e907bd56b85554a18b60d21e27b8dace7a79f67a667f3f28166ab1676afeb893

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 00:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe
Size

184KB
MD5

c618cce1200b961c20cb0fb327763d40
SHA1

dbcee76061a2ef41cafc864a018f6b096c2bb54d
SHA256

e907bd56b85554a18b60d21e27b8dace7a79f67a667f3f28166ab1676afeb893
SHA512

a0c626f0ea282f12e65ec21a4ae05506b7d050c330accc2f648a47c21d5581dfe6f49952a71ecadacefc241e9b93cd6af94e338708ae6c1b1daa6f14286b1070
SSDEEP

3072:D7IMoT8PVUA0NO2qddxsY80N9pM6Su0IiDyx3Lz5pNlPvyF8:D7voyl0NsdjsY8YZDDNlPvyF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2004	Unicorn-61683.exe
2488	Unicorn-55558.exe
2580	Unicorn-48822.exe
1352	Unicorn-52744.exe
2408	Unicorn-51628.exe
2556	Unicorn-53704.exe
2792	Unicorn-9958.exe
1768	Unicorn-42448.exe
1016	Unicorn-44525.exe
2372	Unicorn-63274.exe
1220	Unicorn-25619.exe
2280	Unicorn-40512.exe
1724	Unicorn-49069.exe
1316	Unicorn-30336.exe
1580	Unicorn-61830.exe
1176	Unicorn-59718.exe
3028	Unicorn-39852.exe
2364	Unicorn-25676.exe
2076	Unicorn-51612.exe
576	Unicorn-26821.exe
1708	Unicorn-38449.exe
1872	Unicorn-39068.exe
696	Unicorn-19717.exe
700	Unicorn-29233.exe
1152	Unicorn-5767.exe
3036	Unicorn-15284.exe
1988	Unicorn-26510.exe
1788	Unicorn-61512.exe
1688	Unicorn-55160.exe
612	Unicorn-9488.exe
2340	Unicorn-25934.exe
2260	Unicorn-40634.exe
2740	Unicorn-36129.exe
1432	Unicorn-2366.exe
2256	Unicorn-14551.exe
1532	Unicorn-25953.exe
2868	Unicorn-6087.exe
3020	Unicorn-8931.exe
2132	Unicorn-7571.exe
2652	Unicorn-48542.exe
2584	Unicorn-46046.exe
1992	Unicorn-62932.exe
2548	Unicorn-15725.exe
2428	Unicorn-31385.exe
2656	Unicorn-20333.exe
1172	Unicorn-3311.exe
876	Unicorn-61344.exe
1712	Unicorn-28138.exe
1576	Unicorn-42611.exe
2444	Unicorn-39766.exe
240	Unicorn-41075.exe
2296	Unicorn-7260.exe
2488	Unicorn-11064.exe
1212	Unicorn-22132.exe
2200	Unicorn-63143.exe
1548	Unicorn-1986.exe
1452	Unicorn-33481.exe
1552	Unicorn-33481.exe
2112	Unicorn-56999.exe
2204	Unicorn-44358.exe
1192	Unicorn-29147.exe
1088	Unicorn-63922.exe
1148	Unicorn-1099.exe
2808	Unicorn-64498.exe

Loads dropped DLL 64 IoCs

pid	Process
1992	c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe
1992	c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe
2004	Unicorn-61683.exe
1992	c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe
2004	Unicorn-61683.exe
1992	c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe
2488	Unicorn-55558.exe
2488	Unicorn-55558.exe
2004	Unicorn-61683.exe
2004	Unicorn-61683.exe
2580	Unicorn-48822.exe
2580	Unicorn-48822.exe
1352	Unicorn-52744.exe
1352	Unicorn-52744.exe
2488	Unicorn-55558.exe
2488	Unicorn-55558.exe
2408	Unicorn-51628.exe
2408	Unicorn-51628.exe
2556	Unicorn-53704.exe
2556	Unicorn-53704.exe
2580	Unicorn-48822.exe
2580	Unicorn-48822.exe
2792	Unicorn-9958.exe
2792	Unicorn-9958.exe
1352	Unicorn-52744.exe
1352	Unicorn-52744.exe
1768	Unicorn-42448.exe
1768	Unicorn-42448.exe
1016	Unicorn-44525.exe
1016	Unicorn-44525.exe
1220	Unicorn-25619.exe
1220	Unicorn-25619.exe
2408	Unicorn-51628.exe
2408	Unicorn-51628.exe
2372	Unicorn-63274.exe
2372	Unicorn-63274.exe
2556	Unicorn-53704.exe
2556	Unicorn-53704.exe
2280	Unicorn-40512.exe
2280	Unicorn-40512.exe
2792	Unicorn-9958.exe
1724	Unicorn-49069.exe
2792	Unicorn-9958.exe
1724	Unicorn-49069.exe
1316	Unicorn-30336.exe
1316	Unicorn-30336.exe
1768	Unicorn-42448.exe
1768	Unicorn-42448.exe
1580	Unicorn-61830.exe
1580	Unicorn-61830.exe
1016	Unicorn-44525.exe
1016	Unicorn-44525.exe
3028	Unicorn-39852.exe
1176	Unicorn-59718.exe
1176	Unicorn-59718.exe
3028	Unicorn-39852.exe
1220	Unicorn-25619.exe
1220	Unicorn-25619.exe
2076	Unicorn-51612.exe
2076	Unicorn-51612.exe
2364	Unicorn-25676.exe
2364	Unicorn-25676.exe
2372	Unicorn-63274.exe
2372	Unicorn-63274.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2604	2524	WerFault.exe	245
1660	1576	WerFault.exe	273
780	1780	WerFault.exe	226
2572	2440	WerFault.exe	225

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1992	c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe
2004	Unicorn-61683.exe
2488	Unicorn-55558.exe
2580	Unicorn-48822.exe
1352	Unicorn-52744.exe
2408	Unicorn-51628.exe
2556	Unicorn-53704.exe
2792	Unicorn-9958.exe
1768	Unicorn-42448.exe
1016	Unicorn-44525.exe
2372	Unicorn-63274.exe
1220	Unicorn-25619.exe
2280	Unicorn-40512.exe
1724	Unicorn-49069.exe
1316	Unicorn-30336.exe
1580	Unicorn-61830.exe
3028	Unicorn-39852.exe
2364	Unicorn-25676.exe
1176	Unicorn-59718.exe
2076	Unicorn-51612.exe
576	Unicorn-26821.exe
1872	Unicorn-39068.exe
1708	Unicorn-38449.exe
696	Unicorn-19717.exe
700	Unicorn-29233.exe
1152	Unicorn-5767.exe
3036	Unicorn-15284.exe
1788	Unicorn-61512.exe
1988	Unicorn-26510.exe
612	Unicorn-9488.exe
1688	Unicorn-55160.exe
2340	Unicorn-25934.exe
2260	Unicorn-40634.exe
2740	Unicorn-36129.exe
1432	Unicorn-2366.exe
2256	Unicorn-14551.exe
2868	Unicorn-6087.exe
1532	Unicorn-25953.exe
3020	Unicorn-8931.exe
2132	Unicorn-7571.exe
2652	Unicorn-48542.exe
2584	Unicorn-46046.exe
1992	Unicorn-62932.exe
2548	Unicorn-15725.exe
2656	Unicorn-20333.exe
2428	Unicorn-31385.exe
1172	Unicorn-3311.exe
876	Unicorn-61344.exe
1712	Unicorn-28138.exe
1576	Unicorn-42611.exe
2296	Unicorn-7260.exe
240	Unicorn-41075.exe
2488	Unicorn-11064.exe
1212	Unicorn-22132.exe
2200	Unicorn-63143.exe
1452	Unicorn-33481.exe
1548	Unicorn-1986.exe
1552	Unicorn-33481.exe
2112	Unicorn-56999.exe
2204	Unicorn-44358.exe
1192	Unicorn-29147.exe
1088	Unicorn-63922.exe
1148	Unicorn-1099.exe
2808	Unicorn-64498.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2004	1992	c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe	28
PID 1992 wrote to memory of 2004	1992	c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe	28
PID 1992 wrote to memory of 2004	1992	c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe	28
PID 1992 wrote to memory of 2004	1992	c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe	28
PID 2004 wrote to memory of 2488	2004	Unicorn-61683.exe	29
PID 2004 wrote to memory of 2488	2004	Unicorn-61683.exe	29
PID 2004 wrote to memory of 2488	2004	Unicorn-61683.exe	29
PID 2004 wrote to memory of 2488	2004	Unicorn-61683.exe	29
PID 1992 wrote to memory of 2580	1992	c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe	30
PID 1992 wrote to memory of 2580	1992	c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe	30
PID 1992 wrote to memory of 2580	1992	c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe	30
PID 1992 wrote to memory of 2580	1992	c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe	30
PID 2488 wrote to memory of 1352	2488	Unicorn-55558.exe	31
PID 2488 wrote to memory of 1352	2488	Unicorn-55558.exe	31
PID 2488 wrote to memory of 1352	2488	Unicorn-55558.exe	31
PID 2488 wrote to memory of 1352	2488	Unicorn-55558.exe	31
PID 2004 wrote to memory of 2408	2004	Unicorn-61683.exe	32
PID 2004 wrote to memory of 2408	2004	Unicorn-61683.exe	32
PID 2004 wrote to memory of 2408	2004	Unicorn-61683.exe	32
PID 2004 wrote to memory of 2408	2004	Unicorn-61683.exe	32
PID 2580 wrote to memory of 2556	2580	Unicorn-48822.exe	33
PID 2580 wrote to memory of 2556	2580	Unicorn-48822.exe	33
PID 2580 wrote to memory of 2556	2580	Unicorn-48822.exe	33
PID 2580 wrote to memory of 2556	2580	Unicorn-48822.exe	33
PID 1352 wrote to memory of 2792	1352	Unicorn-52744.exe	34
PID 1352 wrote to memory of 2792	1352	Unicorn-52744.exe	34
PID 1352 wrote to memory of 2792	1352	Unicorn-52744.exe	34
PID 1352 wrote to memory of 2792	1352	Unicorn-52744.exe	34
PID 2488 wrote to memory of 1768	2488	Unicorn-55558.exe	35
PID 2488 wrote to memory of 1768	2488	Unicorn-55558.exe	35
PID 2488 wrote to memory of 1768	2488	Unicorn-55558.exe	35
PID 2488 wrote to memory of 1768	2488	Unicorn-55558.exe	35
PID 2408 wrote to memory of 1016	2408	Unicorn-51628.exe	36
PID 2408 wrote to memory of 1016	2408	Unicorn-51628.exe	36
PID 2408 wrote to memory of 1016	2408	Unicorn-51628.exe	36
PID 2408 wrote to memory of 1016	2408	Unicorn-51628.exe	36
PID 2556 wrote to memory of 2372	2556	Unicorn-53704.exe	37
PID 2556 wrote to memory of 2372	2556	Unicorn-53704.exe	37
PID 2556 wrote to memory of 2372	2556	Unicorn-53704.exe	37
PID 2556 wrote to memory of 2372	2556	Unicorn-53704.exe	37
PID 2580 wrote to memory of 1220	2580	Unicorn-48822.exe	38
PID 2580 wrote to memory of 1220	2580	Unicorn-48822.exe	38
PID 2580 wrote to memory of 1220	2580	Unicorn-48822.exe	38
PID 2580 wrote to memory of 1220	2580	Unicorn-48822.exe	38
PID 2792 wrote to memory of 2280	2792	Unicorn-9958.exe	39
PID 2792 wrote to memory of 2280	2792	Unicorn-9958.exe	39
PID 2792 wrote to memory of 2280	2792	Unicorn-9958.exe	39
PID 2792 wrote to memory of 2280	2792	Unicorn-9958.exe	39
PID 1352 wrote to memory of 1724	1352	Unicorn-52744.exe	40
PID 1352 wrote to memory of 1724	1352	Unicorn-52744.exe	40
PID 1352 wrote to memory of 1724	1352	Unicorn-52744.exe	40
PID 1352 wrote to memory of 1724	1352	Unicorn-52744.exe	40
PID 1768 wrote to memory of 1316	1768	Unicorn-42448.exe	41
PID 1768 wrote to memory of 1316	1768	Unicorn-42448.exe	41
PID 1768 wrote to memory of 1316	1768	Unicorn-42448.exe	41
PID 1768 wrote to memory of 1316	1768	Unicorn-42448.exe	41
PID 1016 wrote to memory of 1580	1016	Unicorn-44525.exe	42
PID 1016 wrote to memory of 1580	1016	Unicorn-44525.exe	42
PID 1016 wrote to memory of 1580	1016	Unicorn-44525.exe	42
PID 1016 wrote to memory of 1580	1016	Unicorn-44525.exe	42
PID 1220 wrote to memory of 1176	1220	Unicorn-25619.exe	43
PID 1220 wrote to memory of 1176	1220	Unicorn-25619.exe	43
PID 1220 wrote to memory of 1176	1220	Unicorn-25619.exe	43
PID 1220 wrote to memory of 1176	1220	Unicorn-25619.exe	43

C:\Users\Admin\AppData\Local\Temp\c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c618cce1200b961c20cb0fb327763d40_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61683.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61683.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26821.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36129.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22132.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16215.exe
        10⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40732.exe
        11⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28424.exe
        12⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36062.exe
        13⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
        14⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        9⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61640.exe
        10⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
        11⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27415.exe
        12⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
        13⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43279.exe
        14⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59952.exe
        13⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
        10⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
        11⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
        12⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36062.exe
        13⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35589.exe
        9⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
        10⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        11⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-422.exe
        12⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21121.exe
        13⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14020.exe
        10⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
        11⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        12⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37249.exe
        8⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35461.exe
        9⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53571.exe
        10⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
        11⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        12⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
        9⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26846.exe
        10⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63563.exe
        11⤵
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25953.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        10⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43691.exe
        8⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30853.exe
        9⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36643.exe
        10⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        11⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56999.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12655.exe
        8⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62832.exe
        10⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        11⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
        10⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        11⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        9⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        10⤵
        
        PID:2524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
        11⤵
        Program crash
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63922.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54679.exe
        9⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8729.exe
        10⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
        11⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29823.exe
        12⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        13⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
        8⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1260.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51240.exe
        10⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21971.exe
        11⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        12⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32838.exe
        13⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        10⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13436.exe
        11⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
        12⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        13⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19585.exe
        14⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
        7⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32913.exe
        8⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51810.exe
        10⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64498.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46233.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26112.exe
        10⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        12⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16405.exe
        13⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        14⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
        7⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe
        9⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22662.exe
        10⤵
        
        PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19717.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5026.exe
        9⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        10⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
        11⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        12⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
        11⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52234.exe
        8⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7571.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63557.exe
        8⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29572.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        11⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        12⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        13⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
        11⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44827.exe
        12⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
        7⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46836.exe
        8⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2704.exe
        9⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33259.exe
        10⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
        11⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
        8⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        9⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53571.exe
        10⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        11⤵
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44358.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65011.exe
        8⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        10⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33683.exe
        8⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11535.exe
        9⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32446.exe
        10⤵
        
        PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44525.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44525.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
        8⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40732.exe
        9⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10476.exe
        10⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        9⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
        10⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52075.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
        9⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        10⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6240.exe
        11⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
        12⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        13⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18435.exe
        12⤵
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62932.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
        7⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33885.exe
        8⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
        9⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        10⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        11⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26188.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
        9⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59955.exe
        10⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
        9⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15284.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20333.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40991.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
        9⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53148.exe
        10⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        6⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
        8⤵
        
        PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
        7⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21859.exe
        8⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
        9⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8764.exe
        6⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5878.exe
        8⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
        6⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12643.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25673.exe
        9⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57869.exe
        10⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
        11⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61168.exe
        8⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9719.exe
        9⤵
        
        PID:2428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3311.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
        8⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
        9⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
        10⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
        11⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54571.exe
        7⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        8⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21609.exe
        10⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1099.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30496.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        10⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20424.exe
        11⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
        11⤵
        Program crash
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52234.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
        8⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27905.exe
        9⤵
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42611.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12547.exe
        7⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26380.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        10⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
        11⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        12⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62827.exe
        6⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
        7⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        9⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4705.exe
        10⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32678.exe
        9⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33356.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22636.exe
        7⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        8⤵
        
        PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9488.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58302.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33000.exe
        9⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42733.exe
        6⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
        7⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7260.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
        6⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32873.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54822.exe
        8⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
        9⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22931.exe
        10⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        11⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
        8⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2076.exe
        10⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        11⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
        11⤵
        Program crash
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48235.exe
        10⤵
        
        PID:2240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
        10⤵
        Program crash
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13194.exe
        6⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32314.exe
        8⤵
        
        PID:2396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28138.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6403.exe
        7⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41308.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27690.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18786.exe
        10⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        11⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13436.exe
        12⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
        9⤵
        
        PID:480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-959.exe
        6⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
        8⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
        9⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        10⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25380.exe
        11⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        9⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
        10⤵
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        5⤵
        Executes dropped EXE
        
        PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11064.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
        6⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26380.exe
        7⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50702.exe
        8⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19585.exe
        9⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26672.exe
        5⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40697.exe
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33000.exe
        8⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
        9⤵
        
        PID:2348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe

Filesize
184KB

MD5
61b727ff6b955e2b030996cbd67c8b52

SHA1
a347c0cd8d4aaf31623616cad29e51262fe19bfc

SHA256
4d9f4e5857cc0c281f51d7c9e10f93ea0e8290e128afb3c509e08359c2c04f0b

SHA512
f31ed8a7c4ba91b463af43ab32a18120f883a740984d4bf95932c9862a4800ace7609511fc60d0c201d58b655af73908a6c33c4286bb98beed8cceed09792c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe

Filesize
184KB

MD5
c1ccd6c21ba499c1a48d6d355f5be996

SHA1
783ca4a729edaabafa8a8a865fc518ddbd9905a8

SHA256
9f8753ea850dcd65bb2900eb9660764d3d2841c38aad6d26a5a3e33d1d8c8766

SHA512
f3bb1975cc3e58ed021c067bd8b59a6158677ab1beec968c75d8611248e7a9025556103bd99d9f1cfa33a073863c3363aba2b73eea2fbf29e28bf289a4bac919

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40634.exe

Filesize
184KB

MD5
dff28d89a86180085304d476e3d4787f

SHA1
099f41d15fee8634b2f56a9d6f72af4710a09ede

SHA256
9f50a0ed4fb34764d0beccff7a944212fdd0412793753fd67284ef00d1441f98

SHA512
f899e6cb18da8e993c43f0e83140e42f9d934ac33513c7581bae98711249e3ef6cc179e405d469315bfc2de5d3c0b96aa127099df7adc0c98b04479fe3c16fe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe

Filesize
184KB

MD5
482134469608642fc0c66d53417c4136

SHA1
89c27e46dfea2e53073dd9f0133489b9bd2b4dc3

SHA256
4f9634fbf8ca69582be3a34ff6038d5662bdc1f94833da60bf2586f88d0baf1a

SHA512
68a92c048ea073cf86758939f781ed4f70a8506db7e7a11980c9fc3cbec8ee28c6e392a4d0827da3779e4263176d91250210d035c5d3a952bb0dd8ce9731b40e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52744.exe

Filesize
184KB

MD5
2daa62662b21cf981fcec81e0d15056a

SHA1
1a21ec77e4324662cc8f048b0c58a1c7105e98e7

SHA256
7b20c43e77c5186d717a8f98b1816da647cd86f667c34c31953533a0bcd6b5aa

SHA512
c5c1a6c19c2b3f1814c05e537223eb9b4317393a2837e29af61ebc7aed0ace5a711663ff3ab30882aba07da79c529a41ad3efef4348718b66b29e836c357f02c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53704.exe

Filesize
184KB

MD5
47ada2c7014f28f5d5b6a55b5b7fb4ea

SHA1
38ceda811e30be70aa5ab1a8616998e3a5dafbdd

SHA256
27a7412ecbb3f3c9ba2f382484aca630c9bcecaa46ba6d5294557bd1d207e52c

SHA512
48c892f13f593706994a001b6fddff11383f7b05b1f159201b2f0c911e7fe05c61f0ac48f17a6c01615efe64fe7ee550f926e42e1dfa68c10f2ae32e43633fbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5767.exe

Filesize
184KB

MD5
05164299a5961433f76fe9926124c51a

SHA1
4b49a3e4e7e53f882df9f65dd687c73baa9c2310

SHA256
baf633d7fa8858a32e3f65131ed51dfbe8846875bf54661eff301d0115ca2a78

SHA512
eb804fe55efc9386da92baafb7e2a973ba5611d099df76436ccbf48ba1d3569b946e42a1505247c147029c1bf819943a223a563471413168b2930c510b12dadc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe

Filesize
184KB

MD5
4cb78b91a378a315ee7a1ef94538a26c

SHA1
0a9b7732d97ec7737f65715f23c0da6ab22bc6cf

SHA256
1bb8f2cdf06571e40112037f18790e0ff2a34ab5881e11961fb29b936836a4c7

SHA512
c3fd8dc23e40c4162f39fb6b61a8e0c3e9411a2392b83456f5aed9956857fc6986d82a12919b9ab3cd39841971c4c27ea5de95897b5e069c8a303a4a3ae1781f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6240.exe

Filesize
184KB

MD5
f745fb45f5ee3a6a5e3f7271d915a9fd

SHA1
98ab4be594a1065e7c925524d21338b202f1327c

SHA256
a0aa29da21ffbaa81ee9d84ef26287a4dd36b557b5ab4e08138964acb9e8d761

SHA512
43f4ef567115fb7ac638330dcad04f6bcd0c26e0861097e59ea6fd221cdb47a9627b77b7b7c1d9fe82a08004ad37299b68e3abff0208c6d6adc3a41caa8bef35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63274.exe

Filesize
184KB

MD5
16efdd54e07d6253d178968658dd9b6f

SHA1
2b152e1fe07b489787405543fd3d07efcd6f2cf5

SHA256
036b72c93fdd37e09f9f14876275ccc968ea7e2d0b32fec4d236010f689d4f83

SHA512
23a3a11ac345b6b250c59c5dd7ec99a433793a476026df48e492b0efa21ade2987e064ca61d4634514c0180e6d1ff207d143b4ccacda291f088aa66323829ee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6403.exe

Filesize
184KB

MD5
676f5bf9394ecf81f558d79358744b78

SHA1
5a118910577419974a49f41c4296bf6ef33d0a74

SHA256
13a705a19c01e095afcd32f68eed66ae15fc907b353209898935e5306f83dc4c

SHA512
d501318bdbbfcc90fe0744703d852a2a75e02e9afd2f94b794f4dbc77d858f898b4f22c465bd1a805fc605782d1b3a62307b25c22609911475af3b25a7ee5626

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe

Filesize
184KB

MD5
49e8395c5eaf3160bdd0dcd7878b9736

SHA1
7f617726c9510cbe04989aa1eff78fe6676ee95c

SHA256
cf84149b63d9cd088d0516d5d9b8fd69f5c6f5bc927acfb3e18e0c6601506814

SHA512
f778b49b2649e1d04443c4a1eebe52294fb5126e1aa6280b3f1b90464440a6cbdfe3787c5883d0c0544868e53cc6fd4b2a59a9b6c41d7518dd21fefa143c9d02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25676.exe

Filesize
184KB

MD5
91064865b0d8f4ff2401698b401524a1

SHA1
7c0b8668fac0cf9bf4c81b9053310b8c702b5cf0

SHA256
dcb88514eb15b29667aac1fb6f9d1d0c52db3275ff8ce1ad2612edf18e56cc2c

SHA512
935301f60025c3478c68d2cf4fd38edf935fdec0d46b62079f11130300f53332794e3c157ac51e4387a8def85f6241377b01c1d5be75a9b4d53456cd1358a2d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe

Filesize
184KB

MD5
2612b4ecb6411b65596ffc2befa70aa5

SHA1
82c459b1aeef2501dafe15cd9b8f9bf640744464

SHA256
e3c9bdb1aeba7ebeec32ed3469a5119bf2fe0b15979258cf9d508bfedb85a96a

SHA512
1d1df4ae44e6f42b91b5d5488ea0ba8844c5c5f5fdf23c3635317726c16429bc5a488bd9f1cdde0629a961c770f907fdb64b510e705afda20306d7589dde2863

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe

Filesize
184KB

MD5
71bbaee58f293ba6708a6922a29cd856

SHA1
44e0c74e00ed29e90a8b272c3ff3e468ea84977d

SHA256
0aab4e0b792cf5e965863323a53d6225ccf6eec6c8946fcdf3b3e40c6bb33a1b

SHA512
1697359db5fc0faf24ee8ebcbc9f1a93755b0fe0e0587e55931870f3acad43b908f4068ad0492767152a7134b947afbfc4b175e43b9fb634c9c7b1257d3a6714

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe

Filesize
184KB

MD5
b8e8d76878a09ee072456619c00a6b7a

SHA1
0cde6967b4872f1493b281c6629b241df392b781

SHA256
f5e6449944bdf8c6905272095cd15c367eb9d0bf63b399f740793804f7509d57

SHA512
e721730bf5c4cb2701bd1c22f1477fdd97ce1bf2ff0350f92e4fcf27b8bf483c798a0d9a1244d579c4346c02cdbfad2a41fbfb9b6b0c44a6f0cd7f64b5654f2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44525.exe

Filesize
184KB

MD5
5eb8affbd4a3402de557e07f76f83407

SHA1
f31cf0d0359901c1ec071474fa8ffc5c9888ec11

SHA256
d1e02d47470c05f3d04a2660e9cd35951c2e83f3a48786d4fec026d7e3119dd5

SHA512
2e16cd648cf95da1ea3e1b84ee0ccf63f970af9861d0bf510c7173880e70e5dfc6123f5f98896dca0bb939932eb98b0996b59995a7a12e962ce0be68bd5b3ee4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe

Filesize
184KB

MD5
499f3d5b8b19cd6d09ff0922ff268a98

SHA1
2f8fceb82756ba59ee14075efa69a0a297e6ff98

SHA256
78e224a091a4155ddf8e60d28da7ba38dd21883becc6d9f95be20b991ea81607

SHA512
0c77f4e39963495a2536a3144b3fb2b13408d41366abb657b79f22a01b6cc64e01ab960400052f4a3a7f2ecb314bda8f0a16e5a2e1c57b73db359e2d3dc6b3af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49069.exe

Filesize
184KB

MD5
174e4e832bf9d9e1bd0eeffbb6176cec

SHA1
ecdbe5d3b5e4acb0e1236932d6972f126377926a

SHA256
c43f5d80fa3bd3446cf5a5a37a6ea3fadcf15d821ccc583825398dde185d43df

SHA512
8b4ccc7e158cc768a6fde070e449e5647a507a5bd5cefd204d457fdaed91b92f2684fa06da85bdb448060c65186d18b3678d5048e3f35718f838997c1ff7b946

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe

Filesize
184KB

MD5
964812d835d917efbe0b04954e3c8661

SHA1
d73250ef79e36b87a467cf009a0920a94f35d19a

SHA256
b7d2ff347464f589ec17c57a45ec28285fe6ea658e70d6d2de45604e59398ebf

SHA512
58cf09f13fbb3ae9e9159f53198143a6c5f784895da0bfb41f6c05b9c2e6df615ff1bbdd7ca05e30d638d6d9209869f719444a77527c851cd88fcddd3a8cc8a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61683.exe

Filesize
184KB

MD5
be8286fd57179e1fddb5605c16666cb6

SHA1
70c2b53c69bc5907c4abe447d9f05e5f02515145

SHA256
8e3fe2f7b381c5b03551e4a0f62629e27942edcbfedd3350a33c1502c8c3217e

SHA512
441259864e9ff96ba0d7491b8e052500972c56211ca2d0cea17b63fea755dbafaec3bd9e7354b8e307e7d74542ab9531e7f40ba8e47c3c3b1f526ca7272b7837

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61830.exe

Filesize
184KB

MD5
342883128e35410ec6b900317d117fe4

SHA1
a897ac0448b59c2e22ef6eb3b86faae435b1b38c

SHA256
3eb788e852d9a23922ee92fdc02e9c116f24a0150e61a6d495d2da03b909bb92

SHA512
0c247bf74cf968a10dedea805a23b2a38917d8a9f1cca9f2f58bafb50fb576fdcb59729b7fae4c8e74a8ea107bdbf266cccdb12bfcf4d9f2ffb53bcea5fd6c74

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9958.exe

Filesize
184KB

MD5
1090c4442f63f727ff8475cb8a8e6d6f

SHA1
68b625b721650064c2bc0beb94885b6b9de49bc5

SHA256
be0041d3929f770124e67d6c4923d8f62f9a56d670d94d4576c4a1b652e23d35

SHA512
08f9e885f19559c5a0ea3d04652c8543bc8bb30b0345c55374633e15e5dbed05d7d72082f52301328bea7f23c995c4c69310deb1ee17b045dfa2dddebf88564d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads