eceb71e93a9e233cf492eba97d2765ccb037508bb08b0e0f669069d6e0f4b649

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe
Size

184KB
MD5

3e7cc7617b7397edcb708baad54fb6e1
SHA1

e64277627909c58e2ca184e758463d9bf26ecfc8
SHA256

eceb71e93a9e233cf492eba97d2765ccb037508bb08b0e0f669069d6e0f4b649
SHA512

6a65e6c4c1690dfb5702f0230f504fe9f74bc939a9443db2c2fa3ba4954169aec7e752a52d30274411af2ce8e2610add0d07c110979c9534e2799665572b7391
SSDEEP

3072:xCRrom8xcIAEAmj4Mhm4c8AM5XYMgxXldk7xKDP7VylPvpFo:xChoKpEAHMw4c8Y1BlylPvpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2436	Unicorn-33099.exe
1804	Unicorn-33348.exe
1444	Unicorn-5314.exe
3000	Unicorn-60670.exe
2796	Unicorn-39735.exe
848	Unicorn-3301.exe
2356	Unicorn-13218.exe
2572	Unicorn-29555.exe
1864	Unicorn-34193.exe
2900	Unicorn-45891.exe
2740	Unicorn-11609.exe
1532	Unicorn-2715.exe
1768	Unicorn-34101.exe
1660	Unicorn-28948.exe
2000	Unicorn-41946.exe
600	Unicorn-50307.exe
940	Unicorn-1298.exe
2336	Unicorn-29524.exe
1232	Unicorn-36967.exe
2040	Unicorn-56833.exe
376	Unicorn-36967.exe
1568	Unicorn-56833.exe
1784	Unicorn-7632.exe
1756	Unicorn-36967.exe
2144	Unicorn-53408.exe
2428	Unicorn-53875.exe
1812	Unicorn-1379.exe
1448	Unicorn-64539.exe
2424	Unicorn-18868.exe
2276	Unicorn-18868.exe
2808	Unicorn-18868.exe
1916	Unicorn-22629.exe
2648	Unicorn-18868.exe
2192	Unicorn-42495.exe
2824	Unicorn-18868.exe
2964	Unicorn-18868.exe
2084	Unicorn-9791.exe
3048	Unicorn-28182.exe
1696	Unicorn-48048.exe
2164	Unicorn-19246.exe
2896	Unicorn-47280.exe
1084	Unicorn-54379.exe
948	Unicorn-38043.exe
2876	Unicorn-22968.exe
808	Unicorn-52298.exe
1708	Unicorn-52298.exe
1780	Unicorn-52298.exe
852	Unicorn-52298.exe
832	Unicorn-52298.exe
2332	Unicorn-34051.exe
2508	Unicorn-37005.exe
848	Unicorn-9205.exe
2980	Unicorn-27165.exe
392	Unicorn-27165.exe
1276	Unicorn-38863.exe
3008	Unicorn-55069.exe
2820	Unicorn-55775.exe
2984	Unicorn-64135.exe
2688	Unicorn-6766.exe
2704	Unicorn-34286.exe
2956	Unicorn-24700.exe
664	Unicorn-3533.exe
580	Unicorn-53118.exe
2892	Unicorn-19294.exe

Loads dropped DLL 64 IoCs

pid	Process
2036	3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe
2036	3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe
2436	Unicorn-33099.exe
2036	3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe
2436	Unicorn-33099.exe
2036	3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe
1804	Unicorn-33348.exe
1804	Unicorn-33348.exe
2436	Unicorn-33099.exe
2436	Unicorn-33099.exe
1444	Unicorn-5314.exe
1444	Unicorn-5314.exe
2796	Unicorn-39735.exe
2796	Unicorn-39735.exe
848	Unicorn-3301.exe
848	Unicorn-3301.exe
1444	Unicorn-5314.exe
3000	Unicorn-60670.exe
3000	Unicorn-60670.exe
1444	Unicorn-5314.exe
1804	Unicorn-33348.exe
1804	Unicorn-33348.exe
2356	Unicorn-13218.exe
2356	Unicorn-13218.exe
2572	Unicorn-29555.exe
2572	Unicorn-29555.exe
2900	Unicorn-45891.exe
2900	Unicorn-45891.exe
3000	Unicorn-60670.exe
3000	Unicorn-60670.exe
848	Unicorn-3301.exe
848	Unicorn-3301.exe
2796	Unicorn-39735.exe
2796	Unicorn-39735.exe
2740	Unicorn-11609.exe
2740	Unicorn-11609.exe
328	WerFault.exe
328	WerFault.exe
328	WerFault.exe
328	WerFault.exe
328	WerFault.exe
328	WerFault.exe
328	WerFault.exe
2900	Unicorn-45891.exe
2572	Unicorn-29555.exe
2356	Unicorn-13218.exe
1660	Unicorn-28948.exe
2900	Unicorn-45891.exe
2572	Unicorn-29555.exe
1532	Unicorn-2715.exe
2356	Unicorn-13218.exe
1660	Unicorn-28948.exe
2000	Unicorn-41946.exe
1532	Unicorn-2715.exe
2000	Unicorn-41946.exe
3024	WerFault.exe
3024	WerFault.exe
3024	WerFault.exe
3024	WerFault.exe
2336	Unicorn-29524.exe
2336	Unicorn-29524.exe
3024	WerFault.exe
600	Unicorn-50307.exe
600	Unicorn-50307.exe

Program crash 51 IoCs

pid	pid_target	Process	procid_target
328	1864	WerFault.exe	39
3024	1768	WerFault.exe	43
2676	940	WerFault.exe	47
1332	1708	WerFault.exe	78
1864	2896	WerFault.exe	74
1752	2980	WerFault.exe	88
804	3008	WerFault.exe	90
3024	2660	WerFault.exe	107
2084	2116	WerFault.exe	136
1940	2532	WerFault.exe	170
1456	2548	WerFault.exe	154
2844	372	WerFault.exe	156
688	2880	WerFault.exe	172
2160	2812	WerFault.exe	191
2068	1368	WerFault.exe	232
1092	1624	WerFault.exe	257
2804	2224	WerFault.exe	251
2348	316	WerFault.exe	263
1956	3016	WerFault.exe	238
2516	1380	WerFault.exe	258
2064	1672	WerFault.exe	267
2960	1252	WerFault.exe	270
1924	2772	WerFault.exe	237
1108	1632	WerFault.exe	279
1580	1692	WerFault.exe	275
1584	2144	WerFault.exe	285
1512	2328	WerFault.exe	291
1028	2848	WerFault.exe	272
1616	2020	WerFault.exe	316
1836	940	WerFault.exe	332
852	1620	WerFault.exe	334
2364	1680	WerFault.exe	356
768	2484	WerFault.exe	321
1792	2732	WerFault.exe	346
2528	1804	WerFault.exe	364
3816	2940	WerFault.exe	365
3920	2260	WerFault.exe	345
1164	752	WerFault.exe	363
3760	3456	WerFault.exe	406
3872	1268	WerFault.exe	381
3928	2840	WerFault.exe	393
4092	3208	WerFault.exe	401
2704	2520	WerFault.exe	383
3464	3644	WerFault.exe	410
3600	1556	WerFault.exe	394
3788	3368	WerFault.exe	404
3596	3388	WerFault.exe	424
3768	3416	WerFault.exe	405
3272	4080	WerFault.exe	439
2708	4048	WerFault.exe	471
2416	3124	WerFault.exe	420

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27165.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4304.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25888.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62255.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15982.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-59811.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60216.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29524.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63156.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44615.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35157.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57651.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60752.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34035.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17040.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42409.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-2389.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42190.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20266.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-55069.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9690.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36683.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60670.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39183.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19514.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15092.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14226.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42122.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-42495.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9401.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19172.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7764.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56833.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-19294.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35981.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62587.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57206.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6402.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4766.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40535.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36967.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7632.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61517.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58760.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61768.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52883.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22547.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24724.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4460.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28581.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43880.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23837.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17506.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-18646.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-46161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-41946.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9791.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2036	3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe
2436	Unicorn-33099.exe
1804	Unicorn-33348.exe
1444	Unicorn-5314.exe
3000	Unicorn-60670.exe
848	Unicorn-3301.exe
2796	Unicorn-39735.exe
2356	Unicorn-13218.exe
2572	Unicorn-29555.exe
2900	Unicorn-45891.exe
2740	Unicorn-11609.exe
1864	Unicorn-34193.exe
1532	Unicorn-2715.exe
1768	Unicorn-34101.exe
1660	Unicorn-28948.exe
2000	Unicorn-41946.exe
600	Unicorn-50307.exe
940	Unicorn-1298.exe
2336	Unicorn-29524.exe
1784	Unicorn-7632.exe
2040	Unicorn-56833.exe
1232	Unicorn-36967.exe
376	Unicorn-36967.exe
1756	Unicorn-36967.exe
1568	Unicorn-56833.exe
2144	Unicorn-53408.exe
2428	Unicorn-53875.exe
1448	Unicorn-64539.exe
1812	Unicorn-1379.exe
2424	Unicorn-18868.exe
2808	Unicorn-18868.exe
2276	Unicorn-18868.exe
2192	Unicorn-42495.exe
2648	Unicorn-18868.exe
2824	Unicorn-18868.exe
2964	Unicorn-18868.exe
1916	Unicorn-22629.exe
2084	Unicorn-9791.exe
1696	Unicorn-48048.exe
3048	Unicorn-28182.exe
948	Unicorn-38043.exe
2896	Unicorn-47280.exe
1084	Unicorn-54379.exe
2164	Unicorn-19246.exe
2876	Unicorn-22968.exe
808	Unicorn-52298.exe
1708	Unicorn-52298.exe
832	Unicorn-52298.exe
1780	Unicorn-52298.exe
852	Unicorn-52298.exe
2332	Unicorn-34051.exe
2508	Unicorn-37005.exe
848	Unicorn-9205.exe
2980	Unicorn-27165.exe
392	Unicorn-27165.exe
1276	Unicorn-38863.exe
3008	Unicorn-55069.exe
2820	Unicorn-55775.exe
2984	Unicorn-64135.exe
2688	Unicorn-6766.exe
2704	Unicorn-34286.exe
2956	Unicorn-24700.exe
664	Unicorn-3533.exe
580	Unicorn-53118.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2436	2036	3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe	30
PID 2036 wrote to memory of 2436	2036	3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe	30
PID 2036 wrote to memory of 2436	2036	3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe	30
PID 2036 wrote to memory of 2436	2036	3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe	30
PID 2436 wrote to memory of 1804	2436	Unicorn-33099.exe	31
PID 2436 wrote to memory of 1804	2436	Unicorn-33099.exe	31
PID 2436 wrote to memory of 1804	2436	Unicorn-33099.exe	31
PID 2436 wrote to memory of 1804	2436	Unicorn-33099.exe	31
PID 2036 wrote to memory of 1444	2036	3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe	32
PID 2036 wrote to memory of 1444	2036	3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe	32
PID 2036 wrote to memory of 1444	2036	3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe	32
PID 2036 wrote to memory of 1444	2036	3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe	32
PID 1804 wrote to memory of 3000	1804	Unicorn-33348.exe	34
PID 1804 wrote to memory of 3000	1804	Unicorn-33348.exe	34
PID 1804 wrote to memory of 3000	1804	Unicorn-33348.exe	34
PID 1804 wrote to memory of 3000	1804	Unicorn-33348.exe	34
PID 2436 wrote to memory of 2796	2436	Unicorn-33099.exe	35
PID 2436 wrote to memory of 2796	2436	Unicorn-33099.exe	35
PID 2436 wrote to memory of 2796	2436	Unicorn-33099.exe	35
PID 2436 wrote to memory of 2796	2436	Unicorn-33099.exe	35
PID 1444 wrote to memory of 848	1444	Unicorn-5314.exe	36
PID 1444 wrote to memory of 848	1444	Unicorn-5314.exe	36
PID 1444 wrote to memory of 848	1444	Unicorn-5314.exe	36
PID 1444 wrote to memory of 848	1444	Unicorn-5314.exe	36
PID 2796 wrote to memory of 2356	2796	Unicorn-39735.exe	37
PID 2796 wrote to memory of 2356	2796	Unicorn-39735.exe	37
PID 2796 wrote to memory of 2356	2796	Unicorn-39735.exe	37
PID 2796 wrote to memory of 2356	2796	Unicorn-39735.exe	37
PID 848 wrote to memory of 2572	848	Unicorn-3301.exe	38
PID 848 wrote to memory of 2572	848	Unicorn-3301.exe	38
PID 848 wrote to memory of 2572	848	Unicorn-3301.exe	38
PID 848 wrote to memory of 2572	848	Unicorn-3301.exe	38
PID 3000 wrote to memory of 2900	3000	Unicorn-60670.exe	40
PID 3000 wrote to memory of 2900	3000	Unicorn-60670.exe	40
PID 3000 wrote to memory of 2900	3000	Unicorn-60670.exe	40
PID 3000 wrote to memory of 2900	3000	Unicorn-60670.exe	40
PID 1444 wrote to memory of 1864	1444	Unicorn-5314.exe	39
PID 1444 wrote to memory of 1864	1444	Unicorn-5314.exe	39
PID 1444 wrote to memory of 1864	1444	Unicorn-5314.exe	39
PID 1444 wrote to memory of 1864	1444	Unicorn-5314.exe	39
PID 1804 wrote to memory of 2740	1804	Unicorn-33348.exe	41
PID 1804 wrote to memory of 2740	1804	Unicorn-33348.exe	41
PID 1804 wrote to memory of 2740	1804	Unicorn-33348.exe	41
PID 1804 wrote to memory of 2740	1804	Unicorn-33348.exe	41
PID 2356 wrote to memory of 1532	2356	Unicorn-13218.exe	42
PID 2356 wrote to memory of 1532	2356	Unicorn-13218.exe	42
PID 2356 wrote to memory of 1532	2356	Unicorn-13218.exe	42
PID 2356 wrote to memory of 1532	2356	Unicorn-13218.exe	42
PID 2572 wrote to memory of 1768	2572	Unicorn-29555.exe	43
PID 2572 wrote to memory of 1768	2572	Unicorn-29555.exe	43
PID 2572 wrote to memory of 1768	2572	Unicorn-29555.exe	43
PID 2572 wrote to memory of 1768	2572	Unicorn-29555.exe	43
PID 2900 wrote to memory of 1660	2900	Unicorn-45891.exe	44
PID 2900 wrote to memory of 1660	2900	Unicorn-45891.exe	44
PID 2900 wrote to memory of 1660	2900	Unicorn-45891.exe	44
PID 2900 wrote to memory of 1660	2900	Unicorn-45891.exe	44
PID 3000 wrote to memory of 600	3000	Unicorn-60670.exe	45
PID 3000 wrote to memory of 600	3000	Unicorn-60670.exe	45
PID 3000 wrote to memory of 600	3000	Unicorn-60670.exe	45
PID 3000 wrote to memory of 600	3000	Unicorn-60670.exe	45
PID 848 wrote to memory of 2000	848	Unicorn-3301.exe	46
PID 848 wrote to memory of 2000	848	Unicorn-3301.exe	46
PID 848 wrote to memory of 2000	848	Unicorn-3301.exe	46
PID 848 wrote to memory of 2000	848	Unicorn-3301.exe	46

C:\Users\Admin\AppData\Local\Temp\3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\3e7cc7617b7397edcb708baad54fb6e1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28948.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38043.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64135.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        11⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
        12⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        13⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7704.exe
        15⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18414.exe
        17⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        18⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
        19⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20644.exe
        20⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        21⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63851.exe
        22⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44664.exe
        23⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        12⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54279.exe
        13⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49111.exe
        14⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24724.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe
        16⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
        17⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
        18⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4167.exe
        19⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
        20⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34874.exe
        21⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
        22⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42616.exe
        19⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        20⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
        21⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28608.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3191.exe
        11⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
        12⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24233.exe
        13⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10278.exe
        14⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48159.exe
        15⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44615.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 220
        18⤵
        Program crash
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32596.exe
        17⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
        18⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
        19⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1464.exe
        20⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40523.exe
        21⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39730.exe
        10⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
        11⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30491.exe
        12⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60216.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64326.exe
        14⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
        15⤵
        Program crash
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12080.exe
        9⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35981.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
        11⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54056.exe
        12⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27181.exe
        13⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61143.exe
        14⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
        15⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50421.exe
        17⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20012.exe
        18⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
        19⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51031.exe
        18⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53875.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        9⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
        11⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        12⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37528.exe
        13⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        14⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32892.exe
        15⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
        16⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
        17⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
        18⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe
        19⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57489.exe
        20⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20266.exe
        21⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36252.exe
        10⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
        11⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        12⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
        13⤵
        
        PID:1380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
        14⤵
        Program crash
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53004.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40314.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8015.exe
        11⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12722.exe
        12⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
        13⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
        14⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        16⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
        17⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        18⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        19⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        20⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        21⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
        22⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
        21⤵
        Program crash
        
        PID:3768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 236
        20⤵
        Program crash
        
        PID:3872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 216
        19⤵
        Program crash
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe
        19⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        20⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63156.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:4048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 240
        22⤵
        Program crash
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34035.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
        20⤵
        Program crash
        
        PID:3596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        19⤵
        Program crash
        
        PID:2704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
        18⤵
        Program crash
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        17⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1754.exe
        18⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
        19⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
        20⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        21⤵
        
        PID:3608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 248
        15⤵
        Program crash
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15877.exe
        12⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        13⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
        14⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23547.exe
        15⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 220
        16⤵
        Program crash
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47280.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17040.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 240
        11⤵
        Program crash
        
        PID:2844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
        8⤵
        Program crash
        
        PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38863.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55069.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
        9⤵
        Program crash
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        9⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
        10⤵
        
        PID:2116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 220
        11⤵
        Program crash
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50285.exe
        9⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
        10⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62587.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51342.exe
        12⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56563.exe
        13⤵
        
        PID:1624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 220
        14⤵
        Program crash
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
        13⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62316.exe
        14⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25415.exe
        15⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58954.exe
        16⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1209.exe
        17⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8651.exe
        18⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 240
        19⤵
        Program crash
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        8⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        9⤵
        Program crash
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        8⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        9⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51077.exe
        10⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        11⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52378.exe
        12⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        14⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38923.exe
        15⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42190.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        17⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61376.exe
        18⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45240.exe
        19⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
        13⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31715.exe
        14⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26752.exe
        15⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61194.exe
        16⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        18⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-486.exe
        17⤵
        
        PID:3244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56833.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 220
        9⤵
        Program crash
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
        9⤵
        Program crash
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54379.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47514.exe
        9⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51183.exe
        10⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
        11⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
        12⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        13⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
        14⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 244
        15⤵
        Program crash
        
        PID:1108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 368
        14⤵
        Program crash
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6813.exe
        9⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7257.exe
        10⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        11⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21597.exe
        12⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
        13⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe
        14⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        16⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10135.exe
        17⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
        18⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        8⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
        9⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
        10⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49048.exe
        11⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
        12⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        13⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42394.exe
        14⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        15⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
        16⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        17⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
        18⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63275.exe
        19⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61768.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
        5⤵
        Program crash
        
        PID:2676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29555.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9791.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7441.exe
        10⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63134.exe
        11⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
        12⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
        13⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        14⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        15⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48767.exe
        17⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31661.exe
        19⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
        20⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39337.exe
        21⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65231.exe
        18⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 240
        19⤵
        Program crash
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 220
        12⤵
        Program crash
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26247.exe
        10⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe
        11⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60600.exe
        12⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22547.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63151.exe
        14⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2077.exe
        15⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17174.exe
        16⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        17⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55503.exe
        18⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37406.exe
        19⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        20⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20266.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2389.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34479.exe
        18⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 220
        19⤵
        Program crash
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
        14⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
        15⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        16⤵
        Program crash
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1101.exe
        13⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
        14⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        15⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39499.exe
        16⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
        17⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 220
        18⤵
        Program crash
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2568.exe
        9⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe
        10⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45545.exe
        11⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
        12⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
        13⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
        14⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        15⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        16⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
        17⤵
        Program crash
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44106.exe
        15⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
        16⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
        17⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
        19⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61376.exe
        20⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44664.exe
        21⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
        17⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44292.exe
        18⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 240
        19⤵
        Program crash
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        13⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        14⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
        15⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45041.exe
        16⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
        17⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
        18⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50333.exe
        19⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26491.exe
        20⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31211.exe
        11⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15982.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
        13⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15092.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        15⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15046.exe
        16⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-270.exe
        17⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63607.exe
        18⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
        19⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24700.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        9⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        10⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43880.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
        13⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65362.exe
        14⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
        15⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 220
        16⤵
        Program crash
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
        10⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        12⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
        13⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
        14⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        15⤵
        Program crash
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41924.exe
        9⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        10⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56116.exe
        11⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        12⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2217.exe
        13⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 220
        14⤵
        Program crash
        
        PID:2960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 376
        13⤵
        Program crash
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        8⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
        9⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60366.exe
        10⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        12⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
        14⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        15⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14854.exe
        16⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        17⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
        18⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        19⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        8⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57688.exe
        9⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
        10⤵
        Program crash
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46113.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
        9⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        10⤵
        Program crash
        
