c28ae6317f51437c7c38f84f962d516666c52442b45e3f9daa18ba8f3184453c

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 04:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe
Size

184KB
MD5

2ae8c1deff1fcd29ed95a10f60bce2fb
SHA1

38c99c677ba0257667c0c222dc4b796a25a15f1b
SHA256

c28ae6317f51437c7c38f84f962d516666c52442b45e3f9daa18ba8f3184453c
SHA512

b006243cbad475e850cdb5ee671db3869cebd7413f377e4005c1cb37cbe939d20a93c6f43a2c0af347f59adf475d3cc22d8e0813f7a9ed79ee96504996830a89
SSDEEP

3072:JaqFo87x4zAHtQjWMIX3D8vMyZWMRmKeVUSxQ/cRB5lBvpF+:JakoLsHt3MO3D8694o5lBvpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1048	Unicorn-31789.exe
2120	Unicorn-2297.exe
2348	Unicorn-43885.exe
2748	Unicorn-25671.exe
2720	Unicorn-37923.exe
2916	Unicorn-22141.exe
3044	Unicorn-25837.exe
1516	Unicorn-10055.exe
2932	Unicorn-18223.exe
2672	Unicorn-42173.exe
1064	Unicorn-50341.exe
1428	Unicorn-61882.exe
1156	Unicorn-58737.exe
1840	Unicorn-41654.exe
2320	Unicorn-29956.exe
1648	Unicorn-57990.exe
2980	Unicorn-62074.exe
2244	Unicorn-2328.exe
1984	Unicorn-22194.exe
2044	Unicorn-49171.exe
1436	Unicorn-33389.exe
2572	Unicorn-61423.exe
2460	Unicorn-36727.exe
1640	Unicorn-54770.exe
2952	Unicorn-21351.exe
3008	Unicorn-50323.exe
1784	Unicorn-54407.exe
2216	Unicorn-46794.exe
1452	Unicorn-54962.exe
1492	Unicorn-9290.exe
2448	Unicorn-47116.exe
2880	Unicorn-27250.exe
2848	Unicorn-19680.exe
2908	Unicorn-21303.exe
2768	Unicorn-60520.exe
1048	Unicorn-8387.exe
1552	Unicorn-45891.exe
2600	Unicorn-30431.exe
1568	Unicorn-50297.exe
2664	Unicorn-21901.exe
2360	Unicorn-6119.exe
2884	Unicorn-42321.exe
1792	Unicorn-13540.exe
2180	Unicorn-59212.exe
2084	Unicorn-13711.exe
2068	Unicorn-49913.exe
1576	Unicorn-12964.exe
2208	Unicorn-712.exe
632	Unicorn-63104.exe
1100	Unicorn-46021.exe
2464	Unicorn-59980.exe
1540	Unicorn-14308.exe
1208	Unicorn-7593.exe
2196	Unicorn-9264.exe
1616	Unicorn-541.exe
1820	Unicorn-4796.exe
2092	Unicorn-24662.exe
2116	Unicorn-32830.exe
2800	Unicorn-33598.exe
2620	Unicorn-54573.exe
2868	Unicorn-8901.exe
1716	Unicorn-42512.exe
2724	Unicorn-58294.exe
2704	Unicorn-10800.exe

Loads dropped DLL 64 IoCs

pid	Process
2528	2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe
2528	2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe
1048	Unicorn-31789.exe
1048	Unicorn-31789.exe
2528	2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe
2528	2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe
2348	Unicorn-43885.exe
2348	Unicorn-43885.exe
2120	Unicorn-2297.exe
2120	Unicorn-2297.exe
1048	Unicorn-31789.exe
1048	Unicorn-31789.exe
2748	Unicorn-25671.exe
2748	Unicorn-25671.exe
2348	Unicorn-43885.exe
2348	Unicorn-43885.exe
2120	Unicorn-2297.exe
2120	Unicorn-2297.exe
2916	Unicorn-22141.exe
2916	Unicorn-22141.exe
2720	Unicorn-37923.exe
2720	Unicorn-37923.exe
3044	Unicorn-25837.exe
3044	Unicorn-25837.exe
2748	Unicorn-25671.exe
2748	Unicorn-25671.exe
2672	Unicorn-42173.exe
2672	Unicorn-42173.exe
2720	Unicorn-37923.exe
2720	Unicorn-37923.exe
1064	Unicorn-50341.exe
1516	Unicorn-10055.exe
1064	Unicorn-50341.exe
1516	Unicorn-10055.exe
2916	Unicorn-22141.exe
2916	Unicorn-22141.exe
2932	Unicorn-18223.exe
2932	Unicorn-18223.exe
1428	Unicorn-61882.exe
1428	Unicorn-61882.exe
3044	Unicorn-25837.exe
3044	Unicorn-25837.exe
1156	Unicorn-58737.exe
1156	Unicorn-58737.exe
1840	Unicorn-41654.exe
1840	Unicorn-41654.exe
2672	Unicorn-42173.exe
2672	Unicorn-42173.exe
2244	Unicorn-2328.exe
2244	Unicorn-2328.exe
1984	Unicorn-22194.exe
1984	Unicorn-22194.exe
1648	Unicorn-57990.exe
1648	Unicorn-57990.exe
2932	Unicorn-18223.exe
2932	Unicorn-18223.exe
1064	Unicorn-50341.exe
1064	Unicorn-50341.exe
2980	Unicorn-62074.exe
2980	Unicorn-62074.exe
1516	Unicorn-10055.exe
2320	Unicorn-29956.exe
1516	Unicorn-10055.exe
2320	Unicorn-29956.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
1312	2572	WerFault.exe	52
3044	1576	WerFault.exe	79
3028	1452	WerFault.exe	59
1832	1048	WerFault.exe	68
1240	2208	WerFault.exe	78
484	1784	WerFault.exe	57
2432	2448	WerFault.exe	61
900	632	WerFault.exe	80
1800	1616	WerFault.exe	86
1684	2196	WerFault.exe	85
2152	2868	WerFault.exe	93
604	1552	WerFault.exe	67
304	1300	WerFault.exe	99
2336	1252	WerFault.exe	114
2760	1508	WerFault.exe	134
332	2444	WerFault.exe	128
1652	2356	WerFault.exe	122
2040	2888	WerFault.exe	145
2984	1940	WerFault.exe	157
1852	2884	WerFault.exe	177
3040	832	WerFault.exe	171
2968	2224	WerFault.exe	185
2840	1728	WerFault.exe	176
2700	2552	WerFault.exe	166
1736	2460	WerFault.exe	193
2804	2376	WerFault.exe	174
2032	1644	WerFault.exe	195
2060	2792	WerFault.exe	217
2844	776	WerFault.exe	211
2656	1716	WerFault.exe	213
1420	572	WerFault.exe	218
2524	1932	WerFault.exe	221
2688	1580	WerFault.exe	247
2592	880	WerFault.exe	244
2144	2108	WerFault.exe	243
2828	2116	WerFault.exe	237
560	2956	WerFault.exe	249
3728	2324	WerFault.exe	273
3768	1720	WerFault.exe	277
3880	3176	WerFault.exe	279
3976	2036	WerFault.exe	266
2928	1344	WerFault.exe	258
3856	3984	WerFault.exe	297
3832	2672	WerFault.exe	260
3204	2288	WerFault.exe	299
3396	2600	WerFault.exe	272
2476	3432	WerFault.exe	333
3340	2436	WerFault.exe	309
3220	4056	WerFault.exe	323
3288	2712	WerFault.exe	347
3496	1700	WerFault.exe	340
3004	4084	WerFault.exe	359
3892	1912	WerFault.exe	379
3140	2112	WerFault.exe	396
3244	3252	WerFault.exe	400
1180	2904	WerFault.exe	432
3604	3420	WerFault.exe	421
3800	3700	WerFault.exe	423
2548	3600	WerFault.exe	468
2228	2140	WerFault.exe	453
996	924	WerFault.exe	449
3256	3848	WerFault.exe	422
3260	3488	WerFault.exe	461
2908	2800	WerFault.exe	446

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25671.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34771.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41095.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58737.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8901.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49986.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39182.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32477.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25809.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57806.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19011.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25170.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19083.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42173.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38284.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16074.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37198.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12964.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45305.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-48450.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47874.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20812.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40219.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29202.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28631.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44687.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44484.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45891.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10800.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63675.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39192.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27698.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-50685.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5330.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42793.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1952.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23094.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61882.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46794.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14312.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58324.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10249.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30127.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2528	2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe
1048	Unicorn-31789.exe
2348	Unicorn-43885.exe
2120	Unicorn-2297.exe
2748	Unicorn-25671.exe
2720	Unicorn-37923.exe
2916	Unicorn-22141.exe
3044	Unicorn-25837.exe
1516	Unicorn-10055.exe
2672	Unicorn-42173.exe
1064	Unicorn-50341.exe
2932	Unicorn-18223.exe
1428	Unicorn-61882.exe
1156	Unicorn-58737.exe
1840	Unicorn-41654.exe
2980	Unicorn-62074.exe
1648	Unicorn-57990.exe
2320	Unicorn-29956.exe
1984	Unicorn-22194.exe
2244	Unicorn-2328.exe
2044	Unicorn-49171.exe
1436	Unicorn-33389.exe
2572	Unicorn-61423.exe
2460	Unicorn-36727.exe
1640	Unicorn-54770.exe
2952	Unicorn-21351.exe
3008	Unicorn-50323.exe
1784	Unicorn-54407.exe
1452	Unicorn-54962.exe
2216	Unicorn-46794.exe
1492	Unicorn-9290.exe
2880	Unicorn-27250.exe
2448	Unicorn-47116.exe
2848	Unicorn-19680.exe
2768	Unicorn-60520.exe
1552	Unicorn-45891.exe
2908	Unicorn-21303.exe
1048	Unicorn-8387.exe
2600	Unicorn-30431.exe
1568	Unicorn-50297.exe
2664	Unicorn-21901.exe
2360	Unicorn-6119.exe
2884	Unicorn-42321.exe
2180	Unicorn-59212.exe
1792	Unicorn-13540.exe
2084	Unicorn-13711.exe
1576	Unicorn-12964.exe
2208	Unicorn-712.exe
2068	Unicorn-49913.exe
632	Unicorn-63104.exe
1100	Unicorn-46021.exe
2464	Unicorn-59980.exe
1540	Unicorn-14308.exe
2196	Unicorn-9264.exe
1208	Unicorn-7593.exe
1616	Unicorn-541.exe
1820	Unicorn-4796.exe
2092	Unicorn-24662.exe
2116	Unicorn-32830.exe
2800	Unicorn-33598.exe
2620	Unicorn-54573.exe
2868	Unicorn-8901.exe
2724	Unicorn-58294.exe
1716	Unicorn-42512.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 1048	2528	2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe	30
PID 2528 wrote to memory of 1048	2528	2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe	30
PID 2528 wrote to memory of 1048	2528	2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe	30
PID 2528 wrote to memory of 1048	2528	2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe	30
PID 1048 wrote to memory of 2120	1048	Unicorn-31789.exe	31
PID 1048 wrote to memory of 2120	1048	Unicorn-31789.exe	31
PID 1048 wrote to memory of 2120	1048	Unicorn-31789.exe	31
PID 1048 wrote to memory of 2120	1048	Unicorn-31789.exe	31
PID 2528 wrote to memory of 2348	2528	2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe	32
PID 2528 wrote to memory of 2348	2528	2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe	32
PID 2528 wrote to memory of 2348	2528	2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe	32
PID 2528 wrote to memory of 2348	2528	2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe	32
PID 2348 wrote to memory of 2748	2348	Unicorn-43885.exe	33
PID 2348 wrote to memory of 2748	2348	Unicorn-43885.exe	33
PID 2348 wrote to memory of 2748	2348	Unicorn-43885.exe	33
PID 2348 wrote to memory of 2748	2348	Unicorn-43885.exe	33
PID 2120 wrote to memory of 2720	2120	Unicorn-2297.exe	34
PID 2120 wrote to memory of 2720	2120	Unicorn-2297.exe	34
PID 2120 wrote to memory of 2720	2120	Unicorn-2297.exe	34
PID 2120 wrote to memory of 2720	2120	Unicorn-2297.exe	34
PID 1048 wrote to memory of 2916	1048	Unicorn-31789.exe	35
PID 1048 wrote to memory of 2916	1048	Unicorn-31789.exe	35
PID 1048 wrote to memory of 2916	1048	Unicorn-31789.exe	35
PID 1048 wrote to memory of 2916	1048	Unicorn-31789.exe	35
PID 2748 wrote to memory of 3044	2748	Unicorn-25671.exe	37
PID 2748 wrote to memory of 3044	2748	Unicorn-25671.exe	37
PID 2748 wrote to memory of 3044	2748	Unicorn-25671.exe	37
PID 2748 wrote to memory of 3044	2748	Unicorn-25671.exe	37
PID 2348 wrote to memory of 1516	2348	Unicorn-43885.exe	38
PID 2348 wrote to memory of 1516	2348	Unicorn-43885.exe	38
PID 2348 wrote to memory of 1516	2348	Unicorn-43885.exe	38
PID 2348 wrote to memory of 1516	2348	Unicorn-43885.exe	38
PID 2120 wrote to memory of 2932	2120	Unicorn-2297.exe	39
PID 2120 wrote to memory of 2932	2120	Unicorn-2297.exe	39
PID 2120 wrote to memory of 2932	2120	Unicorn-2297.exe	39
PID 2120 wrote to memory of 2932	2120	Unicorn-2297.exe	39
PID 2916 wrote to memory of 1064	2916	Unicorn-22141.exe	40
PID 2916 wrote to memory of 1064	2916	Unicorn-22141.exe	40
PID 2916 wrote to memory of 1064	2916	Unicorn-22141.exe	40
PID 2916 wrote to memory of 1064	2916	Unicorn-22141.exe	40
PID 2720 wrote to memory of 2672	2720	Unicorn-37923.exe	41
PID 2720 wrote to memory of 2672	2720	Unicorn-37923.exe	41
PID 2720 wrote to memory of 2672	2720	Unicorn-37923.exe	41
PID 2720 wrote to memory of 2672	2720	Unicorn-37923.exe	41
PID 3044 wrote to memory of 1428	3044	Unicorn-25837.exe	42
PID 3044 wrote to memory of 1428	3044	Unicorn-25837.exe	42
PID 3044 wrote to memory of 1428	3044	Unicorn-25837.exe	42
PID 3044 wrote to memory of 1428	3044	Unicorn-25837.exe	42
PID 2748 wrote to memory of 1156	2748	Unicorn-25671.exe	43
PID 2748 wrote to memory of 1156	2748	Unicorn-25671.exe	43
PID 2748 wrote to memory of 1156	2748	Unicorn-25671.exe	43
PID 2748 wrote to memory of 1156	2748	Unicorn-25671.exe	43
PID 2672 wrote to memory of 1840	2672	Unicorn-42173.exe	44
PID 2672 wrote to memory of 1840	2672	Unicorn-42173.exe	44
PID 2672 wrote to memory of 1840	2672	Unicorn-42173.exe	44
PID 2672 wrote to memory of 1840	2672	Unicorn-42173.exe	44
PID 2720 wrote to memory of 2320	2720	Unicorn-37923.exe	45
PID 2720 wrote to memory of 2320	2720	Unicorn-37923.exe	45
PID 2720 wrote to memory of 2320	2720	Unicorn-37923.exe	45
PID 2720 wrote to memory of 2320	2720	Unicorn-37923.exe	45
PID 1064 wrote to memory of 1648	1064	Unicorn-50341.exe	46
PID 1064 wrote to memory of 1648	1064	Unicorn-50341.exe	46
PID 1064 wrote to memory of 1648	1064	Unicorn-50341.exe	46
PID 1064 wrote to memory of 1648	1064	Unicorn-50341.exe	46

C:\Users\Admin\AppData\Local\Temp\2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2ae8c1deff1fcd29ed95a10f60bce2fb_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 244
        9⤵
        Program crash
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
        8⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25809.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 224
        10⤵
        Program crash
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58875.exe
        9⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29727.exe
        10⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62799.exe
        11⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-111.exe
        12⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
        13⤵
        Program crash
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        12⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7755.exe
        13⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21438.exe
        14⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50919.exe
        15⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
        16⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
        17⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 224
        18⤵
        Program crash
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39192.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18575.exe
        10⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59986.exe
        11⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57952.exe
        12⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 224
        13⤵
        Program crash
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12814.exe
        11⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29011.exe
        12⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
        13⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
        14⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62654.exe
        15⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28695.exe
        16⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        17⤵
        Program crash
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
        15⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
        16⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        17⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36451.exe
        18⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
        19⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        20⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3628.exe
        21⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12533.exe
        22⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31143.exe
        23⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
        14⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        15⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
        16⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26602.exe
        18⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7551.exe
        19⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        20⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        12⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60277.exe
        13⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
        14⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58661.exe
        15⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
        17⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4899.exe
        18⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29840.exe
        19⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29062.exe
        20⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42360.exe
        21⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30819.exe
        14⤵
        
        PID:3432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 220
        15⤵
        Program crash
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5321.exe
        13⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16150.exe
        14⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        15⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38859.exe
        16⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        17⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48527.exe
        18⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
        19⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 368
        19⤵
        Program crash
        
        PID:2908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 376
        18⤵
        Program crash
        
        PID:3604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 376
        17⤵
        Program crash
        
        PID:3244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 376
        16⤵
        Program crash
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63867.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51631.exe
        9⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
        10⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12835.exe
        11⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41092.exe
        12⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 220
        13⤵
        Program crash
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        9⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 244
        10⤵
        Program crash
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54770.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58294.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32477.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        10⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 244
        11⤵
        Program crash
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21931.exe
        8⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25072.exe
        9⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
        10⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
        11⤵
        Program crash
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10800.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55144.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
        9⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 224
        10⤵
        Program crash
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33431.exe
        9⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49649.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34595.exe
        11⤵
        
        PID:880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 224
        12⤵
        Program crash
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
        10⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        11⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50402.exe
        12⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        13⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 224
        14⤵
        Program crash
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        12⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38490.exe
        13⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7291.exe
        14⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 220
        15⤵
        Program crash
        
        PID:3004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49913.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47687.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43676.exe
        10⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62420.exe
        11⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32348.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 244
        14⤵
        Program crash
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        13⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        14⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30836.exe
        15⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56326.exe
        16⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25704.exe
        17⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1952.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
        20⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
        21⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 376
        20⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 376
        19⤵
        Program crash
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30639.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9311.exe
        9⤵
        
        PID:832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 224
        10⤵
        Program crash
        
        PID:3040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        7⤵
        Program crash
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63104.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 224
        7⤵
        Program crash
        
        PID:900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22194.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
        9⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38995.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16022.exe
        11⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        12⤵
        Program crash
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42554.exe
        11⤵
        
        PID:572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
        12⤵
        Program crash
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
        8⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 224
        9⤵
        Program crash
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27703.exe
        9⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34771.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9322.exe
        11⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 224
        12⤵
        Program crash
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59212.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
        9⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
        10⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        11⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe
        12⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37766.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36536.exe
        14⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
        16⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
        17⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55989.exe
        18⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42793.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
        14⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
        15⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37951.exe
        16⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20904.exe
        17⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44687.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44484.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
        13⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
        15⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32191.exe
        16⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
        17⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14308.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31735.exe
        7⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        8⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10977.exe
        9⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56333.exe
        11⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1393.exe
        12⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
        13⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62029.exe
        14⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52045.exe
        16⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48776.exe
        17⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        18⤵
        Program crash
        
        PID:2228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 248
        12⤵
        Program crash
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe
        6⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15580.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39431.exe
        9⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        10⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65399.exe
        11⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        12⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
        13⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21625.exe
        15⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25123.exe
        16⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62123.exe
        17⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        18⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39119.exe
        19⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31854.exe
        12⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16202.exe
        13⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
        14⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
        15⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 240
        17⤵
        Program crash
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
        16⤵
        
        PID:3964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44179.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21756.exe
        10⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27698.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        12⤵
        Program crash
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36612.exe
        10⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30127.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 244
        12⤵
        Program crash
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41967.exe
        8⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59088.exe
        9⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59467.exe
        10⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47916.exe
        11⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62083.exe
        12⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60023.exe
        13⤵
        
        PID:2288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
        14⤵
        Program crash
        
        PID:3204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
        13⤵
        Program crash
        
        PID:3396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 248
        7⤵
        Program crash
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        7⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16074.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7324.exe
        12⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
        13⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
        14⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31007.exe
        15⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
        16⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7696.exe
        17⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        19⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 216
        19⤵
        Program crash
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        13⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55184.exe
        14⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36041.exe
        15⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
        16⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63789.exe
        18⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19052.exe
        19⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        7⤵
        
        PID:1508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 200
        8⤵
        Program crash
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54962.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30666.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50505.exe
        8⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        9⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
        10⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
        11⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
        12⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        13⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46601.exe
        14⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9875.exe
        15⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
        16⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39980.exe
        17⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
        18⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        19⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
        13⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44733.exe
        14⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
        15⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60592.exe
        16⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        17⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 248
        6⤵
        Program crash
        
        PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21351.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21901.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-541.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 224
        8⤵
        Program crash
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26726.exe
        7⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31782.exe
        9⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
        10⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9929.exe
        11⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
        12⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44263.exe
        13⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        14⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        15⤵
        Program crash
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        12⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
        14⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58760.exe
        15⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20871.exe
        18⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 376
        17⤵
        Program crash
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18004.exe
        7⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15643.exe
        8⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
        10⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
        11⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26645.exe
        12⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48923.exe
        13⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16609.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39035.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
        16⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        17⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-.exe
        18⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 244
        19⤵
        Program crash
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5075.exe
        15⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23094.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32217.exe
        17⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42217.exe
        18⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 224
        19⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
        13⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        14⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24557.exe
        15⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19399.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        17⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        18⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16997.exe
        19⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
        12⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
        13⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18039.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        15⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
        16⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2725.exe
        17⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
        18⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
        19⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
        15⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35014.exe
        16⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40795.exe
        17⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37949.exe
        18⤵
        
        PID:4244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32503.exe
        6⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
        7⤵
        Program crash
        
        PID:2336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61882.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19680.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7593.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
        9⤵
        
        PID:2356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 224
        10⤵
        Program crash
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe
        8⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60567.exe
        9⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23038.exe
        10⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41263.exe
        11⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14553.exe
        12⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
        13⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        15⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        16⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        17⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        18⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
        19⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29205.exe
        20⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28053.exe
        14⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12112.exe
        15⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48366.exe
        16⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
        17⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47064.exe
        18⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 224
        8⤵
        Program crash
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32830.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16743.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53489.exe
        10⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39234.exe
        11⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
        12⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        13⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 220
        14⤵
        Program crash
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 248
        13⤵
        Program crash
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15948.exe
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe
        9⤵
        
        PID:2884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 220
        10⤵
        Program crash
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4698.exe
        10⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65207.exe
        11⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58186.exe
        12⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        13⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61323.exe
        14⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25652.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49305.exe
        16⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        17⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52492.exe
        18⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22975.exe
        19⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43338.exe
        12⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13020.exe
        13⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21755.exe
        14⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1386.exe
        15⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
        16⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        17⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
        9⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
        11⤵
        
        PID:2036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 220
        12⤵
        Program crash
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33389.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60520.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1112.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        9⤵
        
        PID:2552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 244
        10⤵
        Program crash
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57806.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
        9⤵
        
        PID:776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 224
        10⤵
        Program crash
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48434.exe
        6⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59280.exe
        8⤵
        
        PID:2376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
        9⤵
        Program crash
        
        PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
        6⤵
        Program crash
        
        PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8901.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        7⤵
        Program crash
        
        PID:2152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 248
        6⤵
        Program crash
        
        PID:604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10055.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12964.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 224
        7⤵
        Program crash
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
        8⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11159.exe
        10⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        11⤵
        Program crash
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        10⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 224
        11⤵
        Program crash
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59980.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27459.exe
        6⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 224
        7⤵
        Program crash
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46052.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38284.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19011.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
        9⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
        10⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
        11⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
        12⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe
        13⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25652.exe
        14⤵
        
        PID:3160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        14⤵
        Program crash
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
        11⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
        12⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        13⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 244
        14⤵
        Program crash
        
        PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27250.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 244
        6⤵
        Program crash
        
        PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24313.exe
        5⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49986.exe
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33645.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15056.exe
        8⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        9⤵
        Program crash
        
        PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe

Filesize
184KB

MD5
14b36f4980947b9dca9be05589feb7c9

SHA1
f0288ff03e110224d4867d388eb490e16539f365

SHA256
6c6fc22cd8d8cfb769e1ac415b58f3f928a8f0c72c7a1dbc11b4e72b6f3fa344

SHA512
405c9c0730fc10cff179a70d2ba6ba4d573b6bd9407ae296b9c67f9905dc7897e494a5f72552553e999638a03466c7acd4cdb92ff78721eaf693297f1b65bba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe

Filesize
184KB

MD5
cd04d7b4ad3c6e347a84c7fa9e8e30c0

SHA1
6bcd9362826d19f8571dccc934d57694ad81a9c1

SHA256
30c2fdacc233da0008cb556fd3bbc9058fd4364dff66d238ec596db42647157e

SHA512
92edde071f506149ecb167c6ccebcfd7eb457f2e58401d476e7d436420e1f0a2895f742581d827ca08a76877c42cc83f72c59cd343a1c3668f50a36df8b5dcc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe

Filesize
184KB

MD5
9c3875437758bd55ba2de685beb92472

SHA1
f55428f000ce47f5cad48d6eac91bd546136d6e3

SHA256
b043d4d19b0a9b08f126b2a52a8b69bfd0bc5c80478f0652a1405fdfe676cfa9

SHA512
49d522660e993d9628cb7335cb708ec2f6fc24bafcb8b6bb778c6bfa95f819694d42dced7d42bd93b709d4ea43ca3d65b7972d5804cfaec3c1ff61c43c0903b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe

Filesize
184KB

MD5
0cab05d28b78491979b4f1c8c5a7dbd6

SHA1
e4fcb12501addff3f9b7b58583bf57ff95527e58

SHA256
2e77a17b77bddacf446a3cf07176f741b98ed4a41916bddb1f4c425d060a4a63

SHA512
1248cb0c5380605d02a49e5cde9e84403e9c060dbf96314f92c59cc98acc7b1a2f097366c75e9c292e5a694388b6a24dc0bd7533da3c643ccbd14edcf43cf4cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe

Filesize
184KB

MD5
dba292b15f5bbf3175b334b56f337762

SHA1
f16a4363b4fac67c78164700a5355f21e66c6eca

SHA256
f9d707f0a6212258b9b20972a216fa37dfcc78a1588099638d92bf994001c5ad

SHA512
4f9afd8d70697f4c4455121430d907d5f5486f0b1d9a36afc3d87fb4ee3e911632725a41ba2551b2b3e6f3f36247634a8f19df0ec4c921ffb9324df563fd8133

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe

Filesize
184KB

MD5
c6ef5e7e01f4eae305745d41d864a7ba

SHA1
7b0a252c6195557283d3ba724222c50ea423ff8a

SHA256
5ab555ed32eae5cf646aa73ea632655157c8fed1622864d999c7d0c3baed2824

SHA512
326ff386c187af22fd36b6335dd64a03e5e7b2997f61f4f1b7c5d8e7d57278bf859346bdaa136422b96be7a3ae2b5048bd3de592ca6676a330820637b09774bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe

Filesize
184KB

MD5
926c319c04ad0585c5a28287317859bd

SHA1
8242ddae444d7d50b93992661c31dbe02cbce0ef

SHA256
3248acbd5e2551f2d42ab56c9718069394e4178f423ad0eb458119eec7cf965d

SHA512
609b8bad70e615963a94ef9fe717341a2cab2b4dd369078d152225c74b3d0301b5b7a000ea9735fc1b60b0304b27d399e180058ef817a3209149c1aea54a8801

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe

Filesize
184KB

MD5
6132b01821fa8ff093d2c2c57264127e

SHA1
c0848b36c13bdd2a4b9a007dce83496df4adef4c

SHA256
050488cad9bd503e69898971cbb3a30b0f73073381e53355481dc6246200840f

SHA512
cd3ed3aae8af3c0c078d2b986af704b4c787d893c16a74217a704f40e8877ac72ae4da1cf5e40eb503ddb27f660bf85113049b997c78a5d13e85c0e4a4865a58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6310.exe

Filesize
184KB

MD5
e0a329e8462eb0d208a3527d0b9165e8

SHA1
88ad869561d81b453decdc27a245af8b2b44d474

SHA256
fe0958a14ffd9464ef3eb970cd050087bacc74ac3e6e3a691e91058af6319c8d

SHA512
69861eda693e9d7160bf29e26b1fc26fac65da67ddc0349387eed978fd4ad27ace91646dd0adf68e84343cc166386f9c781457d2ef1e0387fb4999f9bdad00d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe

Filesize
184KB

MD5
a1630ab732a55d70cb48645cc2f4be84

SHA1
6829856d0b35f456e475fdad67ca05687a7945e9

SHA256
ac07a5107214c6f18d093ab62b3cc245e5c7030ef57b65a20ceed455440fece8

SHA512
eb2a1cf8afb3c3f91e8f422f1e5d4b8503b4fb02b25ad2c16801ff31913995b713fc251de2f34c067804d39bd1bdd7f51e8ffd3d7f2a089c553389a26efcf128

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe

Filesize
184KB

MD5
01e15cd5b83e6983e17f16a0a7706a50

SHA1
8c425611ecfebddfc7e200cf788f753b45199035

SHA256
214a233cc4837ed8951a132c1a1a82624bdc328a5468f469f6257844c97b2d6f

SHA512
b40a33ab4b756b19fb1ec008443077de5bba50736172ccff93a5b11fc0964edf91e7a927d66e15d5583a5ed51b04946bc396d9541534a4113271293032f46da6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe

Filesize
184KB

MD5
bb5a53cea1fca0682027569b16106cde

SHA1
0c74a1099cd149de7de93e1946e6b4df7fdd0412

SHA256
5ac47539676f8326cfae2ff9c650149f0082986b3851a1c4d3ffd65610f6db67

SHA512
eed9c724d047b833d01ff9b5522011ad9de084c66eab617774857f2170b04b488259647d8e155884342ed2da432ba718bc614a57c7789e2ec538d27fbc6b5dc0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10055.exe

Filesize
184KB

MD5
7de8fb1b97b5a48c4e9258cd2b9e199c

SHA1
52651b76e7322ee01395e678125f2503c6751bb5

SHA256
332d37eed3e653785915a2ce52e33ec94b62c5545d29876eba2f5ff83ce44437

SHA512
bd5faad77b10596daf0c41f7f123a3cfd355f068eb896b21c9903224e3463a3cc78dc5e5ca8efb15149736d0a085d4571d3931f62d9601e2ca49531e4bacbfeb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe

Filesize
184KB

MD5
8e3bebe3e4eb50a876dfa2be7d21d1b9

SHA1
1b591c0ab81a90aa710f92a3249166fa5a676ab6

SHA256
74d2b89674ad787bac67f0b35888f790e3648885cd11e6fe97b10621c2206ed9

SHA512
a8f15b4f917cc5f7c6381b90de17c888ea59fb80995fabec16c7ee7ded3a80b17832330d65e45b1128e90d5373c09587d8d3f000f2f45651e7402b3450b99e06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe

Filesize
184KB

MD5
4e51ced532289edc790f47f44e105d46

SHA1
b0d05032e715da773474c4cf5933a8f8e5e1c54e

SHA256
4ff18c130b9bf94db6debfdd33704b0dc8748e678a3941b3a34c3794a7cf5129

SHA512
faae0014d3de2a3504225e43e516071881f5da649fa7ada19e04a4ad115afb4dc66de3204b1c0e3af94b7608faebe9d20da9816de86634f4d5c82999dec2680b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe

Filesize
184KB

MD5
43aa1edb3d6bfc754435276c1fab6dbf

SHA1
7b901a8e81de7cfb44113693898fdbb978d4f532

SHA256
58b9bdf61b0321143f7706bcb222e0de3daedde3edab0b699c7ecfec4af1dc13

SHA512
aa1bf7688698826509c0cbb7adcb22706547075607ba2948a767a1c86e18590aa6fcc46a899a7eb5549b73f4178f528f58d9e679148e4d08faee263d3cf4c2c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe

Filesize
184KB

MD5
30e84597dbfc7db7d8268c6dde5d00c5

SHA1
e34328166081acf85e90cdf439fab8ea50d574b8

SHA256
37b61f90399055ff33e294269eb564a251ddca5a5e2c244005f764f646a9dd4d

SHA512
ff502709ce5d4665d4a1dde49a6aa38e5199aa4fcde4d69cc75598cb7366d5bb0bc8338e259bf58af35060c537c15af53331bf4915d1c38428f14267cdc2a6b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe

Filesize
184KB

MD5
0bea0ca111e92c21c23e8cdf3f37e012

SHA1
838735407798479c8c3343a961c124d33c0ad724

SHA256
80c5e635dc501b1cf77baf6ccaffeec3aef4e9803c154605fdc546fd5ae06947

SHA512
5b3adbedebf9eabba20449d245a3cd779cd3e28d0fe693be43d6e4aad59cc941ca43c5749298cdded355c20021036452570cada701019486a7e78d5e76551363

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe

Filesize
184KB

MD5
682784ce74ade57524256a4de697f1ee

SHA1
f222dc0f8458800d2dcdd16c511994ea874b989e

SHA256
518d3189c98296c1422e674de472f6dca95036f318952419d2cc114c9fedba0a

SHA512
6bed42342b5d82ffcc735fa739396b21fe5aa0d0357b46f14cc55088c6cdee4b03042cefa34dc8bfd1045511db2056a6cf52cae6a48de8004a314160654bcd1e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37923.exe

Filesize
184KB

MD5
7b19f18f6f2a4d6e9d1073117c265e69

SHA1
9c0b4d02c102ac2458f865c626c117db12435e98

SHA256
0b45653f244a177309abc4ecfd8f8599aca182d3408c22bacf8d072c56a430ac

SHA512
60f5eaa59e511e767b76f582c978f65972a970ba9d2ab628833ef85bf351f57d6e8a3e4289f62d9370141e5517176ecf8b93afbc03a5d312f547d37b217884bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe

Filesize
184KB

MD5
7b6beeb13763f852bb9fc7ac8e1eabc1

SHA1
3f30d3bffd1a3764cb51febb2c93f2aec1138fe9

SHA256
ef09dc6f709bdb636099dce8e40a2152527d5fd9288fb611ae3eaafdc221c745

SHA512
cab622a689f5f8f716e1e7c0957e2d2ec1cd6c628ee8cf4e6983a0f778cd575bb3c00efa6ce7fe876f9f77ba1cf8e6c46303e9d2ea0ebb6d2ee7dc192122709d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe

Filesize
184KB

MD5
0b5dfae46f20ed80a0a07110a68db720

SHA1
0fcf11c7e46e19e97a81a0d412fa13cea435ecbd

SHA256
aff0610e66127548fc2ec50108609cde970adf46bde064d5ac50859bbdbd8376

SHA512
338a56fe5229c9848b12d52a63c07ce60ab6009513623bc1bcde2f33ece7e005fcd4479a093520dbb91ac92e18134aa17ed7075a9147e7320f316a5ec1ae15ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50341.exe

Filesize
184KB

MD5
af849c5e4e9004b9ac6e5a84b3fbfc4a

SHA1
4387625f13782a5d872fb326a689e1a555158541

SHA256
aa7341044185af55114576a7d8357a4e1d01d84866a201fae2a60aa28e62dc69

SHA512
ba19eb4fb85839b7dcc3ea1a1c2c3d9a1ce16568ff6c1fcc2f656bf9ae81de14cac5648f11be92b235a390925c4d5879ad76a53111a127153a1f9499baa96688

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57990.exe

Filesize
184KB

MD5
d5cf326613a039c4e080196b826ff5e5

SHA1
e3f617012ad3c45d021e1df0064e082025b145ff

SHA256
736542705ac6d06f25a52d3f829bf95f203cb7554a43c61c2fabb383727e1be3

SHA512
d6e6803dc05b84bf20a5dc809b75900d68734a26d0eade4d658872524c5c884d464df207c382c765524547eb742455652fb25503d8de2d4f7d13918b848a5804

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe

Filesize
184KB

MD5
f4bd3ef72396f9613810232b2352c46d

SHA1
128fd7190101aa6a10be37eeae5420db01b5f431

SHA256
fe62d96b4b27501408b033ca5d9fab77e118482110ba43a07bef0c0f93567d07

SHA512
df1915f169a0959d6a3fb1c0f273e991ed1a6d8e7f04b2defeafba9dd6515144315d559f660e54c1ff62e68108a5ffd81314253b5ae18074735bf14f05e7f6a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61882.exe

Filesize
184KB

MD5
723cf4976aa4792c8286f8a3ae73d14c

SHA1
114f7adfb1181b6690738ab7ceeacdda83768115

SHA256
abacedc8a0574adc68b80a034dfae59e47475ff28a5d9694e979052d3b6eb2fc

SHA512
a6efed8eed6051d7e648141f797ad07c74394eead93c4c4a2404a28ccb6a89d958d8013d1a6f3347824c1692fdabb625cea4b96f81e5e09938d20a93e8180556

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62074.exe

Filesize
184KB

MD5
d576c01ca1b77a6e2c4f8abab2055098

SHA1
8f449bf3e8790632b38c5fc1316e54c5cf1ba755

SHA256
9e22dedcf55366207950a72fa6fc7380140025bfead526a0c319cb6c9135fa4f

SHA512
646e63897a030a598f8d82ca66ab351ee888ce312e064fcfbf9e6b5d7a04b09c14c1a272c72686871ba43cd1dac712de87344262bd7780a527e6a24b65cecb48

Download Submit