98034d878d96b65680e7ad5eb61302ccc7bc1d9a704891e80a38f89f9b5de0d7

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 07:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe
Size

192KB
MD5

00324543697a5e1fd68bcf60aced6785
SHA1

051363a0293759cdaee728b3016cd9f5fcc40ff0
SHA256

98034d878d96b65680e7ad5eb61302ccc7bc1d9a704891e80a38f89f9b5de0d7
SHA512

959e64b6a05d9bdcadcb53864ad00deba10f495e70ec6c141ce753d32cc0b17a12e3ddf8d6b7ca2dc56422ece63d59e4e45753a1622d934775b083705304b383
SSDEEP

3072:fLcJoJTCfjAgb9NTFpbDN898EGZ6rTfVH6Zxef+HM6luXpFJ:fLOokcgbDFNDN8L9jR6luXpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1508	Unicorn-47156.exe
2588	Unicorn-11777.exe
2552	Unicorn-49281.exe
2456	Unicorn-46391.exe
2472	Unicorn-14979.exe
2780	Unicorn-18357.exe
1644	Unicorn-45976.exe
2432	Unicorn-64320.exe
584	Unicorn-18649.exe
776	Unicorn-59489.exe
1688	Unicorn-64320.exe
2804	Unicorn-11305.exe
1620	Unicorn-16205.exe
1652	Unicorn-30080.exe
2412	Unicorn-45348.exe
516	Unicorn-41970.exe
1524	Unicorn-62068.exe
1396	Unicorn-65213.exe
2852	Unicorn-19421.exe
2892	Unicorn-11253.exe
2344	Unicorn-39287.exe
2096	Unicorn-54855.exe
1908	Unicorn-33942.exe
272	Unicorn-1077.exe
2064	Unicorn-25582.exe
1336	Unicorn-5716.exe
1548	Unicorn-31550.exe
1844	Unicorn-63085.exe
972	Unicorn-28020.exe
320	Unicorn-47886.exe
2996	Unicorn-60496.exe
1540	Unicorn-19464.exe
276	Unicorn-52136.exe
2088	Unicorn-40822.exe
1696	Unicorn-32462.exe
1492	Unicorn-35992.exe
1716	Unicorn-5623.exe
2976	Unicorn-45779.exe
756	Unicorn-9577.exe
2676	Unicorn-19931.exe
2648	Unicorn-57434.exe
2496	Unicorn-11954.exe
2368	Unicorn-41289.exe
2868	Unicorn-3786.exe
2564	Unicorn-16593.exe
2684	Unicorn-3786.exe
2584	Unicorn-28291.exe
2272	Unicorn-33313.exe
2944	Unicorn-45011.exe
2508	Unicorn-39661.exe
2752	Unicorn-64165.exe
2784	Unicorn-36131.exe
580	Unicorn-61020.exe
1896	Unicorn-52852.exe
2156	Unicorn-31685.exe
1940	Unicorn-39853.exe
1684	Unicorn-64357.exe
1544	Unicorn-36323.exe
928	Unicorn-7372.exe
2836	Unicorn-44684.exe
2824	Unicorn-15733.exe
2536	Unicorn-53236.exe
2236	Unicorn-55229.exe
1072	Unicorn-3563.exe

