92cdfd12e4ff9b4f1e86047b73a8e5f9cd17bbf456f278625efe78aa813b1795

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-10-2024 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe
Size

184KB
MD5

42ef4eb97886998e9d69d8992d4f0579
SHA1

fb4b235a5fff9d7922bee50dcafc009a071c98bd
SHA256

92cdfd12e4ff9b4f1e86047b73a8e5f9cd17bbf456f278625efe78aa813b1795
SHA512

508179f43bcbd27ca84923f5f13f20cfce3a63638f8ee4fcfe76e16725cd7b909126055093d64588a3fd8e3b68dea3db1f9ab24b2b3400f369e1fabfe71179f6
SSDEEP

3072:KS2romuxTOAEAmjNMhcrC8YMEXKMTxXldk7xKDCeZylPvpFW:KSKoPDEAiM6rC8a1BPylPvpF

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2776	Unicorn-8956.exe
2796	Unicorn-41.exe
2848	Unicorn-36968.exe
2560	Unicorn-65360.exe
3000	Unicorn-52916.exe
2572	Unicorn-33050.exe
1852	Unicorn-56253.exe
2348	Unicorn-3352.exe
2832	Unicorn-56445.exe
2892	Unicorn-24327.exe
1788	Unicorn-55542.exe
1244	Unicorn-2449.exe
2296	Unicorn-24576.exe
672	Unicorn-36274.exe
688	Unicorn-24022.exe
1500	Unicorn-61333.exe
1860	Unicorn-2807.exe
2448	Unicorn-2698.exe
2976	Unicorn-45355.exe
1704	Unicorn-57052.exe
956	Unicorn-28272.exe
1320	Unicorn-53715.exe
2144	Unicorn-61328.exe
2380	Unicorn-61328.exe
764	Unicorn-12682.exe
2416	Unicorn-17424.exe
1556	Unicorn-26552.exe
2932	Unicorn-51611.exe
2584	Unicorn-43080.exe
3040	Unicorn-26744.exe
2724	Unicorn-47719.exe
2680	Unicorn-63500.exe
3044	Unicorn-6302.exe
800	Unicorn-5555.exe
1492	Unicorn-38612.exe
1256	Unicorn-14107.exe
2176	Unicorn-1663.exe
1344	Unicorn-43250.exe
1916	Unicorn-64823.exe
2856	Unicorn-55415.exe
2848	Unicorn-52483.exe
3068	Unicorn-23319.exe
888	Unicorn-36125.exe
304	Unicorn-51907.exe
916	Unicorn-65098.exe
2924	Unicorn-15342.exe
3056	Unicorn-24065.exe
2316	Unicorn-16303.exe
1920	Unicorn-8134.exe
1648	Unicorn-8326.exe
908	Unicorn-3728.exe
880	Unicorn-14849.exe
2972	Unicorn-23594.exe
3020	Unicorn-36016.exe
2272	Unicorn-43438.exe
2692	Unicorn-44377.exe
1740	Unicorn-64242.exe
2076	Unicorn-31378.exe
2704	Unicorn-7833.exe
2900	Unicorn-20640.exe
1592	Unicorn-61865.exe
2784	Unicorn-397.exe
2440	Unicorn-3220.exe
1944	Unicorn-21263.exe

Loads dropped DLL 64 IoCs

pid	Process
2668	42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe
2668	42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe
2776	Unicorn-8956.exe
2776	Unicorn-8956.exe
2668	42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe
2668	42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe
2796	Unicorn-41.exe
2796	Unicorn-41.exe
2848	Unicorn-36968.exe
2848	Unicorn-36968.exe
2776	Unicorn-8956.exe
2776	Unicorn-8956.exe
792	WerFault.exe
792	WerFault.exe
792	WerFault.exe
792	WerFault.exe
792	WerFault.exe
792	WerFault.exe
792	WerFault.exe
2560	Unicorn-65360.exe
2560	Unicorn-65360.exe
2288	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2288	WerFault.exe
2572	Unicorn-33050.exe
2572	Unicorn-33050.exe
3000	Unicorn-52916.exe
3000	Unicorn-52916.exe
2848	Unicorn-36968.exe
2848	Unicorn-36968.exe
1852	Unicorn-56253.exe
1852	Unicorn-56253.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2348	Unicorn-3352.exe
2348	Unicorn-3352.exe
2572	Unicorn-33050.exe
2572	Unicorn-33050.exe
2892	Unicorn-24327.exe
2892	Unicorn-24327.exe
2832	Unicorn-56445.exe
2832	Unicorn-56445.exe
3000	Unicorn-52916.exe
3000	Unicorn-52916.exe
1788	Unicorn-55542.exe
1788	Unicorn-55542.exe
1244	Unicorn-2449.exe
1244	Unicorn-2449.exe
1580	WerFault.exe
1580	WerFault.exe
1580	WerFault.exe
1580	WerFault.exe
1580	WerFault.exe
2348	Unicorn-3352.exe
2348	Unicorn-3352.exe

Program crash 46 IoCs

pid	pid_target	Process	procid_target
792	2796	WerFault.exe	31
2288	2560	WerFault.exe	33
2940	1852	WerFault.exe	37
1580	1788	WerFault.exe	42
2472	1860	WerFault.exe	49
2988	2416	WerFault.exe	59
2780	2856	WerFault.exe	74
772	2272	WerFault.exe	90
1068	1920	WerFault.exe	84
2912	1288	WerFault.exe	113
2056	2784	WerFault.exe	97
2380	1000	WerFault.exe	119
1612	2012	WerFault.exe	128
2424	2264	WerFault.exe	133
2776	900	WerFault.exe	125
1292	1372	WerFault.exe	137
2944	2296	WerFault.exe	149
2940	676	WerFault.exe	135
2820	1996	WerFault.exe	175
1852	1108	WerFault.exe	169
1452	1056	WerFault.exe	184
2544	3044	WerFault.exe	162
588	1492	WerFault.exe	179
2124	2304	WerFault.exe	183
1712	1588	WerFault.exe	174
2832	2628	WerFault.exe	185
1648	1684	WerFault.exe	209
1448	2440	WerFault.exe	198
2288	1628	WerFault.exe	243
264	276	WerFault.exe	231
2228	2608	WerFault.exe	221
2908	2836	WerFault.exe	249
2292	636	WerFault.exe	268
2344	568	WerFault.exe	287
3024	2080	WerFault.exe	256
2236	1580	WerFault.exe	257
3532	1016	WerFault.exe	252
3724	2764	WerFault.exe	313
3380	3800	WerFault.exe	326
3128	3416	WerFault.exe	393
3856	4024	WerFault.exe	382
3712	3920	WerFault.exe	413
3908	3656	WerFault.exe	408
1160	2948	WerFault.exe	451
1092	1796	WerFault.exe	449
3848	2592	WerFault.exe	455

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36016.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-32863.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-11430.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4373.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14160.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24008.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45924.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-1221.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-10780.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9203.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33292.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44003.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52654.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-33276.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26333.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21834.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-13666.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-12867.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20217.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9116.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45212.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-49915.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34614.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-20640.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21612.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-47662.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-31466.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-34228.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-56131.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61835.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-44980.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-63063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36702.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24576.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-52608.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43250.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8720.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-29580.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-53715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-43537.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9609.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-36785.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-61865.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-21176.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-22063.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-16665.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38502.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-35560.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-15331.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-24065.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-8057.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-60588.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-14107.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-40552.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-30387.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4082.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-9923.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-4715.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-28104.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-64876.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-38447.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-26744.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Unicorn-45763.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2668	42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe
2776	Unicorn-8956.exe
2796	Unicorn-41.exe
2848	Unicorn-36968.exe
2560	Unicorn-65360.exe
3000	Unicorn-52916.exe
2572	Unicorn-33050.exe
1852	Unicorn-56253.exe
2348	Unicorn-3352.exe
2832	Unicorn-56445.exe
2892	Unicorn-24327.exe
1788	Unicorn-55542.exe
1244	Unicorn-2449.exe
2296	Unicorn-24576.exe
672	Unicorn-36274.exe
688	Unicorn-24022.exe
1500	Unicorn-61333.exe
1860	Unicorn-2807.exe
2448	Unicorn-2698.exe
1704	Unicorn-57052.exe
2976	Unicorn-45355.exe
956	Unicorn-28272.exe
1320	Unicorn-53715.exe
2380	Unicorn-61328.exe
2144	Unicorn-61328.exe
764	Unicorn-12682.exe
2416	Unicorn-17424.exe
1556	Unicorn-26552.exe
2932	Unicorn-51611.exe
2584	Unicorn-43080.exe
3040	Unicorn-26744.exe
2724	Unicorn-47719.exe
2680	Unicorn-63500.exe
3044	Unicorn-6302.exe
800	Unicorn-5555.exe
1492	Unicorn-38612.exe
1256	Unicorn-14107.exe
2176	Unicorn-1663.exe
1344	Unicorn-43250.exe
1916	Unicorn-64823.exe
2856	Unicorn-55415.exe
2848	Unicorn-52483.exe
3068	Unicorn-23319.exe
304	Unicorn-51907.exe
888	Unicorn-36125.exe
2924	Unicorn-15342.exe
916	Unicorn-65098.exe
3056	Unicorn-24065.exe
2316	Unicorn-16303.exe
1920	Unicorn-8134.exe
1648	Unicorn-8326.exe
880	Unicorn-14849.exe
908	Unicorn-3728.exe
2972	Unicorn-23594.exe
3020	Unicorn-36016.exe
2272	Unicorn-43438.exe
2692	Unicorn-44377.exe
1740	Unicorn-64242.exe
2076	Unicorn-31378.exe
2704	Unicorn-7833.exe
2900	Unicorn-20640.exe
1592	Unicorn-61865.exe
2784	Unicorn-397.exe
1904	Unicorn-12348.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2776	2668	42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe	30
PID 2668 wrote to memory of 2776	2668	42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe	30
PID 2668 wrote to memory of 2776	2668	42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe	30
PID 2668 wrote to memory of 2776	2668	42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe	30
PID 2776 wrote to memory of 2796	2776	Unicorn-8956.exe	31
PID 2776 wrote to memory of 2796	2776	Unicorn-8956.exe	31
PID 2776 wrote to memory of 2796	2776	Unicorn-8956.exe	31
PID 2776 wrote to memory of 2796	2776	Unicorn-8956.exe	31
PID 2668 wrote to memory of 2848	2668	42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe	32
PID 2668 wrote to memory of 2848	2668	42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe	32
PID 2668 wrote to memory of 2848	2668	42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe	32
PID 2668 wrote to memory of 2848	2668	42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe	32
PID 2796 wrote to memory of 2560	2796	Unicorn-41.exe	33
PID 2796 wrote to memory of 2560	2796	Unicorn-41.exe	33
PID 2796 wrote to memory of 2560	2796	Unicorn-41.exe	33
PID 2796 wrote to memory of 2560	2796	Unicorn-41.exe	33
PID 2848 wrote to memory of 3000	2848	Unicorn-36968.exe	34
PID 2848 wrote to memory of 3000	2848	Unicorn-36968.exe	34
PID 2848 wrote to memory of 3000	2848	Unicorn-36968.exe	34
PID 2848 wrote to memory of 3000	2848	Unicorn-36968.exe	34
PID 2776 wrote to memory of 2572	2776	Unicorn-8956.exe	35
PID 2776 wrote to memory of 2572	2776	Unicorn-8956.exe	35
PID 2776 wrote to memory of 2572	2776	Unicorn-8956.exe	35
PID 2776 wrote to memory of 2572	2776	Unicorn-8956.exe	35
PID 2796 wrote to memory of 792	2796	Unicorn-41.exe	36
PID 2796 wrote to memory of 792	2796	Unicorn-41.exe	36
PID 2796 wrote to memory of 792	2796	Unicorn-41.exe	36
PID 2796 wrote to memory of 792	2796	Unicorn-41.exe	36
PID 2560 wrote to memory of 1852	2560	Unicorn-65360.exe	37
PID 2560 wrote to memory of 1852	2560	Unicorn-65360.exe	37
PID 2560 wrote to memory of 1852	2560	Unicorn-65360.exe	37
PID 2560 wrote to memory of 1852	2560	Unicorn-65360.exe	37
PID 2560 wrote to memory of 2288	2560	Unicorn-65360.exe	38
PID 2560 wrote to memory of 2288	2560	Unicorn-65360.exe	38
PID 2560 wrote to memory of 2288	2560	Unicorn-65360.exe	38
PID 2560 wrote to memory of 2288	2560	Unicorn-65360.exe	38
PID 2572 wrote to memory of 2348	2572	Unicorn-33050.exe	39
PID 2572 wrote to memory of 2348	2572	Unicorn-33050.exe	39
PID 2572 wrote to memory of 2348	2572	Unicorn-33050.exe	39
PID 2572 wrote to memory of 2348	2572	Unicorn-33050.exe	39
PID 3000 wrote to memory of 2832	3000	Unicorn-52916.exe	40
PID 3000 wrote to memory of 2832	3000	Unicorn-52916.exe	40
PID 3000 wrote to memory of 2832	3000	Unicorn-52916.exe	40
PID 3000 wrote to memory of 2832	3000	Unicorn-52916.exe	40
PID 2848 wrote to memory of 2892	2848	Unicorn-36968.exe	41
PID 2848 wrote to memory of 2892	2848	Unicorn-36968.exe	41
PID 2848 wrote to memory of 2892	2848	Unicorn-36968.exe	41
PID 2848 wrote to memory of 2892	2848	Unicorn-36968.exe	41
PID 1852 wrote to memory of 1788	1852	Unicorn-56253.exe	42
PID 1852 wrote to memory of 1788	1852	Unicorn-56253.exe	42
PID 1852 wrote to memory of 1788	1852	Unicorn-56253.exe	42
PID 1852 wrote to memory of 1788	1852	Unicorn-56253.exe	42
PID 1852 wrote to memory of 2940	1852	Unicorn-56253.exe	43
PID 1852 wrote to memory of 2940	1852	Unicorn-56253.exe	43
PID 1852 wrote to memory of 2940	1852	Unicorn-56253.exe	43
PID 1852 wrote to memory of 2940	1852	Unicorn-56253.exe	43
PID 2348 wrote to memory of 1244	2348	Unicorn-3352.exe	44
PID 2348 wrote to memory of 1244	2348	Unicorn-3352.exe	44
PID 2348 wrote to memory of 1244	2348	Unicorn-3352.exe	44
PID 2348 wrote to memory of 1244	2348	Unicorn-3352.exe	44
PID 2572 wrote to memory of 2296	2572	Unicorn-33050.exe	45
PID 2572 wrote to memory of 2296	2572	Unicorn-33050.exe	45
PID 2572 wrote to memory of 2296	2572	Unicorn-33050.exe	45
PID 2572 wrote to memory of 2296	2572	Unicorn-33050.exe	45

C:\Users\Admin\AppData\Local\Temp\42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\42ef4eb97886998e9d69d8992d4f0579_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8956.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8956.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65360.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17424.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        12⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53615.exe
        13⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        14⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
        15⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24446.exe
        16⤵
        
        PID:1924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 236
        16⤵
        Program crash
        
        PID:2292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 236
        15⤵
        Program crash
        
        PID:264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        14⤵
        Program crash
        
        PID:1448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
        13⤵
        Program crash
        
        PID:1712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 236
        12⤵
        Program crash
        
        PID:2940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        11⤵
        Program crash
        
        PID:2056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
        10⤵
        Program crash
        
        PID:2780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
        9⤵
        Program crash
        
        PID:2988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
        8⤵
        Program crash
        
        PID:2472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
        7⤵
        Loads dropped DLL
        Program crash
        
        PID:1580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2940
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2288
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2698.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26552.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12348.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13666.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        11⤵
        Program crash
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        9⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        10⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50299.exe
        11⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7590.exe
        12⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23896.exe
        13⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
        14⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5647.exe
        15⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64781.exe
        16⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 240
        17⤵
        Program crash
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37599.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52473.exe
        9⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        10⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 220
        11⤵
        Program crash
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36125.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53573.exe
        8⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        9⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        10⤵
        Program crash
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51611.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
        8⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
        9⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        10⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
        11⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46781.exe
        13⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        14⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
        15⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        16⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33437.exe
        17⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24024.exe
        18⤵
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 240
        19⤵
        Program crash
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45559.exe
        16⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20625.exe
        17⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45337.exe
        19⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        20⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
        14⤵
        
        PID:2724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 220
        14⤵
        Program crash
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13786.exe
        12⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
        13⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57588.exe
        14⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1693.exe
        15⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48336.exe
        16⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5819.exe
        17⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35851.exe
        18⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        19⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        11⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        12⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
        13⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9264.exe
        14⤵
        
        PID:3800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 240
        15⤵
        Program crash
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9203.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43537.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
        9⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10968.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
        11⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30720.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12707.exe
        13⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33276.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5061.exe
        15⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
        16⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
        17⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
        18⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11430.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14160.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9923.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        14⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
        15⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe
        16⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
        17⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-80.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-80.exe
        18⤵
        
        PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45355.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3220.exe
        8⤵
        Executes dropped EXE
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
        9⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        10⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49915.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        13⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        14⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
        15⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
        16⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
        17⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        18⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 240
        19⤵
        Program crash
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        17⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
        18⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64766.exe
        19⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        7⤵
        Executes dropped EXE
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
        9⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
        10⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        11⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44591.exe
        12⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        13⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62679.exe
        14⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43261.exe
        16⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55757.exe
        17⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
        18⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        19⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
        7⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12867.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe
        10⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29822.exe
        11⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
        12⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60354.exe
        13⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
        14⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28632.exe
        15⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11963.exe
        16⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        17⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        18⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1484.exe
        19⤵
        
        PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24576.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43080.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52525.exe
        10⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56085.exe
        11⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54326.exe
        12⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
        13⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
        14⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        15⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        16⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58590.exe
        17⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
        18⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-796.exe
        19⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24963.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27455.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63843.exe
        9⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
        10⤵
        Program crash
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36988.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47865.exe
        9⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
        10⤵
        Program crash
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47719.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34855.exe
        8⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
        9⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10439.exe
        11⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22085.exe
        12⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        14⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62025.exe
        15⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
        17⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21025.exe
        18⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        19⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 236
        13⤵
        Program crash
        
        PID:3532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 216
        12⤵
        Program crash
        
        PID:2228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
        11⤵
        Program crash
        
        PID:2832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
        10⤵
        Program crash
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        7⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        8⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        9⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61835.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34228.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38556.exe
        12⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
        14⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32716.exe
        15⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
        16⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8720.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14247.exe
        18⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54660.exe
        19⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34614.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48720.exe
        15⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
        16⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        17⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10905.exe
        18⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
        12⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1693.exe
        13⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37184.exe
        14⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        15⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15331.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35420.exe
        17⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14906.exe
        18⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
        13⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
        14⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8206.exe
        15⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        16⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
        17⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25731.exe
        6⤵
        
        PID:1288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 220
        7⤵
        Program crash
        
        PID:2912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36968.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36968.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7833.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8840.exe
        9⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        11⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47533.exe
        12⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
        13⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
        14⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63361.exe
        15⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
        16⤵
        
        PID:2764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 220
        17⤵
        Program crash
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
        15⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62824.exe
        16⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe
        17⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
        18⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
        19⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12965.exe
        20⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
        21⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        8⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        9⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12691.exe
        10⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        11⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54264.exe
        12⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33237.exe
        13⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
        14⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        15⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63198.exe
        16⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        18⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
        19⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29580.exe
        20⤵
        System Location Discovery: System Language Discovery
        
        PID:3176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        13⤵
        Program crash
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61865.exe
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
        8⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
        9⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50849.exe
        10⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 216
        10⤵
        Program crash
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64823.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        8⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        9⤵
        Program crash
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12682.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43438.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
        8⤵
        Program crash
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 220
        8⤵
        Program crash
        
        PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61328.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14107.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14849.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24601.exe
        8⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
        9⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
        10⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
        11⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        12⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55416.exe
        13⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25453.exe
        14⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37744.exe
        15⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24439.exe
        16⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
        17⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9296.exe
        18⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42488.exe
        19⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31466.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        13⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59498.exe
        15⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1221.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 240
        17⤵
        Program crash
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30199.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58000.exe
        9⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64876.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8057.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27980.exe
        12⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        13⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9155.exe
        14⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33292.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44060.exe
        16⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        17⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        18⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 220
        19⤵
        Program crash
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14040.exe
        10⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
        11⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
        12⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34620.exe
        13⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        14⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44636.exe
        15⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17190.exe
        16⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46380.exe
        17⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
        18⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36016.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36127.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40263.exe
        10⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5748.exe
        11⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        12⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24833.exe
        13⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24008.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
        16⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17050.exe
        17⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        18⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
        11⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22446.exe
        12⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32010.exe
        13⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12871.exe
        14⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        15⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49670.exe
        16⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52654.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
        18⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49799.exe
        13⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
        14⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51014.exe
        15⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36785.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43250.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45763.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        8⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64092.exe
        9⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
        10⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58410.exe
        11⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 220
        12⤵
        Program crash
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
        11⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        12⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
        13⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58263.exe
        14⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34195.exe
        15⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe
        17⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
        18⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27671.exe
        15⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64008.exe
        16⤵
        
        PID:1796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 220
        17⤵
        Program crash
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50413.exe
        10⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
        11⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9116.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44537.exe
        14⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
        15⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
        16⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
        17⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
        18⤵
        
        PID:532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36274.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28272.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45924.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52608.exe
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
        11⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
        12⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
        13⤵
        Program crash
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17439.exe
        11⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20217.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
        13⤵
        Program crash
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
        12⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14438.exe
        13⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60588.exe
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52638.exe
        15⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42021.exe
        16⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17219.exe
        17⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30007.exe
        7⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39178.exe
        8⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        9⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
        10⤵
        
        PID:1684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 220
        11⤵
        Program crash
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20640.exe
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62400.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30019.exe
        8⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
        9⤵
        Program crash
        
        PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        7⤵
        Program crash
        
        PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53715.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8326.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35431.exe
        8⤵
        
        PID:1372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
        9⤵
        Program crash
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37803.exe
        8⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
        9⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63677.exe
        10⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
        11⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37238.exe
        12⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
        13⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22368.exe
        14⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25866.exe
        15⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1413.exe
        16⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55456.exe
        17⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56131.exe
        18⤵
        System Location Discovery: System Language Discovery
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50428.exe
        6⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36796.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28104.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
        9⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        10⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        11⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38447.exe
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52622.exe
        13⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36084.exe
        14⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
        16⤵
        System Location Discovery: System Language Discovery
        
        PID:2592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        17⤵
        Program crash
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
        10⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        11⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51195.exe
        12⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12871.exe
        13⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42830.exe
        14⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40080.exe
        15⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
        16⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21285.exe
        6⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22219.exe
        7⤵
        
        PID:2264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
        8⤵
        Program crash
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
        6⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44980.exe
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1456.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
        10⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9609.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-603.exe
        12⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38502.exe
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20983.exe
        14⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20506.exe
        15⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        16⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
        17⤵
        
        PID:3196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe

Filesize
184KB

MD5
85e1c4df8ba31ef1660f423b7f820bc8

SHA1
33f55c0f07f48595c93b397969a75ce408b07e2c

SHA256
dd2206e4190cd4a159ac452741893836461024033b971743ab9b1ee2fff4eca4

SHA512
dced033f4758946bd8f3d5934ccd0d18a0b8ccb052d0021d64cfda05f9c849dafb1aa3e0e3d74b8e470a49eceaeb65d0daabd9ab649f473333b24830b8973433

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35420.exe

Filesize
184KB

MD5
a89d180bef2612228fdd8580e1dc5adc

SHA1
c227a24de1a6432a0654fa6d2429f0f07b866b7d

SHA256
7803596511f398a1d7b3867b7b25480902db192a2db8c632f7c0f4c823293dba

SHA512
4b6c70716cf5640bcb1ea46b8bb6af49200fa89bbf75d7fa15ce977a484e96067bfcefc248a92b2229274d773e3713df3df2e571a2593c5a396885988f2b8231

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe

Filesize
184KB

MD5
9141f6f052a40b4b55852c178f81571e

SHA1
ce80c9382a00a8a02f9a0588586958e6bae4d767

SHA256
34f989572b6c77667eefc31187d3674c6f94a2074aa2f8b326b309d426dc0b6d

SHA512
7ee9cd7009b91e5d6d927e067a775100fba77435d249d21e185b2f338d9676c60a1238040f795ce4206c2174b7af66cc0b3a7ad84dbad45d46b5f6392c11e988

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe

Filesize
184KB

MD5
1d9ffce490f209da0d4a011e231c2eb3

SHA1
fbef2c5408b54b9ffd9ada9797b0717781c49447

SHA256
238dc0aeb5eb8d25107964c5d9f25610cb879cf08e8fa4edc7eb8a6b766884d9

SHA512
59a64a778e01f6982d53e8ec32ae0cdb9139be6ddb21010e2445fe62be83a188b48e36589e3128e73237c477b1c36c324fd28558cd6315f15a12460d367692e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe

Filesize
184KB

MD5
4d18654fdc41a868230eb050f30dbb6b

SHA1
1ba9cf6aad05551ef321f2c46827e4d3e9e1e79e

SHA256
cc9bbd8fa3ed9fe96436e3087e10f25e9e5d64a4cd551c255a510d25d8e21915

SHA512
7a60a117feec63a5a8e25105904a23825bf90cc64f7931c6c50e490b7468a6d7d335a73f9dccf17faa84f615a2bd3bf569e9ff792557a456a9159d796e2b2cf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe

Filesize
184KB

MD5
7d738caa101ea5adfa562e01a23f42e0

SHA1
008564336ba6ac9991c18c8a1aa07e73d4b0dfc4

SHA256
c858e00b78d0e945f4bd4cc8c79930a647ff326cd3af2390cd6c2b385e08363a

SHA512
b66dc5e494c705e9b6cd380688f282f49b1a348c00e92ec60b685c06314b9779acf83ad8e4a30ec7cfcb038ab691e34c2fce85cbaaa8a55b581fe961a39fda91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe

Filesize
184KB

MD5
e4dae17ddb019211312a5c85d3601dbe

SHA1
0f57e74dff29f0bb70a5fd8b7ccaadf3d1acbd49

SHA256
b8422bf875d5f84686b6a6e76283855ad16a65e11a71f7546f2cdb880216b564

SHA512
50776b30c2723114b25ecc24850891360692d5c270c366203d54d91ff4493ba7b6f7c29538fba34a91024af2b2bf8b0cf7e7d93bc9993224736414b7b2a1ea1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56445.exe

Filesize
184KB

MD5
78d4c551cedbf8e1217ab47eddfbd7c7

SHA1
94dd771f9ebc2b83a5d1a5d2edb9e82734e9c110

SHA256
e74c21a9d7498607c146036cbfdaf1d47617bb2053bf7ae6274991a60bbb353f

SHA512
db5e26c450721f0ca65c638e285269766e85fe387555fe580954333ba89c304b915d62fc7726c34d1b65178b96e56e1250efd94181ff42956b77e2b742d5f048

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5748.exe

Filesize
184KB

MD5
d35eedfc94561eab0c691e23abc84ffd

SHA1
8ee5b7981d2cf7e135c4c5890c0e99d40eb09d1d

SHA256
15630be79a98b9491b2a72c38748a13d2fadbbebde34668f41d7d51f3bd96d8c

SHA512
6ad7092e231d70dbdcac3d57ad24683c393b2cacc1ed5c888be442ce6569947b0d5ee0aa3f9df4e3a900d0cb142a05aa0e2c55e5da731a7d7ff0b123ac6f275d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe

Filesize
184KB

MD5
88f0b8e22299c69ab8860bb1ccfbdfae

SHA1
22d71d49b41d86a9a172c75f39f47bd86065702b

SHA256
13bea7fb481f09031ff792f1a70a0585b1e9f28210415d8cab92b698dd4e3f7f

SHA512
2461a2df8e3b73d272eb75e096924c131c2959bd633fdda9499451667d86d3557a0a8663576d64e97a0dfafddc323300a4cfc15e6c3af8d16533b34515d3968a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6308.exe

Filesize
184KB

MD5
b4f67efd893816780f900c31f92929c6

SHA1
f0b12f4ffbbb5d7c44b271b927f0d6dad4ffbac9

SHA256
4dd625d0b7d159bdc24b74ce2cf842c57448b8c1f49c90a57acf71880084d136

SHA512
dbcf71b85daee6df015aeefa81da70fa325df191098f927e0ee3f680c7ee4aab6262c038f864a84c2ec9197c1657daa85bedd47b6553697d0e38f3ec800b1561

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65360.exe

Filesize
184KB

MD5
e29334360db19f8a98c06d890be0a4c2

SHA1
499513bc4e96b02521a5c203c6875dde8cc596e8

SHA256
750e55ade498f9b9348ad8a70ce75e72d0610fe32d2690798379dff87f8c9298

SHA512
01be6f754a12d7dde9f7661ae961dfed69e19baed0a5c8ee9b040ba258d1c0f5f74881fd36cf5027ee3db6eb2041819b35c43cf24b5bb7a80414546021057274

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24327.exe

Filesize
184KB

MD5
ca5fcefcf26fa60b77190d2d241c1533

SHA1
cb01b09dca4f71dc68a1359a51fc95e372768cf1

SHA256
2d9b1214409b1b1c8519a1e9cad29d403f9907a40b5dc5aa90581cf57b4cdf45

SHA512
1bbe675a39d70718e03b29927fb6296d5fca5840e616bc1bc2c7b6698c49e20617a840236068ce4ffddbd029f28fc86336da555bb18b0f1fcdf8eb3e9a5ddc7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe

Filesize
184KB

MD5
5f12b7480ac55565c7c64ea1c72e76be

SHA1
0d0b8a08e09b724dba34cea483c9b96d0844c7f7

SHA256
a6f9773691f7f3aed47c3617815732dc7814309a0ad27bb3f0f202565b272084

SHA512
a1ca90eaac5edb7ad6619d45cc588104520f60d60def9ed7b629af651250099fa8c322babd56466275cbfe86f759722f4a1257c0fd2f2e7ae1c9da6b4f7e0617

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe

Filesize
184KB

MD5
e0df088769646b99d013209d99fb5ef5

SHA1
9329c67c0a71b52e31979f08799d2250ee65ff9b

SHA256
e54f67db5d1941a7cccb057dca634f46f490b6382db4662dedf87ad7ae616830

SHA512
52e8a7c0b9d575e4b8533e1dee2e8d3a7f2eeb11ca5d135c7084fe9909827ac3991b303aef40b8dcd7f1fabb9be3459434d13c978cc40b8773a24ba3f6da5f75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36968.exe

Filesize
184KB

MD5
28187721f6cd161c6c52f7b21b62027c

SHA1
af396e86c66313125bba62f05fdcf71fcb5301b5

SHA256
10141196a2c7ed3889fd21e0fb03e8a1a8b36b20833e8af612df9cb411f314fa

SHA512
063e0716af84362c6469939c51d8a273d873ab45d206e3606cf7ddbb0b796dfa8b6b23534a4c102022a570c277edf543b228d326ec1aea7d5105ea00ec8608cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41.exe

Filesize
184KB

MD5
9b5c11779c1ff97331528d0052a59254

SHA1
b30087bb2d4a7a361bb23bc587e624c636256693

SHA256
e7848ea6d8707d611c3aa3b9cd5c5e0c6b2934b30b61b55304ab75ff71c7caa5

SHA512
7a2f65893b804fbd3d8624497b993ab3fe2584160b76585e443ed6450ca5af5e7dc263a7a997cce80b29ffad172230e26fe65f183c5e1b5589cd1b7161cc7c09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe

Filesize
184KB

MD5
c8b5219366fa4ad3acf41262766b73db

SHA1
a039b2ab270eff0ab60c2977832526cf51c9bc4f

SHA256
d137ed56f4241f11e5ae054b694d06bf89d37ac586a24e744f72ab90e76e202a

SHA512
89d87b3054dcc1401e64d3e0c3246ed44053482500c37fba5d27fa86035af7887c1d538e9dcb051ee681c32638200da272b38a6412028488a3da315d1e5f6409

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56253.exe

Filesize
184KB

MD5
ad061515e4c1878ce8ec88e0e3cc3a86

SHA1
597f25b14f1f4b62fd543ec54de4aeaf392daec4

SHA256
6cca80242271c03544a045331773ce2f98db26b54bd578d24650fa56f2238c28

SHA512
c87b410dbab6f4c27355fdffe1d3276865d5ac213cf86cf5bf337c4dc57a5786485984b31b5a998a0b3fc0b0b5f54df72962c5b29bdbb81ad40fe14acd58f95d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8956.exe

Filesize
184KB

MD5
1e2a211e77d02b75c851456d9dbadf46

SHA1
0488c87a1c1214180208bebca18280107a3702c3

SHA256
ae440715f327cb3162ccf6db0891a22cbd02a30467acec2a2631165f478b1dc7

SHA512
1e8cdcf0b7e0b019730f46a0b747e5d0a37277c71f5f91a85ee0156dd572284d7aa5607b689e384f0a410ebae5aa6ab1539de26081fa2c3ea9e8f45a7bdbffde

Download Submit