        PID:688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37005.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        9⤵
        Executes dropped EXE
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39673.exe
        11⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
        12⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
        13⤵
        Program crash
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        9⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
        10⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
        11⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62255.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
        13⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3177.exe
        14⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        15⤵
        Program crash
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
        9⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15085.exe
        10⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9551.exe
        12⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19215.exe
        14⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
        16⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32047.exe
        17⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        18⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        19⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7006.exe
        20⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7764.exe
        21⤵
        System Location Discovery: System Language Discovery
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14725.exe
        13⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        14⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20537.exe
        16⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32229.exe
        17⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
        19⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
        20⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
        19⤵
        Program crash
        
        PID:3788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 236
        18⤵
        Program crash
        
        PID:1164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
        17⤵
        Program crash
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23328.exe
        16⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39829.exe
        17⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58760.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61376.exe
        19⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
        19⤵
        Program crash
        
        PID:2416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
        18⤵
        Program crash
        
        PID:3600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
        17⤵
        Program crash
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 220
        16⤵
        Program crash
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
        10⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        11⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65374.exe
        12⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57440.exe
        13⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15092.exe
        14⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        15⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50869.exe
        16⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1209.exe
        17⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45434.exe
        18⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26535.exe
        19⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34223.exe
        9⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        10⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
        11⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
        13⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 224
        14⤵
        Program crash
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19294.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15609.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26679.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24373.exe
        11⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        12⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 220
        13⤵
        Program crash
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25204.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6681.exe
        9⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46101.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        12⤵
        
        PID:316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
        13⤵
        Program crash
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51961.exe
        7⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20758.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
        9⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        11⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23048.exe
        12⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36980.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64655.exe
        16⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42860.exe
        17⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50141.exe
        18⤵
        
        PID:3268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1864
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe

Filesize
184KB

MD5
59806b34b6e4428f689a084aa15f4d0e

SHA1
cc34d0e0243f43e86038aa5a1ac3e960db54bea1

SHA256
a160cd3e5d396c071c5b0c41bb4741ad13f79555aea57750ebae99f7ab75108a

SHA512
def798d02f901a88f28ee30325e0253217a95bcefcabc7f5fe6534bc7e75a42022309d11fe7d98a02fee1cdc4f8add5fa713c54bc250ae3ca30effd3480cd81f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13218.exe

Filesize
184KB

MD5
18c193d646067478feebdf48faa1b031

SHA1
2eedf56a92ed6ce3991e6224fcc66c0cf8616b93

SHA256
6ecad3363e01e96ee534d75f25ec4eeda47df5391e314e7b2e2a2f8d1785c807

SHA512
42537c5a2d3266a14f8d17712daaf3c747488e086aa8b8a3036d353b2b1644c25043d6dde7df35f7163edd86a9733c10f5a41f63683de046d36802a87315f34b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34101.exe

Filesize
184KB

MD5
e779cc34054a4983be1654d902bf947f

SHA1
f985a3132bc5dfb7e71e724857a985f8f9dfc2cc

SHA256
0a84d203313b30befa81a434f647276d58e76afa26e0e3e96aab2ccf80a36477

SHA512
a93bc3b8de20a8e91720bdcc249ceba77318de0f03a7a7e30a3468b2d06eee723e5b7a1188484099dc830ef428a9f9667b34cbd51f9ae854815b5a16362b3e87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45891.exe

Filesize
184KB

MD5
667edbc35e930cb012fd138a300341fa

SHA1
6f06966f9fafd3dd8baddd552d4d7bc844016ae1

SHA256
9112064557f79a4ee29c99123d3057175796b69e6ce4775e3c4e7d641f6c3a8c

SHA512
5da65b4eb9069cbbeaf6d13d200423963feff3147d37ed7141cae38375067f00f49ee1ef16d6554de8d27f17a7c0dff94dbf7dffd3033f692875efe5c4566c05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe

Filesize
184KB

MD5
3a5bab216ddf14e48910b39a582b5b5b

SHA1
972e766243f7232e07981f94ba0e2aac92eec8b2

SHA256
864a6dbe765c0ebb2e112be0d5750a791fc322c0c088e631b07fd834fa8539da

SHA512
f482fcb22eec5cacb24215bb2caa459001ca1d1d348d95e47494853673eda04f074e1a10cfe5ead5f4bd7776687159fb0bf57d60bde00afc7c5dad880f257307

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe

Filesize
184KB

MD5
6e540e8cd6c6b38faa89bb2fdfc07a35

SHA1
10c16d9e5e246ce4765b4bcc4b11f234da7b76d8

SHA256
bbfd8b82be5bf601f9193468c2a7832676e8cdaf71e1116769a6ccd71fe011cb

SHA512
3da15e12fc57cf7f1e2b13db75613cafbae83f566f62ccba49e45b1b15d5247cdbb2f31c5dfa96fc77576ad82cd6fbacc0d391ebb0b2e9bece88f01efa4111e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6287.exe

Filesize
184KB

MD5
3445249fda7aae1660a184dcc0c5b2c5

SHA1
7580361324d137a502bda4bb38c2e2b4318f2077

SHA256
4503c874499eadd0713ff8e668640d40e230e3e8abfbb0fbb588e603a8c0d247

SHA512
3bfde91151d23bf2a4c8e3e7546971efd87a2f2c7eca7a43b2d6bde754f0ffe57c8213d1b98205fb55033ccdded847d0bb722062b13ba1e5592a6b6f34490023

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6681.exe

Filesize
184KB

MD5
dd90f9bfbe5e674ee1c900d17daf315c

SHA1
40bbf7ee61d386494bb7f3b0fd8396d3c978733a

SHA256
11478912f310ef4f304e89489ea981b41b8381e8f4434c81c2b42b1059ed0bb5

SHA512
f5c20cac708852d25cdf06a0474ea039689874a846f378cd3834a6ede1e66bddbb399292322ea2dc900287806a130e72eb34002c377a93bc201b929b45ced2da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6808.exe

Filesize
184KB

MD5
fa1f3cb022d80beeedc522a20ca20039

SHA1
8b633e0934a1b452b00664b261a2a7fa058b55bb

SHA256
03f3d6c9145947d6ba35d02ffa081694c5695092e1ef04819e4ac27968780535

SHA512
69006b4914304780c829eb3286284cf17f0e9c3f27b9500e5ab92657c322de4016782b613c21c170dbce5bf8512276075da09f62c7d5a6106b4fbff20ae2681c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe

Filesize
184KB

MD5
3e9d49ac517ffd6d932c872a0167dc9e

SHA1
9091cdc4c0bd591dd7ae867b628238d8942f51b1

SHA256
5f5f17a487ba298b2834dbedeb46e6601f5bc630c7e8ad5280c9b35df7dcaf01

SHA512
2a015f57356ad9453675a70d6c68d84c4ede14af7e53536846861019d7f92a9c4f16a8905e34c59d8eb8deac762f741c952952490c7154b0c08061e59b31c66f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe

Filesize
184KB

MD5
3b75c5b56a31ef5449d55da82f84f21d

SHA1
98beee7fefe7300c840b19879ec79e39e7bbfdd1

SHA256
edc9832f8a5a0dc4f9462449f14544dbccf5f6637d06738f92880c4bb43838b8

SHA512
22515f7f3690a21f5868c00f692f5ea6c778c8fc734ed0e4a26b61d1dc4b4707006ffa0ad418b994bba611eb2d50bb40ce4b2e67264be0e2298a01accc1a11aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28948.exe

Filesize
184KB

MD5
e7407a20f38db15f6f8c88dcfa8a5bc0

SHA1
04e92b28324b54f8ade9f4fc31b6d91ed367c3c7

SHA256
a63bd655169c132abfa9425b58e0de6465e268a629f566b9fd34adb14d3bd0c6

SHA512
57ed7bb5fd3cf7e426123c2c3be015ad2efdb00343942024da9e5e71823ac97476ca2924276477e01699fee5e0d3300c1c3cca8bc1f7b24af6da8ee370d86e1e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe

Filesize
184KB

MD5
54152463439097ec3621dff48bb012de

SHA1
2008ee09c946bc7a05d541db2f0ead75c2356746

SHA256
ef1a00132912c67616b8c152528fed074e8d4301f32a31cc5b6751136b8fcbe1

SHA512
203c26898368fe7264a99204cd1defbb9fc05ebf78c80ec0b98cbf696cd5d2a9cc32ca52416f73e544b6626f28a2d1fa2cb65189f0d11d7a81fcce76b4727ce1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29555.exe

Filesize
184KB

MD5
cf3d6c4f715146446452e6e59701f76e

SHA1
1584030d23905d5cd28404d5835b24be1125c2bc

SHA256
57e71e1907398a335437aaaa7c16fdb0e2742c70c46fad8d53187078c6c46da4

SHA512
5b3e24e8f92c230c4344f121a1faebcdea2449a789147a6a8c9164a3b6c6f6e9af73a8beb80cfb5ab18f138d5c0a57b6d6c5f75a4114d2fb4d0fe894e4bea76c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe

Filesize
184KB

MD5
8668ba78e7c754c54c9c524ca14f2fc3

SHA1
15c5ca49b35736c01de0db96992437eecb4450e4

SHA256
6d29f5a2fec83223da4772ffadf6c07bff22cc9d1fc1b513912bee6d58236565

SHA512
a5f7f6c5e3144308eae503b340b9dcabe375a0e830930304ccb25e600d5d46e18371e0bc9baeff7691f90498ccddd79b48017152954cb332499e9b2b5b5ae6c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe

Filesize
184KB

MD5
ca06d324a7b2bde95d7541f284109756

SHA1
2e729177a81cf1344c12ad1d74ce86fe565e787c

SHA256
e97174943fa4ccd0c484afd562381e423f73816a196df4bda7b68ca8e600c434

SHA512
0ef792563cf5da09597f49e23567750b51eb55a2d3df562a1e4b2c5efcda3f23d5384c633539d6d4492f5139a71524c368edd40e66de9afb028b9bb1dadf2731

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33348.exe

Filesize
184KB

MD5
7c6e9e406dde7413554b73ea95b2f871

SHA1
2659298ba321dd90c74af295b3a44dd6eec57964

SHA256
729b12f4071f261d7f271da341ffe2839233e40444978bb4af140aff94d9556c

SHA512
94d27ca748b344f39128f1cd414f2763f8b36f30326b83f88e58c1e7d9852bfd38d4ca7603eba72d377fbff5cde8f48ec5c3187e28988dd0b542bb9e855caa23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34193.exe

Filesize
184KB

MD5
9afcfa63da6acfe09a149e636af6b046

SHA1
17b55d118f9f1572590ae21f9784a57c365f12f7

SHA256
d8001fa8947b7568217d348c661db84446d0f2e7fd17e41142c889bfa079d150

SHA512
f3b97f9b138285b64a6a3041f909e321ac309b38fc01e68473b4226dddb68f02b18de5eac7b9c3a86ae07b21199ae4cd47afe730575e06114be34938de173c8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe

Filesize
184KB

MD5
19a1d36e4c6ccfc425219c6304253a15

SHA1
9cb0160ee2c577c6d75083484a20803ee0009637

SHA256
0a0a781e0ebea62ef0261745ac226c665e70b0d35286b031c028cfbe3123ce42

SHA512
36f1203269046ea43030e7dab4c8ff5ec0fc7afd2de948fcaaf92c8663d5d8e199218e29b0c9afc81d53885cc08e75d721c7477a367082fbea6c79892f4e40dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41946.exe

Filesize
184KB

MD5
04ed3f70f679a7fef15ce69c8f868626

SHA1
900eade95124fb4abe6c06b57918047f2c88f541

SHA256
4ab389eab2715e194ffab75d649c004211dadd84d3f48f35c297166e64bd99fb

SHA512
a27cecc760462521788611b735494118905d768f3fbfe3cc3dad7850d0fa03b183009d4eab9ff1f84b623660bc691f3896fc4e8e78b8dc766386661a2892cc47

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5314.exe

Filesize
184KB

MD5
3dfd5a9b5450505b765dc9270ec91b4e

SHA1
4203ae56564e98d6188209ad01f955c548cd4580

SHA256
d20eaa39f00ee137b74b8e5ccfdabace4ebbe39d6ca1de5aae97fc72e2c5b6aa

SHA512
49c2df592ee85d291bf8824765bf5f4f21c98d539aa2a2e681812949672c9aadf5e8251a1c59bbd1358a9f07acba927f696c851d87eed429251bb0de511733e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe

Filesize
184KB

MD5
732f7ae3a8ecc26d2cecac7edc6ceb84

SHA1
0ff08a57929a6023a808588c14eabd0667c4436c

SHA256
68a021af2172298a31a59b5144765d3973500c4986f7874f8e9d3111e41834a6

SHA512
39400dcc7545bff4e4821eadec7949315663580db8cce0ed2cb103943ad3a392f09ba3dd3359759d93c93cdd643dd325174c3e8bfcceb4c39da68a82de80b359

Download Submit
memory/2244-1850-0x0000000002720000-0x000000000287C000-memory.dmp

Filesize
1.4MB

Download
memory/2244-1851-0x0000000002720000-0x0000000002830000-memory.dmp

Filesize
1.1MB

Download