Loads dropped DLL 64 IoCs

pid	Process
2292	00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe
2292	00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe
1508	Unicorn-47156.exe
2292	00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe
1508	Unicorn-47156.exe
2292	00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe
2588	Unicorn-11777.exe
2588	Unicorn-11777.exe
1508	Unicorn-47156.exe
2552	Unicorn-49281.exe
1508	Unicorn-47156.exe
2552	Unicorn-49281.exe
2472	Unicorn-14979.exe
2472	Unicorn-14979.exe
2588	Unicorn-11777.exe
2588	Unicorn-11777.exe
2552	Unicorn-49281.exe
2456	Unicorn-46391.exe
2456	Unicorn-46391.exe
2780	Unicorn-18357.exe
2780	Unicorn-18357.exe
2552	Unicorn-49281.exe
2432	Unicorn-64320.exe
2432	Unicorn-64320.exe
776	Unicorn-59489.exe
2780	Unicorn-18357.exe
2780	Unicorn-18357.exe
776	Unicorn-59489.exe
2472	Unicorn-14979.exe
2472	Unicorn-14979.exe
584	Unicorn-18649.exe
584	Unicorn-18649.exe
2456	Unicorn-46391.exe
2456	Unicorn-46391.exe
1688	Unicorn-64320.exe
1688	Unicorn-64320.exe
1644	Unicorn-45976.exe
1644	Unicorn-45976.exe
2432	Unicorn-64320.exe
2432	Unicorn-64320.exe
2804	Unicorn-11305.exe
2804	Unicorn-11305.exe
1652	Unicorn-30080.exe
1652	Unicorn-30080.exe
1524	Unicorn-62068.exe
1524	Unicorn-62068.exe
516	Unicorn-41970.exe
584	Unicorn-18649.exe
516	Unicorn-41970.exe
1620	Unicorn-16205.exe
584	Unicorn-18649.exe
776	Unicorn-59489.exe
1620	Unicorn-16205.exe
776	Unicorn-59489.exe
1396	Unicorn-65213.exe
1396	Unicorn-65213.exe
1688	Unicorn-64320.exe
2412	Unicorn-45348.exe
2412	Unicorn-45348.exe
1688	Unicorn-64320.exe
2852	Unicorn-19421.exe
2892	Unicorn-11253.exe
2892	Unicorn-11253.exe
2852	Unicorn-19421.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
300	2368	WerFault.exe	69
1516	2136	WerFault.exe	92
844	2452	WerFault.exe	110
3088	1800	WerFault.exe	188
3160	3368	WerFault.exe	327
4760	3508	WerFault.exe	301
5032	4788	WerFault.exe	357
4992	4396	WerFault.exe	376
4564	4148	WerFault.exe	370

