 2848 wrote to memory of 1264	2848	0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe	31
PID 2848 wrote to memory of 1264	2848	0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe	31
PID 1264 wrote to memory of 2336	1264	Unicorn-45402.exe	32
PID 1264 wrote to memory of 2336	1264	Unicorn-45402.exe	32
PID 1264 wrote to memory of 2336	1264	Unicorn-45402.exe	32
PID 1264 wrote to memory of 2336	1264	Unicorn-45402.exe	32
PID 2848 wrote to memory of 2092	2848	0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe	33
PID 2848 wrote to memory of 2092	2848	0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe	33
PID 2848 wrote to memory of 2092	2848	0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe	33
PID 2848 wrote to memory of 2092	2848	0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe	33
PID 2092 wrote to memory of 2840	2092	Unicorn-35165.exe	34
PID 2092 wrote to memory of 2840	2092	Unicorn-35165.exe	34
PID 2092 wrote to memory of 2840	2092	Unicorn-35165.exe	34
PID 2092 wrote to memory of 2840	2092	Unicorn-35165.exe	34
PID 2336 wrote to memory of 2760	2336	Unicorn-46863.exe	35
PID 2336 wrote to memory of 2760	2336	Unicorn-46863.exe	35
PID 2336 wrote to memory of 2760	2336	Unicorn-46863.exe	35
PID 2336 wrote to memory of 2760	2336	Unicorn-46863.exe	35
PID 1264 wrote to memory of 2144	1264	Unicorn-45402.exe	36
PID 1264 wrote to memory of 2144	1264	Unicorn-45402.exe	36
PID 1264 wrote to memory of 2144	1264	Unicorn-45402.exe	36
PID 1264 wrote to memory of 2144	1264	Unicorn-45402.exe	36
PID 2840 wrote to memory of 2560	2840	Unicorn-24518.exe	37
PID 2840 wrote to memory of 2560	2840	Unicorn-24518.exe	37
PID 2840 wrote to memory of 2560	2840	Unicorn-24518.exe	37
PID 2840 wrote to memory of 2560	2840	Unicorn-24518.exe	37
PID 2760 wrote to memory of 652	2760	Unicorn-41238.exe	38
PID 2760 wrote to memory of 652	2760	Unicorn-41238.exe	38
PID 2760 wrote to memory of 652	2760	Unicorn-41238.exe	38
PID 2760 wrote to memory of 652	2760	Unicorn-41238.exe	38
PID 2092 wrote to memory of 1520	2092	Unicorn-35165.exe	39
PID 2092 wrote to memory of 1520	2092	Unicorn-35165.exe	39
PID 2092 wrote to memory of 1520	2092	Unicorn-35165.exe	39
PID 2092 wrote to memory of 1520	2092	Unicorn-35165.exe	39
PID 2336 wrote to memory of 2784	2336	Unicorn-46863.exe	40
PID 2336 wrote to memory of 2784	2336	Unicorn-46863.exe	40
PID 2336 wrote to memory of 2784	2336	Unicorn-46863.exe	40
PID 2336 wrote to memory of 2784	2336	Unicorn-46863.exe	40
PID 2144 wrote to memory of 1064	2144	Unicorn-37708.exe	41
PID 2144 wrote to memory of 1064	2144	Unicorn-37708.exe	41
PID 2144 wrote to memory of 1064	2144	Unicorn-37708.exe	41
PID 2144 wrote to memory of 1064	2144	Unicorn-37708.exe	41
PID 2560 wrote to memory of 316	2560	Unicorn-15311.exe	42
PID 2560 wrote to memory of 316	2560	Unicorn-15311.exe	42
PID 2560 wrote to memory of 316	2560	Unicorn-15311.exe	42
PID 2560 wrote to memory of 316	2560	Unicorn-15311.exe	42
PID 2840 wrote to memory of 1516	2840	Unicorn-24518.exe	43
PID 2840 wrote to memory of 1516	2840	Unicorn-24518.exe	43
PID 2840 wrote to memory of 1516	2840	Unicorn-24518.exe	43
PID 2840 wrote to memory of 1516	2840	Unicorn-24518.exe	43
PID 1520 wrote to memory of 2944	1520	Unicorn-53692.exe	44
PID 1520 wrote to memory of 2944	1520	Unicorn-53692.exe	44
PID 1520 wrote to memory of 2944	1520	Unicorn-53692.exe	44
PID 1520 wrote to memory of 2944	1520	Unicorn-53692.exe	44
PID 1064 wrote to memory of 2112	1064	Unicorn-64320.exe	45
PID 1064 wrote to memory of 2112	1064	Unicorn-64320.exe	45
PID 1064 wrote to memory of 2112	1064	Unicorn-64320.exe	45
PID 1064 wrote to memory of 2112	1064	Unicorn-64320.exe	45
PID 2784 wrote to memory of 2108	2784	Unicorn-44455.exe	46
PID 2784 wrote to memory of 2108	2784	Unicorn-44455.exe	46
PID 2784 wrote to memory of 2108	2784	Unicorn-44455.exe	46
PID 2784 wrote to memory of 2108	2784	Unicorn-44455.exe	46

C:\Users\Admin\AppData\Local\Temp\0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0016c95d95348918f9235f1e8142370a_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46563.exe
        9⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55777.exe
        10⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55881.exe
        11⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31419.exe
        12⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7374.exe
        13⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28994.exe
        14⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
        15⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47923.exe
        16⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17665.exe
        17⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        18⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1041.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        9⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
        10⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41201.exe
        11⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-726.exe
        12⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
        13⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        14⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
        15⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61172.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        17⤵
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9759.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
        9⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19016.exe
        10⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
        11⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
        12⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3531.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18553.exe
        14⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28792.exe
        15⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30851.exe
        17⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        18⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23707.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56900.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59526.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62876.exe
        9⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34252.exe
        10⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe
        11⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61371.exe
        8⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1439.exe
        9⤵
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64413.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 200
        11⤵
        Program crash
        
        PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47417.exe
        9⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40370.exe
        10⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        11⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33469.exe
        12⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        13⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        14⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36981.exe
        15⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1338.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
        7⤵
        Executes dropped EXE
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12982.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55061.exe
        9⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53245.exe
        10⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13375.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7374.exe
        12⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4105.exe
        13⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe
        14⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17099.exe
        15⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        16⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38395.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23180.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe
        10⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15929.exe
        11⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
        12⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45802.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        14⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24765.exe
        15⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24300.exe
        16⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
        18⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 236
        17⤵
        Program crash
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
        16⤵
        Program crash
        
        PID:2036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
        15⤵
        Program crash
        
        PID:3576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
        14⤵
        Program crash
        
        PID:1408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 216
        13⤵
        Program crash
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25360.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45844.exe
        13⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10727.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52824.exe
        15⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        16⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        17⤵
        
        PID:2484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
        13⤵
        Program crash
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        12⤵
        Program crash
        
        PID:3596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
        11⤵
        Program crash
        
        PID:1656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        10⤵
        Program crash
        
        PID:2644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
        9⤵
        Program crash
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 216
        8⤵
        Program crash
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
        9⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        10⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42898.exe
        11⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
        12⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        13⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        14⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        16⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        17⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
        10⤵
        Program crash
        
        PID:2860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
        9⤵
        Program crash
        
        PID:2536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 216
        8⤵
        Program crash
        
        PID:1960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
        7⤵
        Program crash
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54549.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35193.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51602.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64874.exe
        9⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
        10⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19876.exe
        12⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        13⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        15⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        16⤵
        
        PID:4100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4931.exe
        7⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17916.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
        9⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9893.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59694.exe
        11⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
        12⤵
        
        PID:3284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65462.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exe
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48997.exe
        9⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22389.exe
        10⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        11⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55103.exe
        12⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
        14⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58656.exe
        15⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        16⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        18⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        19⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42445.exe
        11⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        12⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
        13⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30629.exe
        14⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        15⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53658.exe
        16⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        17⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
        17⤵
        Program crash
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        16⤵
        Program crash
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22145.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16826.exe
        10⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48637.exe
        11⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        12⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe
        13⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
        14⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
        15⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20685.exe
        16⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33669.exe
        17⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
        18⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23718.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
        9⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 220
        10⤵
        Program crash
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14256.exe
        9⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
        10⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
        11⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14966.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15532.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        14⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50347.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        16⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65317.exe
        7⤵
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57121.exe
        8⤵
        
        PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11103.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65452.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        9⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
        10⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        11⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32455.exe
        12⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15532.exe
        13⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        14⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
        15⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        16⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41624.exe
        17⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
        8⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20713.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8336.exe
        10⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
        11⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54323.exe
        12⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49570.exe
        13⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
        14⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
        15⤵
        
        PID:3640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        11⤵
        Program crash
        
        PID:2328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        10⤵
        Program crash
        
        PID:1872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 236
        9⤵
        Program crash
        
        PID:2940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
        8⤵
        Program crash
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37627.exe
        7⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17916.exe
        9⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57153.exe
        10⤵
        
        PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56526.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13682.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24140.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21429.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        10⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59234.exe
        11⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        12⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15423.exe
        13⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        15⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        16⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
        16⤵
        Program crash
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1835.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18141.exe
        7⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18440.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
        9⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        10⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25984.exe
        12⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
        13⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26356.exe
        14⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        15⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
        16⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
        17⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
        14⤵
        Program crash
        
        PID:3720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        13⤵
        Program crash
        
        PID:2020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 416 -s 236
        12⤵
        Program crash
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30238.exe
        11⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        12⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3901.exe
        13⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6237.exe
        14⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
        12⤵
        Program crash
        
        PID:3508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 220
        11⤵
        Program crash
        
        PID:2392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        10⤵
        Program crash
        
        PID:2108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        9⤵
        Program crash
        
        PID:1948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 216
        8⤵
        Program crash
        
        PID:1880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        7⤵
        Program crash
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14803.exe
        6⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
        9⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27022.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32933.exe
        11⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        12⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        13⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
        14⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
        14⤵
        Program crash
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        13⤵
        Program crash
        
        PID:3396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        12⤵
        Program crash
        
        PID:2180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        11⤵
        Program crash
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
        10⤵
        Program crash
        
        PID:4092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
        9⤵
        Program crash
        
        PID:3032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        8⤵
        Program crash
        
        PID:2884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
        7⤵
        Program crash
        
        PID:2076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
        6⤵
        Program crash
        
        PID:2316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35165.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35165.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15311.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26983.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47206.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41472.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21353.exe
        9⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58382.exe
        10⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
        11⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
        12⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19248.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
        14⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1649.exe
        16⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
        17⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        8⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        10⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        11⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31793.exe
        12⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29518.exe
        13⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23805.exe
        14⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52199.exe
        15⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        16⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53635.exe
        17⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34320.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59386.exe
        9⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57495.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15929.exe
        11⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
        12⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64603.exe
        13⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45149.exe
        15⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        16⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        17⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
        14⤵
        Program crash
        
        PID:3696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
        13⤵
        Program crash
        
        PID:3744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
        12⤵
        Program crash
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26835.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37433.exe
        9⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31419.exe
        10⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
        11⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7748.exe
        12⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        13⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
        14⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24795.exe
        15⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 216
        10⤵
        Program crash
        
        PID:2476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
        9⤵
        Program crash
        
        PID:2444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
        8⤵
        Program crash
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        6⤵
        Program crash
        
        PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59697.exe
        7⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48237.exe
        9⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
        12⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        14⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        15⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        16⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14419.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61860.exe
        10⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45854.exe
        11⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42746.exe
        12⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12069.exe
        13⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        14⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58344.exe
        15⤵
        
        PID:1264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        14⤵
        Program crash
        
        PID:824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
        13⤵
        Program crash
        
        PID:1344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        12⤵
        Program crash
        
        PID:2132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
        11⤵
        Program crash
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58472.exe
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35736.exe
        8⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43349.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        10⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
        11⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4105.exe
        12⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60364.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3901.exe
        14⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        15⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64888.exe
        16⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50200.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31694.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31830.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35084.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51602.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
        10⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
        11⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36548.exe
        12⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30779.exe
        13⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        14⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39574.exe
        15⤵
        
        PID:3136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 240
        16⤵
        Program crash
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58237.exe
        9⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        10⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64224.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        12⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        13⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        14⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
        15⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15327.exe
        6⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57111.exe
        8⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
        9⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34707.exe
        10⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34344.exe
        11⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        12⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1338.exe
        13⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7875.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
        7⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59664.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        10⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        11⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        12⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49521.exe
        13⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18059.exe
        14⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44058.exe
        15⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 216
        12⤵
        Program crash
        
        PID:3440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
        11⤵
        Program crash
        
        PID:3700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
        10⤵
        Program crash
        
        PID:844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 216
        9⤵
        Program crash
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47175.exe
        6⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
        7⤵
        
        PID:948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
        8⤵
        Program crash
        
        PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60973.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16060.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57121.exe
        8⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
        9⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13868.exe
        10⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37634.exe
        11⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24364.exe
        12⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
        13⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10900.exe
        15⤵
        
        PID:4140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53755.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24664.exe
        6⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
        9⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
        10⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45844.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        12⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48427.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        14⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22623.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61263.exe
        9⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45226.exe
        10⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24661.exe
        11⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42383.exe
        12⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7648.exe
        13⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50176.exe
        14⤵
        
        PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe

Filesize
184KB

MD5
ff732c7eacbfdc3fda8ef8806a9c96e3

SHA1
3e6d59762f52e4050ec36c83647e29db17fda1f8

SHA256
f581bcf9d412c6afebaa25d84dccb913011e9f05de4165b39cd7eeadbb3229be

SHA512
b842ac94131696c2419c95fd84037c481b295485e0406d4643ae669e0bffefb972d7d544ff0458e3e07bc76c211900ed865cb9acecdbe546e593c92a12256f5c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61959.exe

Filesize
184KB

MD5
d6f42d45220b15e4b36fcb92c00a3d9d

SHA1
cd713b0d19b57063d16ed4b4928254c66d83a617

SHA256
3315ae133d040685d70affdc104901589c26bc518c425e540b3c73ea5c38d82c

SHA512
c26cbd92a7cc75830528a3d27abf2f54e17767a1cf88c86319e752169ad47b744b6c2eb95280cae21a4be4d286672e21747c3f8485f2c22a1da13bdba22d53ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12566.exe

Filesize
184KB

MD5
cc27e3c25bf8948313d68a316721da9c

SHA1
e5c485527477e48ba87587fb9f660aeb1b15be49

SHA256
a9952e2aabe1636c76a1fc357ec387c147edd8f57ee8b80e287a93e6580ada2e

SHA512
924b571012d5147221c4464f50dba9419f1ac0c2fe63778511f1e5860168682df5cee4e609f59eda76e0d5faf1a0ac0d6addb27ff82112ad37b56794dece136f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15311.exe

Filesize
184KB

MD5
fff5c3f50a61fbfb4f78b988db70c49e

SHA1
6d4fe5103f3c04b2d700c96b000fcd2cf83368d3

SHA256
3b2ed76d617b3d294e8b0fc7bc043b070f8465ca5f817a79b2156638514f285f

SHA512
0d55032eab3458ce9ab08c21e2e4e7c86d8fb9509351740dd3acb496ab9c7b49102a0e816042566a03f7c706ef6b49364b6a7d84987b408e3ea432371385991f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15477.exe

Filesize
184KB

MD5
b6edc9a5d1f35e601db3f68e7eba312a

SHA1
69aba032eedfbdb8e409595f65ebdcb0a4bbb51d

SHA256
f675043f10daec2d9b88f00f8bc7b6f02239b3648ef01c3992a044f7f07b606f

SHA512
65991333bafe0c7e7c1ba86e65b56f82ad9482722910d692b381e0a4ff9cbd0bc36d675c99ad4d6669551af8ea90d1ca3cb58cf875556e4d356510041f9011d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe

Filesize
184KB

MD5
f4bc4ff2734b3b10d8d9860c92b9a2dc

SHA1
ebb558ba2e53e094def8bea1b4c8d35ac6c785e8

SHA256
a7b8a4f9d07d7f6268867c803860cd334fddfbf377420b377e7f130dcdfcfbf6

SHA512
f754d5703ab639d39988428c327c4e7f5379c89dbdecfc309609ef3a2081b3e97f96dc2551a914dfda2f2fd48a71a3d410f9cdfeedb65ca7ce1e1d08f5234ffd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24518.exe

Filesize
184KB

MD5
d0525796a8823f95c04e67bb2f1b73b9

SHA1
d3a55eef31bd7b1026cf9460dbfbba200ad836d2

SHA256
6af783b381a03b9edd5c1c46c991addecb45b8bbfcd8a450b3427387fdfefca7

SHA512
bcd3aba9ebfaf1df67f38a928bdc113d1e42a37b27a3fcf740ae15e051ddac7bfb7411cce9ad8b20004d3c70e9ca5e3fe9db4ace6db0da30578030e5641a4494

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26983.exe

Filesize
184KB

MD5
16e07d06b82b42bafee6e3863339934b

SHA1
edca568cb2647e8283b7fd206eb251b826c7b80e

SHA256
a73f6cc71a0559df4902c5520c9e755a1d04069118013a2d030a9e0f621bc70b

SHA512
b1aabea8763a61d65cde0f1bef4fc59c40c8b73832e3deca64afc70f2110c8903c1a91b4c77c5b0da88be53b693446581fed63bae0bcabac79cb825bb710f23d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35165.exe

Filesize
184KB

MD5
ab9cd50f01ba4b395944c73d22fabe90

SHA1
77224878ae802e2136d69a2aee250d6a161cab67

SHA256
d8021049ebfb346108b57727e428975f5ae484f4d22006ecb520c9a514505f97

SHA512
8a9746e68f740f5e252c0d67784e0481447a2ecd53cdd6f41a18b0e7c02c1a8168aa3622be2059db60c70e09084a693f0523440cd6cf2b91267982394f8c0462

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37708.exe

Filesize
184KB

MD5
fdb768f2aeaecc1c2030c4e70588ecad

SHA1
843d5d53b1bc9552c6d0b24a0575765c78e0ad1d

SHA256
b60065115b2c4a76393fa56455db4c1bce601ad09d72224cc15a027a395b5591

SHA512
2cb347009806046403ab0bf0e9c9021e9b160894b9b003ac7579da4ad293f22ddd95c14ec8415cad277c75dea628e5b532db009cf76dc18d5e7a355a83eb5a98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe

Filesize
184KB

MD5
891067d747b849b6d699dfd675a610f9

SHA1
1b3a0ed86b880c666cf385afa50531081c348286

SHA256
6971089f2199c8032faf4e93359c170f4cb4b17664de35cffccf353e0eb75274

SHA512
334d515aa532be3fbe9f09ac6fbf7439ad7cfea3184a514142ca930afa8c330e5237ffa8776c691417cb5a80b03d77a0f0fa85bdfce69f259fa950b84396a689

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41238.exe

Filesize
184KB

MD5
209a900f675268385b674b87e891a3f0

SHA1
78520edf2524763a6f7bb06ded188a0b7cd24638

SHA256
1f8cf46086f945c4297c52bdc91e36dc7066c450153530a5119a26bd7b34c883

SHA512
77f41c8b02054b49267dcd805b97d3bd2a07ea3ef2d9f4c87947137d9a1c9ea2da8d91c5e8c01ae7848f477f3ee36a08d3a4fffa9fb7262dc032a5d63ea78744

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe

Filesize
184KB

MD5
acd1d16eab65914e0a8fe6ea4675d776

SHA1
9f328c6503789df28132f48b7c5e033300e627de

SHA256
e1b24b153d15fc8bba68df7ac654779aa312aa04cb207450901b850f924d16bf

SHA512
f250745fc257fcebc002b232929546c4bbeeb275524f150c1876895af7251af9889d6275834cde6def4d636a084d779d7c6ae40328afea8e34ec56397c9d2611

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe

Filesize
184KB

MD5
6f1bfd5d5296135ebe1dac3c2836db91

SHA1
7a7009299435eb7389d010f3998bc6eaa35f5e47

SHA256
ca2538ce858808d4dc9ec95ef0bab6f7d27796a79b35ec9e80fbbe5ba1def66d

SHA512
b66c1424af1c4d25d6a22f18e16c59849dbbe830696bd8cfe09e34d823eddd4a93833a4099846ef9fc1e535473612a83a59cd48576d170e4782a14f1eadb7fbe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe

Filesize
184KB

MD5
3ec0a7db64b62bfa10b6681e7f726c05

SHA1
deedf3bfca69431a6de933290370629635829885

SHA256
d5d0f9069d5fcd6b8620e912c846f22213ee8010fd158940ec3a6cde0aadc4f2

SHA512
b093efd13ca511f04a5a425815c5ad35e3fa4b421313ba23ba4b2f9282ad1f5a3f07d161e95f237493f49e71772874d7aa8431a8e7817723ca7a842150983345

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe

Filesize
184KB

MD5
b32584f1196a47975f1e2d0cdcd3382a

SHA1
71ea30bf594978116839ea8de3f9245b636b68ae

SHA256
f7d6e2b6dadf98ba1a3b94c8fe76c3a22c244ac2109a5e4033f8014852e971bc

SHA512
f3d0a953e085914aaa3ff4dab3f573207c7078bc42f43a7e5f7728acfda5a50e8c7bd342e06dcd645e35b0246dceaa1dbe84ed0641e01de246be9ef65d8b7289

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe

Filesize
184KB

MD5
28149bc59dbb3357d8e7cbe74e1056c2

SHA1
9c223d0fcc045e731f0d445803ba6fc91b9796d1

SHA256
b095c841111ba5844b61c57cdc3590fcc86ddac84099a89a46a694dcb995ff00

SHA512
eadc322a6049e5a64fab4ca3009b658693f3d8b025fe31489562af31067536ba57bdd620495bf32d5946aa7d86fee8ae8bfb10e361eb05cd1f397c200f655d33

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe

Filesize
184KB

MD5
0c553c32f769d9052eaa43ab0c71e9fc

SHA1
30177b7e98d7af1fce6729fec903c208c39afbab

SHA256
5d8d59806b41209518351359370350d9181516fb88dacfb866587db4712285a6

SHA512
21e893f880d69e2799e36f3efc318b6e2a53d1508d112f75265b6332caaa8f3072581ee6d0c078378b0562f01f405f057cfb5e7e32e7fa4ffcc09fe8563f3258

Download Submit