05d216ab1b0be075357150957875bc4eff019cab8277ae2466ae8031a4db8c85

Analysis

max time kernel
148s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe
Size

184KB
MD5

42623c75f31e0e12a49c19e5fa087447
SHA1

f94244904dd493b640d7d47bcb87fb710b9b7a5d
SHA256

05d216ab1b0be075357150957875bc4eff019cab8277ae2466ae8031a4db8c85
SHA512

084cbd21837fbf55ca6c1634a2adf6b3dc145eeec1df744ce7af3daf9a6f6db8b3c0549ab882d16c97880fe7f49eac6b23fb81f308efefd0d4c360245ca84a85
SSDEEP

3072:huRromuxcOAEAmj8MhmrC8PMEXYMuxGldk7xKDCeVylPvpFv:huhowDEAzMYrC8IyBDylPvpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1084	Unicorn-62585.exe
2952	Unicorn-22944.exe
2784	Unicorn-11246.exe
2648	Unicorn-36239.exe
2128	Unicorn-24541.exe
2828	Unicorn-44407.exe
1712	Unicorn-12969.exe
600	Unicorn-28983.exe
2180	Unicorn-4801.exe
2480	Unicorn-49918.exe
2976	Unicorn-16731.exe
2876	Unicorn-54228.exe
2860	Unicorn-9858.exe
1504	Unicorn-13003.exe
1992	Unicorn-37700.exe
3040	Unicorn-18432.exe
2440	Unicorn-64103.exe
760	Unicorn-63548.exe
2448	Unicorn-51851.exe
1368	Unicorn-26875.exe
1228	Unicorn-27237.exe
1896	Unicorn-30767.exe
1804	Unicorn-30767.exe
1708	Unicorn-64186.exe
1584	Unicorn-11498.exe
2068	Unicorn-65530.exe
1348	Unicorn-7222.exe
1768	Unicorn-60507.exe
2408	Unicorn-31919.exe
2208	Unicorn-44534.exe
888	Unicorn-64399.exe
1616	Unicorn-28197.exe
2848	Unicorn-64674.exe
3036	Unicorn-24388.exe
2744	Unicorn-32002.exe
2944	Unicorn-53730.exe
2668	Unicorn-58561.exe
852	Unicorn-12889.exe
2716	Unicorn-16974.exe
2760	Unicorn-4721.exe
2864	Unicorn-5084.exe
1056	Unicorn-65468.exe
2552	Unicorn-53346.exe
1732	Unicorn-60637.exe
1664	Unicorn-3268.exe
2872	Unicorn-28519.exe
2940	Unicorn-56916.exe
1172	Unicorn-56361.exe
2524	Unicorn-20159.exe
2536	Unicorn-44109.exe
3048	Unicorn-8504.exe
2608	Unicorn-336.exe
2820	Unicorn-4783.exe
3032	Unicorn-57897.exe
2508	Unicorn-58727.exe
2648	Unicorn-13055.exe
1052	Unicorn-29392.exe
1924	Unicorn-61872.exe
932	Unicorn-49620.exe
2724	Unicorn-58151.exe
2556	Unicorn-45899.exe
2612	Unicorn-9142.exe
2920	Unicorn-15146.exe
2752	Unicorn-15146.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe
2380	42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe
1084	Unicorn-62585.exe
1084	Unicorn-62585.exe
2380	42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe
2380	42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe
2952	Unicorn-22944.exe
2952	Unicorn-22944.exe
1084	Unicorn-62585.exe
2784	Unicorn-11246.exe
1084	Unicorn-62585.exe
2784	Unicorn-11246.exe
2648	Unicorn-36239.exe
2648	Unicorn-36239.exe
2952	Unicorn-22944.exe
2952	Unicorn-22944.exe
2128	Unicorn-24541.exe
2128	Unicorn-24541.exe
2828	Unicorn-44407.exe
2828	Unicorn-44407.exe
2784	Unicorn-11246.exe
2784	Unicorn-11246.exe
1712	Unicorn-12969.exe
1712	Unicorn-12969.exe
2648	Unicorn-36239.exe
2648	Unicorn-36239.exe
600	Unicorn-28983.exe
600	Unicorn-28983.exe
2480	Unicorn-49918.exe
2480	Unicorn-49918.exe
2180	Unicorn-4801.exe
2180	Unicorn-4801.exe
2828	Unicorn-44407.exe
2828	Unicorn-44407.exe
2976	Unicorn-16731.exe
2976	Unicorn-16731.exe
2128	Unicorn-24541.exe
2128	Unicorn-24541.exe
2876	Unicorn-54228.exe
2876	Unicorn-54228.exe
1712	Unicorn-12969.exe
1712	Unicorn-12969.exe
1504	Unicorn-13003.exe
2860	Unicorn-9858.exe
2860	Unicorn-9858.exe
1504	Unicorn-13003.exe
600	Unicorn-28983.exe
600	Unicorn-28983.exe
1992	Unicorn-37700.exe
1992	Unicorn-37700.exe
2480	Unicorn-49918.exe
2480	Unicorn-49918.exe
2448	Unicorn-51851.exe
2448	Unicorn-51851.exe
2440	Unicorn-64103.exe
2440	Unicorn-64103.exe
3040	Unicorn-18432.exe
3040	Unicorn-18432.exe
760	Unicorn-63548.exe
2180	Unicorn-4801.exe
760	Unicorn-63548.exe
2180	Unicorn-4801.exe
2976	Unicorn-16731.exe
2976	Unicorn-16731.exe

Program crash 29 IoCs

pid	pid_target	Process	procid_target
1932	2944	WerFault.exe	64
2896	888	WerFault.exe	58
2160	2872	WerFault.exe	74
2792	1616	WerFault.exe	60
2800	3048	WerFault.exe	79
2776	2536	WerFault.exe	78
1320	2524	WerFault.exe	77
1044	1664	WerFault.exe	73
940	932	WerFault.exe	88
2260	1924	WerFault.exe	86
3056	2092	WerFault.exe	113
2192	1084	WerFault.exe	102
2576	2692	WerFault.exe	100
2628	1968	WerFault.exe	120
1640	2876	WerFault.exe	127
1600	620	WerFault.exe	175
2920	904	WerFault.exe	179
1052	1144	WerFault.exe	162
3064	1496	WerFault.exe	169
604	1508	WerFault.exe	213
1540	2144	WerFault.exe	214
1636	2480	WerFault.exe	201
596	1504	WerFault.exe	233
2316	1836	WerFault.exe	249
2492	1692	WerFault.exe	269
3172	2136	WerFault.exe	257
3328	2640	WerFault.exe	237
3824	2256	WerFault.exe	276
4180	3296	WerFault.exe	329

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-54940.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44534.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-62931.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10689.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64400.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-37529.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57840.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43087.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1229.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11498.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14348.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30545.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-17533.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26277.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64399.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44109.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30435.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61873.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33295.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34338.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5084.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35012.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52220.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31494.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45244.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12969.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65468.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39941.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-6590.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8697.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-57897.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-196.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-25298.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32240.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64103.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-65530.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13055.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-23316.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16731.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-7160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-51515.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9395.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34369.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-27161.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39652.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29678.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12889.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-58151.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16808.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-39470.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40830.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8121.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4801.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60637.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21223.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52039.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-336.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4405.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-127.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-5733.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2380	42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe
1084	Unicorn-62585.exe
2952	Unicorn-22944.exe
2784	Unicorn-11246.exe
2648	Unicorn-36239.exe
2128	Unicorn-24541.exe
2828	Unicorn-44407.exe
1712	Unicorn-12969.exe
600	Unicorn-28983.exe
2180	Unicorn-4801.exe
2976	Unicorn-16731.exe
2480	Unicorn-49918.exe
2876	Unicorn-54228.exe
2860	Unicorn-9858.exe
1504	Unicorn-13003.exe
1992	Unicorn-37700.exe
760	Unicorn-63548.exe
2440	Unicorn-64103.exe
2448	Unicorn-51851.exe
3040	Unicorn-18432.exe
1368	Unicorn-26875.exe
1228	Unicorn-27237.exe
1804	Unicorn-30767.exe
1896	Unicorn-30767.exe
1708	Unicorn-64186.exe
1584	Unicorn-11498.exe
2068	Unicorn-65530.exe
1348	Unicorn-7222.exe
1768	Unicorn-60507.exe
2408	Unicorn-31919.exe
2208	Unicorn-44534.exe
888	Unicorn-64399.exe
1616	Unicorn-28197.exe
2848	Unicorn-64674.exe
3036	Unicorn-24388.exe
2744	Unicorn-32002.exe
2944	Unicorn-53730.exe
2668	Unicorn-58561.exe
852	Unicorn-12889.exe
2716	Unicorn-16974.exe
2760	Unicorn-4721.exe
2864	Unicorn-5084.exe
1056	Unicorn-65468.exe
2552	Unicorn-53346.exe
1732	Unicorn-60637.exe
1664	Unicorn-3268.exe
2872	Unicorn-28519.exe
2940	Unicorn-56916.exe
1172	Unicorn-56361.exe
2524	Unicorn-20159.exe
2536	Unicorn-44109.exe
3048	Unicorn-8504.exe
2608	Unicorn-336.exe
2820	Unicorn-4783.exe
3032	Unicorn-57897.exe
2648	Unicorn-13055.exe
2508	Unicorn-58727.exe
1924	Unicorn-61872.exe
1052	Unicorn-29392.exe
932	Unicorn-49620.exe
2724	Unicorn-58151.exe
2556	Unicorn-45899.exe
2612	Unicorn-9142.exe
2920	Unicorn-15146.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1084	2380	42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe	29
PID 2380 wrote to memory of 1084	2380	42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe	29
PID 2380 wrote to memory of 1084	2380	42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe	29
PID 2380 wrote to memory of 1084	2380	42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe	29
PID 1084 wrote to memory of 2952	1084	Unicorn-62585.exe	30
PID 1084 wrote to memory of 2952	1084	Unicorn-62585.exe	30
PID 1084 wrote to memory of 2952	1084	Unicorn-62585.exe	30
PID 1084 wrote to memory of 2952	1084	Unicorn-62585.exe	30
PID 2380 wrote to memory of 2784	2380	42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe	31
PID 2380 wrote to memory of 2784	2380	42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe	31
PID 2380 wrote to memory of 2784	2380	42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe	31
PID 2380 wrote to memory of 2784	2380	42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe	31
PID 2952 wrote to memory of 2648	2952	Unicorn-22944.exe	32
PID 2952 wrote to memory of 2648	2952	Unicorn-22944.exe	32
PID 2952 wrote to memory of 2648	2952	Unicorn-22944.exe	32
PID 2952 wrote to memory of 2648	2952	Unicorn-22944.exe	32
PID 1084 wrote to memory of 2128	1084	Unicorn-62585.exe	34
PID 1084 wrote to memory of 2128	1084	Unicorn-62585.exe	34
PID 1084 wrote to memory of 2128	1084	Unicorn-62585.exe	34
PID 1084 wrote to memory of 2128	1084	Unicorn-62585.exe	34
PID 2784 wrote to memory of 2828	2784	Unicorn-11246.exe	33
PID 2784 wrote to memory of 2828	2784	Unicorn-11246.exe	33
PID 2784 wrote to memory of 2828	2784	Unicorn-11246.exe	33
PID 2784 wrote to memory of 2828	2784	Unicorn-11246.exe	33
PID 2648 wrote to memory of 1712	2648	Unicorn-36239.exe	35
PID 2648 wrote to memory of 1712	2648	Unicorn-36239.exe	35
PID 2648 wrote to memory of 1712	2648	Unicorn-36239.exe	35
PID 2648 wrote to memory of 1712	2648	Unicorn-36239.exe	35
PID 2952 wrote to memory of 600	2952	Unicorn-22944.exe	36
PID 2952 wrote to memory of 600	2952	Unicorn-22944.exe	36
PID 2952 wrote to memory of 600	2952	Unicorn-22944.exe	36
PID 2952 wrote to memory of 600	2952	Unicorn-22944.exe	36
PID 2128 wrote to memory of 2180	2128	Unicorn-24541.exe	37
PID 2128 wrote to memory of 2180	2128	Unicorn-24541.exe	37
PID 2128 wrote to memory of 2180	2128	Unicorn-24541.exe	37
PID 2128 wrote to memory of 2180	2128	Unicorn-24541.exe	37
PID 2828 wrote to memory of 2480	2828	Unicorn-44407.exe	38
PID 2828 wrote to memory of 2480	2828	Unicorn-44407.exe	38
PID 2828 wrote to memory of 2480	2828	Unicorn-44407.exe	38
PID 2828 wrote to memory of 2480	2828	Unicorn-44407.exe	38
PID 2784 wrote to memory of 2976	2784	Unicorn-11246.exe	39
PID 2784 wrote to memory of 2976	2784	Unicorn-11246.exe	39
PID 2784 wrote to memory of 2976	2784	Unicorn-11246.exe	39
PID 2784 wrote to memory of 2976	2784	Unicorn-11246.exe	39
PID 1712 wrote to memory of 2876	1712	Unicorn-12969.exe	40
PID 1712 wrote to memory of 2876	1712	Unicorn-12969.exe	40
PID 1712 wrote to memory of 2876	1712	Unicorn-12969.exe	40
PID 1712 wrote to memory of 2876	1712	Unicorn-12969.exe	40
PID 2648 wrote to memory of 2860	2648	Unicorn-36239.exe	41
PID 2648 wrote to memory of 2860	2648	Unicorn-36239.exe	41
PID 2648 wrote to memory of 2860	2648	Unicorn-36239.exe	41
PID 2648 wrote to memory of 2860	2648	Unicorn-36239.exe	41
PID 600 wrote to memory of 1504	600	Unicorn-28983.exe	42
PID 600 wrote to memory of 1504	600	Unicorn-28983.exe	42
PID 600 wrote to memory of 1504	600	Unicorn-28983.exe	42
PID 600 wrote to memory of 1504	600	Unicorn-28983.exe	42
PID 2480 wrote to memory of 1992	2480	Unicorn-49918.exe	43
PID 2480 wrote to memory of 1992	2480	Unicorn-49918.exe	43
PID 2480 wrote to memory of 1992	2480	Unicorn-49918.exe	43
PID 2480 wrote to memory of 1992	2480	Unicorn-49918.exe	43
PID 2180 wrote to memory of 3040	2180	Unicorn-4801.exe	44
PID 2180 wrote to memory of 3040	2180	Unicorn-4801.exe	44
PID 2180 wrote to memory of 3040	2180	Unicorn-4801.exe	44
PID 2180 wrote to memory of 3040	2180	Unicorn-4801.exe	44

C:\Users\Admin\AppData\Local\Temp\42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\42623c75f31e0e12a49c19e5fa087447_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26875.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        10⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        11⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49771.exe
        12⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20467.exe
        13⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44447.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39941.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17099.exe
        11⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54940.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58727.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13107.exe
        9⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56190.exe
        10⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        11⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42937.exe
        12⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 216
        13⤵
        Program crash
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
        9⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
        10⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
        14⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13055.exe
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8556.exe
        9⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43087.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1146.exe
        11⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57031.exe
        12⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28303.exe
        13⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-127.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        9⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
        10⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54229.exe
        11⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
        12⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        13⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63891.exe
        10⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17291.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27161.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42444.exe
        13⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        14⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5280.exe
        15⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        16⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
        14⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
        15⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
        9⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46346.exe
        10⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33378.exe
        11⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
        12⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22193.exe
        13⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        14⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9858.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16974.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
        9⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        10⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:1508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
        12⤵
        Program crash
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62957.exe
        10⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
        11⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39180.exe
        12⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        13⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40461.exe
        8⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        11⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61873.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51707.exe
        13⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        12⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27803.exe
        13⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
        14⤵
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5084.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        9⤵
        
        PID:620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 236
        10⤵
        Program crash
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37689.exe
        9⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        10⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        11⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
        12⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        13⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49551.exe
        14⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        13⤵
        
        PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53730.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 216
        8⤵
        Program crash
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49589.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
        10⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
        11⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
        12⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
        13⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30908.exe
        10⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
        11⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        12⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43065.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9314.exe
        9⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12215.exe
        10⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44447.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60259.exe
        12⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58561.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30435.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        8⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5121.exe
        10⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8681.exe
        11⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50005.exe
        12⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7160.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11016.exe
        9⤵
        
        PID:2144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
        10⤵
        Program crash
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64186.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
        8⤵
        Program crash
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48136.exe
        7⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        8⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64825.exe
        9⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30778.exe
        10⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4405.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40830.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22927.exe
        13⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3543.exe
        8⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45630.exe
        10⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        11⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
        12⤵
        Program crash
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        7⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        9⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        11⤵
        
        PID:3084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31919.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        10⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9205.exe
        11⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
        12⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        13⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6590.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27424.exe
        15⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
        9⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
        11⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30545.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45244.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2327.exe
        12⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        8⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
        9⤵
        
        PID:904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 216
        10⤵
        Program crash
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 216
        7⤵
        Program crash
        
        PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44534.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        7⤵
        
        PID:2692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
        8⤵
        Program crash
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34305.exe
        6⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31494.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        13⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        7⤵
        
        PID:1144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 236
        8⤵
        Program crash
        
        PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        7⤵
        Program crash
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35457.exe
        6⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
        7⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21868.exe
        9⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
        10⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62589.exe
        11⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20732.exe
        12⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51515.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
        12⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39652.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18599.exe
        10⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
        11⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11519.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59641.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
        9⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63383.exe
        10⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
        11⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49551.exe
        12⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        11⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        10⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57543.exe
        11⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
        6⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
        7⤵
        Program crash
        
        PID:3056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4721.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49620.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
        9⤵
        Program crash
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9142.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31587.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
        9⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
        10⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9122.exe
        11⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
        12⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
        13⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6974.exe
        14⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        15⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
        16⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        9⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20607.exe
        10⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20576.exe
        11⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe
        12⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        13⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50973.exe
        14⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
        15⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 212
        13⤵
        Program crash
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65468.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        7⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 216
        8⤵
        Program crash
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        7⤵
        Program crash
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        6⤵
        Executes dropped EXE
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
        8⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        9⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52724.exe
        10⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
        11⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34679.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50430.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36170.exe
        10⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
        11⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        12⤵
        
        PID:3728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 376
        12⤵
        Program crash
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 376
        11⤵
        Program crash
        
        PID:3824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 372
        10⤵
        Program crash
        
        PID:3328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 372
        9⤵
        Program crash
        
        PID:1636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 376
        8⤵
        Program crash
        
        PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53346.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        7⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        9⤵
        Program crash
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61639.exe
        9⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
        10⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
        11⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
        12⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
        13⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54159.exe
        12⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32354.exe
        7⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46102.exe
        8⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17291.exe
        9⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
        10⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
        11⤵
        Program crash
        
        PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        6⤵
        Program crash
        
        PID:2160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64399.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-336.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
        8⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
        9⤵
        Program crash
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        9⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55080.exe
        10⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        11⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        12⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57761.exe
        13⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        11⤵
        
        PID:2620
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 232
        6⤵
        Program crash
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        6⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36144.exe
        10⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2371.exe
        11⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32818.exe
        12⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        13⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
        14⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23221.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37711.exe
        8⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
        9⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43155.exe
        11⤵
        
        PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28197.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8504.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        6⤵
        Program crash
        
        PID:2800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 232
        5⤵
        Program crash
        
        PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11246.exe

Filesize
184KB

MD5
77b1c73740eb3af9432ff98ec1045190

SHA1
9decedce35a551099fafbdd29eef1915d7a0c10c

SHA256
520153390fc9a3777bc831aea62b9eee5a46c6de19e5cb56554760b0fdab62a0

SHA512
01adffd58afa740a4716e3d2f315a260a416f0ebfe543535a32ff5e6a64f778f0145308a614736ec25d1b04331824da27c42147782aae9ab1ac0510c4ef55bc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18432.exe

Filesize
184KB

MD5
66b2f57e62061fd09dae489c00fd5673

SHA1
b81a355d1fc704cd6d7cd2421107a45b10ddd64f

SHA256
8df090b9d8c1160cb104cc7a725f9722d86783b84e831a5f884ddb03e224831c

SHA512
a5fa870352dc877998ff97c605761c88f63b1444723421a0700579fa80d0887d5f04298e75503fee4669681911f6e9a758bab43a62f9bb90fe9a97f171fce382

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32354.exe

Filesize
184KB

MD5
fa7131a6ca3bc785ee4697a89f02450e

SHA1
20798aacb13cc1b565f6c4aa43ba239233f6ecea

SHA256
c41421efeeb76b6c0f6c7680ce1793ab37626cdef4c77919869b175040f726ff

SHA512
0a001bae49c1f8bba3c94424141b548da2e8828c5a6b9c994b0e82d61f8eeaf97d6ceef01d7c1631427b7148a8738abad94b4bde51facd727fb46c857665ff14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39941.exe

Filesize
184KB

MD5
eb050b038f19accfc42d783beb726491

SHA1
4a9192a300e10509a73a2f29edba79a65b2b78ce

SHA256
2bfb22c00451f05077610582370b3543d80b1daa3bcbe6253c4b58360f6be22d

SHA512
b607fb6d2e6f6826f0ed9f46daa4032d4dca786207f1b6bc8364b637f7bef1554b6f87c26fbcafd318e675c607384f878ca9171ecc36a132fbd63fbef5913df6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe

Filesize
184KB

MD5
d766bca5a666ade7eb46bb44cbf457d6

SHA1
ab310e52026f934f5a18196ad2816585faf921b1

SHA256
5a9971801146a381527e5326fc96e4a3fa173b28c44329cd81048eb142d8359c

SHA512
67655b4967ea754c114acc8bf7dce8b15defe2df3d3880c62d5fe7b6867285350ad42aac5488a8760f0b8be1e542325c0baab803532c6667a7377084b9f35420

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe

Filesize
184KB

MD5
99f0821b4ff4997a027daa0bee8d4a01

SHA1
664bd282cdbdf2cec6fcb790f0a3ca9d0b02300b

SHA256
c56ab5c1b81371e200bdc38b1b5778b45ac1aef45c284762370e0dd5046beebd

SHA512
f7be75060394960e01997a204460cd5ff95b34e6e877471b59f08100bf2b6d45b29528aab937ce3e6722f95288a173a35a3346ea94684a9a58a35cd7630022e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe

Filesize
184KB

MD5
aff996110dc59bf027fed135fc350fa3

SHA1
ad5727abc76b11db879a548e86783f42fe6ff277

SHA256
0a039f01b6849978a40937413ede1fd1a54479b9f90fe432b690530c22e258ba

SHA512
4e4f0a41b293b5983476a6deceee2d781ac75de7ca6da6a732329cf523a93417e526eb52f50d5306ccad8bfeb5c68b9b2b48ce060cabeba620c26f564e10ce6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6273.exe

Filesize
184KB

MD5
560d18eb307413d9d9162ca615d67b30

SHA1
1a96acd5f3acd33573f776979048de14b671430b

SHA256
eb7ddb4f74f8c52565de8b9dd047ad244118be439622c33b0b05ce491ee06814

SHA512
a15e11ce30a9ec82ae541258296595edf91bf4cf7af0b5ff83ecab33168ff5fbec0230676fc77cb4af4b1a4c6e2c85ee5fd5273848aed3f7512bcea38cd3b39b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe

Filesize
184KB

MD5
c9b6bd5af1d2fabb3cb2908396f536a7

SHA1
7fbb7443aa4bb64ccea7c4e93b72c8dfdf26c888

SHA256
2ece3a7f23409513dcd5ce8e4b85acce5c5653df74b9f309aff684dc3a6bcefa

SHA512
c5106476d1b093c0356895dde6b8aee9957c4b5d14373ea310298f31d6b7224b57f64ea8b58dbe42fec8df54b7b03cbc9e1bfc71c40a0f2a51c6bfd7ee7e9ecf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12969.exe

Filesize
184KB

MD5
451164cfa46ab49fbb7a23a13660e038

SHA1
2ee5d000963a3997805ae01738944dd2fc5f66f4

SHA256
dcd561265817512b3656fcd1d4cf6ff0efa81357f6c68180c9044f322878a742

SHA512
6065dc82bc258b7c0d1e17136c49bc9950e830f36ba16055ea276bab120e625c4dc23a05c9eb755116289638643512c62d18690fd2e6df77d11a2a6d872c17dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe

Filesize
184KB

MD5
c1a24cd7e747da6eface22e71b5fb22c

SHA1
c3c47509318468409f384a001125a85198f2834c

SHA256
ecbde83971cca51a943b59cd18c40775bb7757484afd32b718186343b7969917

SHA512
823582f865746caf2f5b284c0d1edb06afe8e0feec9d2e66f39519ac6564681d03490efa6e06f58f9d96de1e5f2c55a9d49bf023f9f976dee776f7fd11134a6a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16731.exe

Filesize
184KB

MD5
a64906e294a309fc72abcb9a43c259d9

SHA1
f3597a0ae72c522888bf9d19306ea4402481025a

SHA256
02f53c68dcaabfd461df9f67de753adeffa0323e7385a3dd7f5a2bdfc645c233

SHA512
6be00654be7bfc3463695e65a01ea6f7b534c0901b229cf9c6fec024a066067a9314946441fabe2940012e0a3b0e96a4cf90c94ad866cf51bf15b750bac3c60a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe

Filesize
184KB

MD5
62c5c1ac1117586b0afaac948f6501a1

SHA1
d45d6e55e84f794b7b9ecb7b8fdb7c7e8f1a1514

SHA256
98058bc4cba2a9010b967613677a296a5ff79b441ad332250ac3ba07ed80ced1

SHA512
c2680195fe4751faa5325ca54c4f078e8e61d2ee4da19dd4e202bb53a39de60f510100cbd88ffa19870e4a790228401447232eccdcf8c36203b9568ebeea535d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe

Filesize
184KB

MD5
621bcd8fba2568aa97027509c8a6ad20

SHA1
0effbc5dc195e82eaac5dce325037c4dc2b8b593

SHA256
b1d41f67f8501a872323b2189e398ebba00ccdf583ecbb7ec322d05585abfaaf

SHA512
c75355eba665883cb16e9155cd6a4ae05e14aaece99e40b67890df50c0ff5178cb00380a4c1998ff7d874bb2853b72fdc1ca1f48952a1daf179e62b2b4fffff1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28983.exe

Filesize
184KB

MD5
d3b40ec825752a31d531de7f39d21af6

SHA1
c90d43154b1ec21b05c5652c353ceb49dd8dcb8a

SHA256
f00150488e4688c7d17758a469afd2d383d362c014f1c45b2b8a574eeae9895f

SHA512
cc5d1434c7a9856ee9f60aa83957c2aa3eee000f1e07ff8d431786f2b92fcbacf1f179c5a23012d4e1207a0b5f3a21d885569427de6472345a717561498bc866

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe

Filesize
184KB

MD5
968d57516cb84fedc56246c3501be499

SHA1
38e45487727d47b77fad954055a261a91cd4559a

SHA256
727a2d9891bc0da9dd1bdf56f659497fc0abcc48a86c623b8efcc885f14c87a1

SHA512
19d12b0b0978d45bec8902ffbeef4d2cca250cf21dfa31a98617deeec86b19efb88054234a96e137599c20686ad81ed2f072b36dda508cbbe3b3e514e419d6d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37700.exe

Filesize
184KB

MD5
c0e17e8c56f3de6a5df61c1449ba0420

SHA1
f76273e4c78cf40fd4525f5b865c39adc7f9d500

SHA256
bf00b25748c455ffcc484ba31ec5c9d819bb54b4ad9570595907b6c50a6b7507

SHA512
209ef71f853fdaed921f551c4ce6cc0cee492e7caeaca6ae3249edf5bbe303112d7047d847e4f6807af2093277328bde0a2407a5b3f63aa3e9a726901b89976b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44407.exe

Filesize
184KB

MD5
69020bdc1296693aa4cc74541257441a

SHA1
a1b77bc62bb7e0d5cf82378c852defd5c888bb51

SHA256
6f5ddfb316840fc4f6beda0207a587826cdf63bbabdfea2a4d36a99f41b6954d

SHA512
cd07b5abf88beac8a881d7955244f94b552f418b3eac70a4a3f713050301d5cadc367bda52ce9d27d0e7c249fbfd9b43758aae18cfa1654249693651761d8555

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe

Filesize
184KB

MD5
44b8350d931379cb285cc31c3c862c8e

SHA1
0ac03b9c5bb806de6e823bb03d28ba42103dc1ec

SHA256
5d627044e228591caaae2b4dfe2195bd96a0c62b0f44fd2f9f526ca87a2b6364

SHA512
4be5d3d7c3dfd32ffca0eb0ed79dd020a9b85a6cf91c8a11f974b5284373419dc3909dfb878570bbec228fc1f4a2fe2f54833449381e65d622dd81489b8d87cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54228.exe

Filesize
184KB

MD5
266842a9ffd9519382340615e6022dba

SHA1
3ef6c7750fac4672472fb657dc3a9ac51a5e67ba

SHA256
d63a71656fea8c7bbb73e7b10b55511dbd95c648aa3b75d861456e848febe0f4

SHA512
2382a9f870809808cb8c0df7ff23def908cc28f23bddb80915bf502e860cd828124575e29bb373cb78c7d511914853c060d84916d25acf91449fa80986883a13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe

Filesize
184KB

MD5
a2dbf516e3f63ddf6a8cb4db57d3d639

SHA1
5cd1215735d350a3fd6b6324729953e3f64f060e

SHA256
9f8a7093debd8a2ec7c25883d4b766a454c1b3f7d470184230a1416f865e30f3

SHA512
a9de1483f76324b2d7ae05c40e93eb1c80e611ff4218f229086af01b6dfc29a8d8bd5fce2d2d21285b2885c7170ed5a32df936508a71f2af6e6937210b22fc05

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63548.exe

Filesize
184KB

MD5
91c3960790f7fef9d92e30acb9f7a82c

SHA1
ca2c9727475a518bf7770fb522a8107c07c26951

SHA256
925477808100db14abcbb28a30ea6361af11c405435ccc7569c9a4b7fd5b0d32

SHA512
3aeeb6d7fb41333663a6b367cce74740122743f41d99cabb065eea76b5415fa2af86312b73c12af53ccbd258316faf43c6b45d62e80afe72ab343e436dd8d647

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64103.exe

Filesize
184KB

MD5
d4fab16a485c23de2d635f54cd8ce9b1

SHA1
32654faf1c0fcfbc10162eb91c17f7f84917039b

SHA256
5b90417ce94b2f8605ba604f863499808eea76517d25d063ed795c094dd408a4

SHA512
1fa383e58fe1ab486615f97ee1c015f77ff1b88d4608037bef485766ab4b12fac70207e90089c987dc95a9efba90dc65200625842c70f00f62356ce30562b44a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9858.exe

Filesize
184KB

MD5
0c536e4ee3c53b3d749ee74c0dd33e3c

SHA1
9573096269551b2b4281984facc57b2e9293abe0

SHA256
49659f2a93436994cfd545b24f0e1a1b6d0f416c91af44e54bbed8c0d5a5c78d

SHA512
2e7e521d96b6da10615aced6df84b2db13c04a89699f994a9d0ff6f36881d3d4e6501f8ba6a983b9a7d9b4fe4c4566b20e50b3c9462bf95d9ccaf5fb08966984

Download Submit