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2292	00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe
1508	Unicorn-47156.exe
2588	Unicorn-11777.exe
2552	Unicorn-49281.exe
2472	Unicorn-14979.exe
2456	Unicorn-46391.exe
2780	Unicorn-18357.exe
2432	Unicorn-64320.exe
776	Unicorn-59489.exe
1688	Unicorn-64320.exe
584	Unicorn-18649.exe
1644	Unicorn-45976.exe
2804	Unicorn-11305.exe
1620	Unicorn-16205.exe
1652	Unicorn-30080.exe
2412	Unicorn-45348.exe
516	Unicorn-41970.exe
1524	Unicorn-62068.exe
1396	Unicorn-65213.exe
2892	Unicorn-11253.exe
2852	Unicorn-19421.exe
2344	Unicorn-39287.exe
2096	Unicorn-54855.exe
1908	Unicorn-33942.exe
1844	Unicorn-63085.exe
2064	Unicorn-25582.exe
1336	Unicorn-5716.exe
272	Unicorn-1077.exe
1548	Unicorn-31550.exe
320	Unicorn-47886.exe
972	Unicorn-28020.exe
1540	Unicorn-19464.exe
2996	Unicorn-60496.exe
276	Unicorn-52136.exe
1492	Unicorn-35992.exe
2088	Unicorn-40822.exe
1696	Unicorn-32462.exe
2976	Unicorn-45779.exe
756	Unicorn-9577.exe
2676	Unicorn-19931.exe
2648	Unicorn-57434.exe
2496	Unicorn-11954.exe
2368	Unicorn-41289.exe
2564	Unicorn-16593.exe
2272	Unicorn-33313.exe
2868	Unicorn-3786.exe
2684	Unicorn-3786.exe
2584	Unicorn-28291.exe
2944	Unicorn-45011.exe
2752	Unicorn-64165.exe
2784	Unicorn-36131.exe
2508	Unicorn-39661.exe
2156	Unicorn-31685.exe
1684	Unicorn-64357.exe
1940	Unicorn-39853.exe
1896	Unicorn-52852.exe
580	Unicorn-61020.exe
2836	Unicorn-44684.exe
1544	Unicorn-36323.exe
928	Unicorn-7372.exe
2824	Unicorn-15733.exe
2236	Unicorn-55229.exe
2536	Unicorn-53236.exe
1072	Unicorn-3563.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 1508	2292	00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe	28
PID 2292 wrote to memory of 1508	2292	00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe	28
PID 2292 wrote to memory of 1508	2292	00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe	28
PID 2292 wrote to memory of 1508	2292	00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe	28
PID 1508 wrote to memory of 2588	1508	Unicorn-47156.exe	29
PID 1508 wrote to memory of 2588	1508	Unicorn-47156.exe	29
PID 1508 wrote to memory of 2588	1508	Unicorn-47156.exe	29
PID 1508 wrote to memory of 2588	1508	Unicorn-47156.exe	29
PID 2292 wrote to memory of 2552	2292	00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe	30
PID 2292 wrote to memory of 2552	2292	00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe	30
PID 2292 wrote to memory of 2552	2292	00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe	30
PID 2292 wrote to memory of 2552	2292	00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe	30
PID 2588 wrote to memory of 2456	2588	Unicorn-11777.exe	31
PID 2588 wrote to memory of 2456	2588	Unicorn-11777.exe	31
PID 2588 wrote to memory of 2456	2588	Unicorn-11777.exe	31
PID 2588 wrote to memory of 2456	2588	Unicorn-11777.exe	31
PID 1508 wrote to memory of 2780	1508	Unicorn-47156.exe	32
PID 1508 wrote to memory of 2780	1508	Unicorn-47156.exe	32
PID 1508 wrote to memory of 2780	1508	Unicorn-47156.exe	32
PID 1508 wrote to memory of 2780	1508	Unicorn-47156.exe	32
PID 2552 wrote to memory of 2472	2552	Unicorn-49281.exe	33
PID 2552 wrote to memory of 2472	2552	Unicorn-49281.exe	33
PID 2552 wrote to memory of 2472	2552	Unicorn-49281.exe	33
PID 2552 wrote to memory of 2472	2552	Unicorn-49281.exe	33
PID 2472 wrote to memory of 1644	2472	Unicorn-14979.exe	34
PID 2472 wrote to memory of 1644	2472	Unicorn-14979.exe	34
PID 2472 wrote to memory of 1644	2472	Unicorn-14979.exe	34
PID 2472 wrote to memory of 1644	2472	Unicorn-14979.exe	34
PID 2588 wrote to memory of 2432	2588	Unicorn-11777.exe	35
PID 2588 wrote to memory of 2432	2588	Unicorn-11777.exe	35
PID 2588 wrote to memory of 2432	2588	Unicorn-11777.exe	35
PID 2588 wrote to memory of 2432	2588	Unicorn-11777.exe	35
PID 2456 wrote to memory of 584	2456	Unicorn-46391.exe	37
PID 2456 wrote to memory of 584	2456	Unicorn-46391.exe	37
PID 2456 wrote to memory of 584	2456	Unicorn-46391.exe	37
PID 2456 wrote to memory of 584	2456	Unicorn-46391.exe	37
PID 2780 wrote to memory of 776	2780	Unicorn-18357.exe	38
PID 2780 wrote to memory of 776	2780	Unicorn-18357.exe	38
PID 2780 wrote to memory of 776	2780	Unicorn-18357.exe	38
PID 2780 wrote to memory of 776	2780	Unicorn-18357.exe	38
PID 2552 wrote to memory of 1688	2552	Unicorn-49281.exe	36
PID 2552 wrote to memory of 1688	2552	Unicorn-49281.exe	36
PID 2552 wrote to memory of 1688	2552	Unicorn-49281.exe	36
PID 2552 wrote to memory of 1688	2552	Unicorn-49281.exe	36
PID 2432 wrote to memory of 2804	2432	Unicorn-64320.exe	39
PID 2432 wrote to memory of 2804	2432	Unicorn-64320.exe	39
PID 2432 wrote to memory of 2804	2432	Unicorn-64320.exe	39
PID 2432 wrote to memory of 2804	2432	Unicorn-64320.exe	39
PID 776 wrote to memory of 1620	776	Unicorn-59489.exe	40
PID 776 wrote to memory of 1620	776	Unicorn-59489.exe	40
PID 776 wrote to memory of 1620	776	Unicorn-59489.exe	40
PID 776 wrote to memory of 1620	776	Unicorn-59489.exe	40
PID 2780 wrote to memory of 1652	2780	Unicorn-18357.exe	41
PID 2780 wrote to memory of 1652	2780	Unicorn-18357.exe	41
PID 2780 wrote to memory of 1652	2780	Unicorn-18357.exe	41
PID 2780 wrote to memory of 1652	2780	Unicorn-18357.exe	41
PID 2472 wrote to memory of 2412	2472	Unicorn-14979.exe	42
PID 2472 wrote to memory of 2412	2472	Unicorn-14979.exe	42
PID 2472 wrote to memory of 2412	2472	Unicorn-14979.exe	42
PID 2472 wrote to memory of 2412	2472	Unicorn-14979.exe	42
PID 584 wrote to memory of 516	584	Unicorn-18649.exe	43
PID 584 wrote to memory of 516	584	Unicorn-18649.exe	43
PID 584 wrote to memory of 516	584	Unicorn-18649.exe	43
PID 584 wrote to memory of 516	584	Unicorn-18649.exe	43

C:\Users\Admin\AppData\Local\Temp\00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\00324543697a5e1fd68bcf60aced6785_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11954.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        9⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
        10⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7832.exe
        11⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        12⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49250.exe
        13⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61277.exe
        14⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15975.exe
        15⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7434.exe
        8⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54897.exe
        9⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54482.exe
        10⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39275.exe
        11⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
        12⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
        13⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
        14⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 240
        15⤵
        Program crash
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
        14⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
        15⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59643.exe
        11⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        12⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        13⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25667.exe
        14⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        9⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        10⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        11⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39556.exe
        12⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        13⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-788.exe
        14⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45238.exe
        11⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58983.exe
        12⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        13⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16593.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
        8⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        9⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50391.exe
        11⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
        12⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34853.exe
        13⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46662.exe
        14⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 200
        15⤵
        Program crash
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
        8⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47635.exe
        9⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5995.exe
        10⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        11⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
        12⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        13⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4035.exe
        14⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
        9⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29198.exe
        10⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16285.exe
        11⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19797.exe
        12⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 200
        13⤵
        Program crash
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5716.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45779.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15733.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        9⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
        10⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11335.exe
        11⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
        12⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
        13⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57352.exe
        14⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
        15⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19498.exe
        11⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
        12⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        13⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48504.exe
        8⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44864.exe
        9⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
        10⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        11⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
        12⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25116.exe
        13⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33942.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe
        7⤵
        Executes dropped EXE
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39568.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        9⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        10⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26067.exe
        11⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54202.exe
        12⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31024.exe
        9⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
        10⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44948.exe
        11⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17287.exe
        12⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
        13⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55606.exe
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30542.exe
        10⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9076.exe
        11⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
        12⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17760.exe
        13⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44783.exe
        7⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14718.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38414.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30916.exe
        10⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58651.exe
        11⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1964.exe
        12⤵
        
        PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39287.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52136.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        10⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60868.exe
        11⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50402.exe
        12⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        13⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
        14⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        10⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        11⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
        12⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63583.exe
        13⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-494.exe
        9⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
        10⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25223.exe
        11⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14556.exe
        12⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
        13⤵
        
        PID:4104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
        14⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
        9⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61958.exe
        10⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52358.exe
        11⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        12⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        13⤵
        
        PID:4788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 244
        14⤵
        Program crash
        
        PID:5032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7040.exe
        8⤵
        
        PID:2452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        9⤵
        Program crash
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
        8⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38699.exe
        9⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
        10⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8684.exe
        11⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4873.exe
        12⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41427.exe
        13⤵
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43199.exe
        7⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44202.exe
        8⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        10⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        11⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-986.exe
        12⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8547.exe
        13⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        14⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
        15⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        12⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54394.exe
        13⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
        14⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19464.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39661.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
        9⤵
        
        PID:1800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 220
        10⤵
        Program crash
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
        7⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1117.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        10⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-332.exe
        11⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20083.exe
        12⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19773.exe
        9⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47527.exe
        10⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        11⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
        12⤵
        
        PID:4352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16205.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28291.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        8⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56672.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        10⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23173.exe
        11⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
        12⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58681.exe
        13⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55286.exe
        14⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53143.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49934.exe
        9⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58227.exe
        10⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
        11⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
        12⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        13⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55328.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39929.exe
        9⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42415.exe
        10⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        11⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        12⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62322.exe
        13⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33313.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
        8⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        9⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
        10⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58845.exe
        11⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27837.exe
        12⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44001.exe
        13⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11534.exe
        7⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65009.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        9⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        10⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14748.exe
        11⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14404.exe
        12⤵
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe
        9⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14293.exe
        10⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33116.exe
        11⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        12⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        13⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60721.exe
        14⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36695.exe
        9⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        10⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
        11⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62948.exe
        12⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62749.exe
        13⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        14⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
        6⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
        7⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2342.exe
        9⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1284.exe
        10⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12258.exe
        11⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36666.exe
        12⤵
        
        PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35992.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15723.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30256.exe
        9⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
        10⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe
        11⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
        12⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        13⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
        14⤵
        
        PID:4324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36323.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39760.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
        9⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        10⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
        11⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9055.exe
        12⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46867.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47101.exe
        9⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        10⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        11⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe
        12⤵
        
        PID:4620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64165.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
        10⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
        11⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
        12⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
        13⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19946.exe
        14⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
        8⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
        10⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44948.exe
        11⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62242.exe
        12⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        13⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11433.exe
        9⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4926.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39556.exe
        11⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9024.exe
        12⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
        13⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63967.exe
        14⤵
        
        PID:5096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe
        7⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
        8⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
        9⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
        10⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1102.exe
        11⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
        12⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        13⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
        14⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5561.exe
        7⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11293.exe
        8⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5995.exe
        9⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
        10⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        11⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14595.exe
        12⤵
        
        PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47886.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3786.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35468.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50953.exe
        8⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44158.exe
        9⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
        10⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14418.exe
        11⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
        12⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15475.exe
        13⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52670.exe
        14⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
        8⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-433.exe
        10⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        11⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1611.exe
        12⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
        7⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
        9⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
        10⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9538.exe
        11⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39786.exe
        12⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
        13⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41289.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
        6⤵
        Program crash
        
        PID:300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31550.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        8⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
        9⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47402.exe
        10⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
        11⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        12⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
        13⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5758.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        8⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        9⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46954.exe
        10⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
        11⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
        12⤵
        
        PID:4816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41258.exe
        6⤵
        
        PID:2136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 244
        7⤵
        Program crash
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
        6⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
        9⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
        10⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17577.exe
        11⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 244
        12⤵
        Program crash
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58107.exe
        8⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54662.exe
        9⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
        10⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
        11⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
        6⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57609.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38850.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11692.exe
        10⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56398.exe
        11⤵
        
        PID:5108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45011.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43636.exe
        6⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        8⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39447.exe
        10⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8630.exe
        11⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        12⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
        6⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19270.exe
        7⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16285.exe
        10⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16948.exe
        11⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
        12⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15602.exe
        5⤵
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14487.exe
        6⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28471.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
        9⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41220.exe
        10⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe
        11⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        12⤵
        
        PID:4156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe

Filesize
192KB

MD5
aef394e29e22c6335050037283d9f50a

SHA1
04caec6174743e29f61c8f527e5d9a65a77ea0bb

SHA256
d57945ecc451960c33f679d74c1edbc928d0b0781882534effe6bd9a79de5b20

SHA512
2bc61c75e5336b225577d2764d8edc5a85b82f828c9d58720a6b8e878488b631916a78f4dac90b50454e0229927b5ea8f44becbe84991854f71e1c9d70ce13d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe

Filesize
192KB

MD5
bffd963714d0aaee8e41712a0377ccd1

SHA1
45a906e5db24b918511cd359af487d89d6ee8f4f

SHA256
ef9ba4c5988303612f62fbb288d68d524f8cdbe012671e34e3fb9b83e1d55ca1

SHA512
b2ded86ba362fe3c36160f86f569c8639c222432e9066823b00ba4f4a7b1275556662d29004f6b61ff9ddaa8a1d2fc4f6df2a5ac4a0b43d52632d123c5ecc94f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe

Filesize
192KB

MD5
b68146f428089d273d72470cae35e276

SHA1
e9720c911b86cf7cdc4603da5af0ffd69f60c5b3

SHA256
2b7a0c6e878740494bfa4641e99ba845a8e5bd58728066f481f544dd105cd8e8

SHA512
87503e2d014838851ed7d37460ab1132515e2c61bb80ee64ed1bf8f4a01391d16bd6d1de6c17ea946e802cd80de74f18e64fc1d270394d419dab8eb819e831d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe

Filesize
192KB

MD5
38f2bd0d4162960eed618b130765e1b8

SHA1
d56cf18a94770e639702eaefb1d26a141abb63e9

SHA256
85a2cf8b26259b536a9ac9681a6b656817052122a16e8e0f19bc51a0be020839

SHA512
bb9d6d6336e1b9305eaae4b169fef99f81a488047fb2b837fd98d7237af3ff3d58ed2f26f07679c2e9349a671802f6c7df2615dde64a94c6b3446388081836e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe

Filesize
192KB

MD5
cf92e2978d8a612d36b45ff1b62e2284

SHA1
c2a9595ee376a5d2988719c8df42ec158818d370

SHA256
16441eaa2fa02171c878093173caecd36811600f7fe33c7ac9d5bd40aa1c727b

SHA512
1779b09efbb621f3433ca32839e90661a8b3b4a3ffa5dffded9e73d503878191dc9b9559d39d8c36084a8ac11a652c55a450f52c5b9c38ea4c5ce5180c2c91d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5623.exe

Filesize
192KB

MD5
b1e8dd00aa705062350077b226e96831

SHA1
05e7c834a0cf493ef3cbd6494ea5497172d62354

SHA256
21028f0bb6ce72a5cfb54fa2e73f13da6ac08e6843dca8324f118d6f28364c35

SHA512
3c516101e5b62fc0edf5a1881c56ccfa5e2d418875838dac25386271fc697b5adce1319060a94933ede2e5f10de901fb941d9771461f530c01ef6079377a0ef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59489.exe

Filesize
192KB

MD5
94c371d64b061a4f6fedcf930b3864e1

SHA1
ac260b8fb38817fe2af45e17d32d14c085c15cf0

SHA256
d1ab1b3a8fa66927f9b228999a5c60810dc7c2b5127abbe962e17a8c3bc7f7e0

SHA512
5cc79053ff283df315ce2ca6f0a97c56e295c09cd315c46c0ecbedb1be62aa2a66a7e8a4019da938a3d27a32226382a003ffc526aa72dd9bfba0d6d1a492977b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6189.exe

Filesize
192KB

MD5
708bb72ef62415f6ffa87ca99d2cb243

SHA1
7dd01a5680e90f3e5ee2f0d3c214c3752e73746e

SHA256
ccad3dfa735f2e4f34d8b2f662a939a5fe28e13348b9b14a2c2bc78faf0372c9

SHA512
fc50f4086116df8c2f3540b39c786563fcc35fa01318a7d34fcad1f321b3ebe8fd91abc619532ee14f3e4bb921ef9b075c85885c1b98b8ff158c39987a648dff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64320.exe

Filesize
192KB

MD5
4a5a70fbdaeb0a79786e932c31c0d53d

SHA1
f52c81f204015814969d20e720c8270d04494c8b

SHA256
30effebc6c980115a7563bd4ac2df799ecb483cd4ada0db7ca4c8d9e08248077

SHA512
48fc934345cf106533b0cbf9a0a0679bb45d45e04095499830cdc0818e7645a19e8d937ad11eabc2ab37438e51bd5655662c17e614533b3d930dd36121ddea77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe

Filesize
192KB

MD5
be0274ccfe527434aab9e32f6d94582c

SHA1
e8e37594a03fc19b5f83b30137f2a2882ba6e051

SHA256
917c173b1c34c447fd70cbccf1139a3c2f52e954489842a3203356969e8baa54

SHA512
20dd7f8170f9067825d5a999c1b070c44880ed0a03823ded7ee4ec00e7c92362eb93bba7d7a87f71eddb4af1eabf4aba15f31b986bfe4ce7b44288c1d16a2a1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11305.exe

Filesize
192KB

MD5
3bc67a4bc44c2facd8f3777dcfaecb4c

SHA1
de307fdcea0016c0fbb90f3541081d07e31fc414

SHA256
b21d2a2db3c96eaa5d2bc66ba833a7f598fc31187866e2c313bbae5baa8fd92e

SHA512
53d6620dab7a0339b545922a724dacc014203032d1b4fd08bcda6470837adae6c17037de23d7d00a1a98b5b78bd7eddf50bc947c938d4a872b1193903171a7a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11777.exe

Filesize
192KB

MD5
6787439fcc7e1dcc00d71fbfb7ade392

SHA1
bbdb490b59a6ff4d73f741fcc1c04950da19f632

SHA256
bc0f25103ecd768896c9fc8b65127ee68403b130bf349ec57000325db9fb2cca

SHA512
6a199ccf70ae6b474f27bced1fd060a04dd93dcac4ff1fcf086dc3b50ab6f2eda9395eee8ba66333dfa3b56d8f85f8beb475eb91de5673710ead2adc2da1e4a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe

Filesize
192KB

MD5
a28c9da5b707d1119decc03c21c4c40c

SHA1
733bffd41a70f9830950f00841bfc5182553e25a

SHA256
86bdcc5f6ac78aefdde3c9aa54ffc4bb921163e87f2a01cd027f3eeb0f6d0a59

SHA512
89d710306b5981bbdb8e8bbfe0ef55a2f8bdab397eab8d3671fa33a5f206e933f91a5b6258dbe04d88ec3130cb85c6c7c7934aa21146cb1f880e89c4eb5710be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16205.exe

Filesize
192KB

MD5
dcb9c9fe48b5274767ee231d8aedf35e

SHA1
55450246fe543afb23078c3dd2cde6561fd92c99

SHA256
b0da03b56209349b1120dc0fac05831c6e2fb6a5c313149b37351c7ace4dc95b

SHA512
a11668c9ee88f885c6ea729b82f8e3299295b2aab41ca8faf73dbe914ad657f009eecf1cb82807f98d27c8e3127b10b6b6c8a21054857f026064885c546727bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18357.exe

Filesize
192KB

MD5
def125b1a5f6f81c1161740d0dd1a6b4

SHA1
e713055834b5dc3c1ca81b6125460cd12bf5d4f3

SHA256
bc99ae4a7e881bdfb54db347d9f44b4b7fb901b10fa568c263d8805c691a045a

SHA512
d34784298d9046d14b26b9213f489ed1721ff129e5da50404a61c25509649310c453894d0f0d64abd4d091f6688b7823c53a52d278d7454dbf3f66ffc6a15910

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe

Filesize
192KB

MD5
2d9d5131fbf627dbc5fbfd396a428870

SHA1
1105f2869c7a5ecf5d55353e5d9c77c8b7b99995

SHA256
46f1e844e98fa427d45375ef9a208925c9ad03fb0fc40ae05c88ea8385725b1a

SHA512
c50c080e0d8836ba7ba0c212f5c8aedb0a5c95c639251061cf6d45fe846584b1c6fc3faa0571fb873deac4b1762aa0cb8a1fcbe964cd6bf73ea7f3de27ca5b02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe

Filesize
192KB

MD5
0f4cd85513a26c8558918204680cb9a8

SHA1
abb50d645c60cd2a48d719a7b41ee1306f78e9d3

SHA256
14ba71347254223b485395c0e2361d5252e4614f5bd692414ee4dddab59e0446

SHA512
6fa3c916e7a8ac8e8d77c950c1ebe57cfc9dd48b9b899273b13701edaf877ac18e6cc8e57acc253b2910347891e647b2c4a9cb7f0ee49217c898eb9f68a7083c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe

Filesize
192KB

MD5
a7d735302b574808fa923379337b335b

SHA1
d2854f8da7dda6d31b8d3d8294027045c5d4d809

SHA256
6d7b3c749087ebd02bed0eb7963a317f9e350f5b8e8145e68423b4fae3224ec6

SHA512
e20f4601bb31efef5f65c151752775c3aa87364f9e7b2c5c4e02fad28ffaf2a83ffb0694efa2457d32e88af75a50cb1911adc08c1a240963c28ca83a964777a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45348.exe

Filesize
192KB

MD5
77245886fd03183def6a80db910b65ea

SHA1
89d65930e20864aca7cc103f46afcfdeb3ab9988

SHA256
e51bcb8308ba62208d639a57ed89da82b116db614e3c13bacf9271fe736116df

SHA512
2ea7c9e68d29dcabd2592a94eced8a0cb13dc70f5c9d9403657367e825c47e98e43f325896838a499ef9d5d0d34dd6605bde7ffdc03d9a6fbc6c3f8e7f62b9f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe

Filesize
192KB

MD5
df129040dcac126faed36adceae810e1

SHA1
0cd0cf0c06a2b759d2be74e068c26244b27d2937

SHA256
c4607d5ed56ff1b808ae2848451623531867ec84b03441a452810044c6a07214

SHA512
435e9bedb336e298edcb06960ff8fae8ef5e7a3d7bec1e15e9efbe8b9af1b4e9efab0ae5079bceb6098aaeb14fd476cd8cdff263d7bc4b5b328fe948a9612a3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe

Filesize
192KB

MD5
90ea220d58644fdab1f1f2b88a4e028e

SHA1
d682459b45e37de920b3311e8b50877fe549378d

SHA256
42bd12fbd73337f650a035f5521ed4836d647000426367db836588e947982d89

SHA512
215c9d55d2c2d591c3351804a5fb4b20a2089cbbc5933bb47e9617cb3dcff278c10dc8604d942cf7cffdde30243598cc05b2a4f5b839a6291bc2879405a0c1f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49281.exe

Filesize
192KB

MD5
77f13bbf08ee0db169c122c556b6c403

SHA1
b9edf160780348256ce79d73d609a586950ef058

SHA256
93f6f977d938a248112ac7256aa158dce63eb6e4e99d7ac311b50dc961cfc5ee

SHA512
b3ed5e29a8b854ecb4bcb256bc7f9d05e3de26158dedcb221c405bfb74877e53e888228e9fb322f686e3a755a412ff0b54c55d7e9b1b69d383bcf887b2d8038f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe

Filesize
192KB

MD5
6baf082d1df1a0c81c992f12cafad0f1

SHA1
fed8d9c6cc0f0d730a8bc5d48bf8ad6f3e447107

SHA256
74b2bf7ae9a8f9a64147b1f15ad94d81392652e7d9007d48142930e6709c2e50

SHA512
0a72a87105061fd7150516b5bc5720c1f523c9479051c06810907accb832480b55075e5d652b665d5ea15dbfc626a2d5711c5e36f0f023f92be6a831fec1423e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads