cb43e6264a2dd48a24e617a98ff710438a83b3455af5bac6b2f782e21340cd79

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe
Size

192KB
MD5

cbf0f763b900b6d2dece08ef63b00b8e
SHA1

29bef4234364703ed4516ad0d50291c8f03617da
SHA256

cb43e6264a2dd48a24e617a98ff710438a83b3455af5bac6b2f782e21340cd79
SHA512

a137f1387321d280805a0a2fe9712d36eed7ff668a5f82ffe8c4f80e25cf8b5864d183268045018d2e439d28381620bfbd6953eb897b3da33985cb2cedd466e9
SSDEEP

3072:JnnTomK8HPwa+NjgqtzF/7GJsTWJJfIIkIxPxoNpxlvbpFf:JnToK4a+eqBF/7UQ8KxlvbpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2432	Unicorn-25772.exe
2460	Unicorn-22129.exe
2564	Unicorn-34935.exe
2624	Unicorn-52850.exe
2536	Unicorn-120.exe
2616	Unicorn-36130.exe
2952	Unicorn-48063.exe
1480	Unicorn-7414.exe
2020	Unicorn-20221.exe
1392	Unicorn-15582.exe
2588	Unicorn-11093.exe
1668	Unicorn-42905.exe
2152	Unicorn-47352.exe
1556	Unicorn-55240.exe
1644	Unicorn-27014.exe
1204	Unicorn-31120.exe
1676	Unicorn-47456.exe
2276	Unicorn-22184.exe
2896	Unicorn-11062.exe
1144	Unicorn-30866.exe
1828	Unicorn-22506.exe
340	Unicorn-11384.exe
1872	Unicorn-17218.exe
1972	Unicorn-61820.exe
748	Unicorn-23549.exe
2740	Unicorn-58717.exe
920	Unicorn-47020.exe
1004	Unicorn-34021.exe
1504	Unicorn-40714.exe
864	Unicorn-60580.exe
1604	Unicorn-16594.exe
2556	Unicorn-31389.exe
2504	Unicorn-31389.exe
2612	Unicorn-51255.exe
2852	Unicorn-51255.exe
2712	Unicorn-51255.exe
2456	Unicorn-9454.exe
2576	Unicorn-59039.exe
2660	Unicorn-39173.exe
2368	Unicorn-31110.exe
2780	Unicorn-52085.exe
1876	Unicorn-55998.exe
2684	Unicorn-65510.exe
3028	Unicorn-61296.exe
2596	Unicorn-165.exe
752	Unicorn-60144.exe
2016	Unicorn-52272.exe
1820	Unicorn-46543.exe
1744	Unicorn-40944.exe
1512	Unicorn-1530.exe
1916	Unicorn-34011.exe
2264	Unicorn-21737.exe
1164	Unicorn-20498.exe
1308	Unicorn-54514.exe
1000	Unicorn-51369.exe
1540	Unicorn-5697.exe
320	Unicorn-7617.exe
1740	Unicorn-6932.exe
2816	Unicorn-26755.exe
3000	Unicorn-46621.exe
2104	Unicorn-46621.exe
1576	Unicorn-55173.exe
2476	Unicorn-14763.exe
2600	Unicorn-55604.exe

Loads dropped DLL 64 IoCs

pid	Process
1664	cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe
1664	cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe
2432	Unicorn-25772.exe
2432	Unicorn-25772.exe
1664	cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe
1664	cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe
2460	Unicorn-22129.exe
2460	Unicorn-22129.exe
2432	Unicorn-25772.exe
2432	Unicorn-25772.exe
2564	Unicorn-34935.exe
2564	Unicorn-34935.exe
2536	Unicorn-120.exe
2536	Unicorn-120.exe
2624	Unicorn-52850.exe
2624	Unicorn-52850.exe
2460	Unicorn-22129.exe
2616	Unicorn-36130.exe
2616	Unicorn-36130.exe
2460	Unicorn-22129.exe
2564	Unicorn-34935.exe
2564	Unicorn-34935.exe
2952	Unicorn-48063.exe
2952	Unicorn-48063.exe
2536	Unicorn-120.exe
2536	Unicorn-120.exe
1480	Unicorn-7414.exe
1480	Unicorn-7414.exe
2624	Unicorn-52850.exe
2624	Unicorn-52850.exe
1392	Unicorn-15582.exe
1392	Unicorn-15582.exe
2020	Unicorn-20221.exe
2020	Unicorn-20221.exe
2588	Unicorn-11093.exe
2588	Unicorn-11093.exe
2616	Unicorn-36130.exe
2616	Unicorn-36130.exe
2152	Unicorn-47352.exe
2152	Unicorn-47352.exe
1668	Unicorn-42905.exe
1668	Unicorn-42905.exe
2952	Unicorn-48063.exe
2952	Unicorn-48063.exe
1556	Unicorn-55240.exe
1556	Unicorn-55240.exe
1480	Unicorn-7414.exe
1480	Unicorn-7414.exe
1644	Unicorn-27014.exe
1644	Unicorn-27014.exe
1676	Unicorn-47456.exe
1676	Unicorn-47456.exe
2588	Unicorn-11093.exe
2588	Unicorn-11093.exe
2896	Unicorn-11062.exe
2896	Unicorn-11062.exe
1520	WerFault.exe
1520	WerFault.exe
1520	WerFault.exe
1520	WerFault.exe
1520	WerFault.exe
1520	WerFault.exe
1392	Unicorn-15582.exe
1392	Unicorn-15582.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
1520	2276	WerFault.exe	45
2640	1188	WerFault.exe	101
2060	324	WerFault.exe	164
2056	2148	WerFault.exe	133
1252	1812	WerFault.exe	201
1508	2268	WerFault.exe	248
2272	1108	WerFault.exe	375

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1664	cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe
2432	Unicorn-25772.exe
2460	Unicorn-22129.exe
2564	Unicorn-34935.exe
2536	Unicorn-120.exe
2624	Unicorn-52850.exe
2616	Unicorn-36130.exe
2952	Unicorn-48063.exe
2020	Unicorn-20221.exe
1480	Unicorn-7414.exe
1392	Unicorn-15582.exe
2588	Unicorn-11093.exe
2152	Unicorn-47352.exe
1668	Unicorn-42905.exe
1556	Unicorn-55240.exe
1644	Unicorn-27014.exe
1676	Unicorn-47456.exe
2896	Unicorn-11062.exe
1204	Unicorn-31120.exe
2276	Unicorn-22184.exe
1144	Unicorn-30866.exe
1828	Unicorn-22506.exe
340	Unicorn-11384.exe
1872	Unicorn-17218.exe
1972	Unicorn-61820.exe
748	Unicorn-23549.exe
2740	Unicorn-58717.exe
920	Unicorn-47020.exe
1004	Unicorn-34021.exe
1504	Unicorn-40714.exe
864	Unicorn-60580.exe
1604	Unicorn-16594.exe
2612	Unicorn-51255.exe
2556	Unicorn-31389.exe
2576	Unicorn-59039.exe
2712	Unicorn-51255.exe
2852	Unicorn-51255.exe
2660	Unicorn-39173.exe
2456	Unicorn-9454.exe
2504	Unicorn-31389.exe
2780	Unicorn-52085.exe
2368	Unicorn-31110.exe
1876	Unicorn-55998.exe
2684	Unicorn-65510.exe
2596	Unicorn-165.exe
3028	Unicorn-61296.exe
752	Unicorn-60144.exe
2016	Unicorn-52272.exe
1820	Unicorn-46543.exe
1744	Unicorn-40944.exe
1512	Unicorn-1530.exe
1916	Unicorn-34011.exe
2264	Unicorn-21737.exe
1164	Unicorn-20498.exe
1308	Unicorn-54514.exe
1540	Unicorn-5697.exe
1000	Unicorn-51369.exe
320	Unicorn-7617.exe
1740	Unicorn-6932.exe
2816	Unicorn-26755.exe
2104	Unicorn-46621.exe
3000	Unicorn-46621.exe
1576	Unicorn-55173.exe
2600	Unicorn-55604.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2432	1664	cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe	28
PID 1664 wrote to memory of 2432	1664	cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe	28
PID 1664 wrote to memory of 2432	1664	cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe	28
PID 1664 wrote to memory of 2432	1664	cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe	28
PID 2432 wrote to memory of 2460	2432	Unicorn-25772.exe	29
PID 2432 wrote to memory of 2460	2432	Unicorn-25772.exe	29
PID 2432 wrote to memory of 2460	2432	Unicorn-25772.exe	29
PID 2432 wrote to memory of 2460	2432	Unicorn-25772.exe	29
PID 1664 wrote to memory of 2564	1664	cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe	30
PID 1664 wrote to memory of 2564	1664	cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe	30
PID 1664 wrote to memory of 2564	1664	cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe	30
PID 1664 wrote to memory of 2564	1664	cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe	30
PID 2460 wrote to memory of 2624	2460	Unicorn-22129.exe	31
PID 2460 wrote to memory of 2624	2460	Unicorn-22129.exe	31
PID 2460 wrote to memory of 2624	2460	Unicorn-22129.exe	31
PID 2460 wrote to memory of 2624	2460	Unicorn-22129.exe	31
PID 2432 wrote to memory of 2536	2432	Unicorn-25772.exe	32
PID 2432 wrote to memory of 2536	2432	Unicorn-25772.exe	32
PID 2432 wrote to memory of 2536	2432	Unicorn-25772.exe	32
PID 2432 wrote to memory of 2536	2432	Unicorn-25772.exe	32
PID 2564 wrote to memory of 2616	2564	Unicorn-34935.exe	33
PID 2564 wrote to memory of 2616	2564	Unicorn-34935.exe	33
PID 2564 wrote to memory of 2616	2564	Unicorn-34935.exe	33
PID 2564 wrote to memory of 2616	2564	Unicorn-34935.exe	33
PID 2536 wrote to memory of 2952	2536	Unicorn-120.exe	34
PID 2536 wrote to memory of 2952	2536	Unicorn-120.exe	34
PID 2536 wrote to memory of 2952	2536	Unicorn-120.exe	34
PID 2536 wrote to memory of 2952	2536	Unicorn-120.exe	34
PID 2624 wrote to memory of 1480	2624	Unicorn-52850.exe	35
PID 2624 wrote to memory of 1480	2624	Unicorn-52850.exe	35
PID 2624 wrote to memory of 1480	2624	Unicorn-52850.exe	35
PID 2624 wrote to memory of 1480	2624	Unicorn-52850.exe	35
PID 2616 wrote to memory of 1392	2616	Unicorn-36130.exe	37
PID 2616 wrote to memory of 1392	2616	Unicorn-36130.exe	37
PID 2616 wrote to memory of 1392	2616	Unicorn-36130.exe	37
PID 2616 wrote to memory of 1392	2616	Unicorn-36130.exe	37
PID 2460 wrote to memory of 2020	2460	Unicorn-22129.exe	36
PID 2460 wrote to memory of 2020	2460	Unicorn-22129.exe	36
PID 2460 wrote to memory of 2020	2460	Unicorn-22129.exe	36
PID 2460 wrote to memory of 2020	2460	Unicorn-22129.exe	36
PID 2564 wrote to memory of 2588	2564	Unicorn-34935.exe	38
PID 2564 wrote to memory of 2588	2564	Unicorn-34935.exe	38
PID 2564 wrote to memory of 2588	2564	Unicorn-34935.exe	38
PID 2564 wrote to memory of 2588	2564	Unicorn-34935.exe	38
PID 2952 wrote to memory of 1668	2952	Unicorn-48063.exe	39
PID 2952 wrote to memory of 1668	2952	Unicorn-48063.exe	39
PID 2952 wrote to memory of 1668	2952	Unicorn-48063.exe	39
PID 2952 wrote to memory of 1668	2952	Unicorn-48063.exe	39
PID 2536 wrote to memory of 2152	2536	Unicorn-120.exe	40
PID 2536 wrote to memory of 2152	2536	Unicorn-120.exe	40
PID 2536 wrote to memory of 2152	2536	Unicorn-120.exe	40
PID 2536 wrote to memory of 2152	2536	Unicorn-120.exe	40
PID 1480 wrote to memory of 1556	1480	Unicorn-7414.exe	41
PID 1480 wrote to memory of 1556	1480	Unicorn-7414.exe	41
PID 1480 wrote to memory of 1556	1480	Unicorn-7414.exe	41
PID 1480 wrote to memory of 1556	1480	Unicorn-7414.exe	41
PID 2624 wrote to memory of 1644	2624	Unicorn-52850.exe	42
PID 2624 wrote to memory of 1644	2624	Unicorn-52850.exe	42
PID 2624 wrote to memory of 1644	2624	Unicorn-52850.exe	42
PID 2624 wrote to memory of 1644	2624	Unicorn-52850.exe	42
PID 1392 wrote to memory of 1676	1392	Unicorn-15582.exe	43
PID 1392 wrote to memory of 1676	1392	Unicorn-15582.exe	43
PID 1392 wrote to memory of 1676	1392	Unicorn-15582.exe	43
PID 1392 wrote to memory of 1676	1392	Unicorn-15582.exe	43

C:\Users\Admin\AppData\Local\Temp\cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\cbf0f763b900b6d2dece08ef63b00b8e_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52850.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55240.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17218.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8406.exe
        9⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
        10⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        11⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        12⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        13⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63520.exe
        14⤵
        
        PID:2268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
        15⤵
        Program crash
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39173.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        8⤵
        Executes dropped EXE
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        9⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10703.exe
        10⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63703.exe
        11⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31768.exe
        12⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
        13⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12181.exe
        14⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49618.exe
        15⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        16⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
        17⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63431.exe
        18⤵
        
        PID:1108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
        19⤵
        Program crash
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
        17⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        11⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58460.exe
        12⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20532.exe
        13⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36290.exe
        14⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe
        15⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
        16⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61820.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5697.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59133.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53765.exe
        10⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34404.exe
        11⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48403.exe
        12⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        13⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49810.exe
        14⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61147.exe
        15⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30930.exe
        16⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
        17⤵
        
        PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54514.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
        9⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        10⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe
        11⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15185.exe
        12⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
        13⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
        14⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
        15⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
        16⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64836.exe
        8⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        9⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
        10⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe
        11⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        12⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
        13⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25056.exe
        14⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3927.exe
        15⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3440.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37652.exe
        9⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26380.exe
        10⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        11⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
        12⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
        13⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25678.exe
        14⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        15⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17145.exe
        16⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        17⤵
        
        PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52272.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
        9⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
        10⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        11⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45006.exe
        12⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60818.exe
        13⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56239.exe
        14⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45228.exe
        15⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
        16⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17339.exe
        17⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46934.exe
        18⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        12⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 220
        13⤵
        Program crash
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6468.exe
        9⤵
        
        PID:2148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 220
        10⤵
        Program crash
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
        8⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10594.exe
        9⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
        10⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
        11⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34745.exe
        12⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55072.exe
        13⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39248.exe
        14⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
        15⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        16⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46543.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
        7⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41570.exe
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe
        9⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        10⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20895.exe
        11⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49618.exe
        12⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
        13⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
        14⤵
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39019.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53988.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
        9⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59038.exe
        10⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
        11⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49768.exe
        12⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
        13⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        14⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58755.exe
        15⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
        16⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
        17⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34615.exe
        7⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        8⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31768.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23214.exe
        10⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
        11⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33547.exe
        12⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47717.exe
        13⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31454.exe
        14⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        15⤵
        
        PID:2508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51255.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14099.exe
        9⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10594.exe
        10⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
        11⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
        12⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21538.exe
        13⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        14⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6767.exe
        15⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe
        16⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
        17⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20498.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        8⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        9⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
        10⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        11⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
        12⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24283.exe
        13⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
        14⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47257.exe
        15⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
        16⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3617.exe
        17⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        18⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6423.exe
        19⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
        10⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
        11⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
        12⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56239.exe
        13⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        14⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        15⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
        16⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5828.exe
        17⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        18⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55038.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
        8⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        10⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12150.exe
        12⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        13⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        14⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        15⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
        16⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
        17⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58175.exe
        12⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        13⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55060.exe
        14⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
        15⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44851.exe
        16⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36460.exe
        17⤵
        
        PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51255.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
        8⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51523.exe
        9⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61845.exe
        10⤵
        
        PID:324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 188
        11⤵
        Program crash
        
        PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51255.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1530.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        9⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37855.exe
        10⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
        11⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25788.exe
        12⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
        13⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        14⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
        15⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37069.exe
        16⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38190.exe
        17⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
        18⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
        17⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe
        18⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1297.exe
        7⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
        9⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48670.exe
        10⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        11⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61756.exe
        12⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        13⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20295.exe
        14⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31389.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24795.exe
        6⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29676.exe
        7⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40823.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        10⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        11⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52244.exe
        12⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
        13⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        14⤵
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
        6⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43023.exe
        7⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21571.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64246.exe
        10⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
        11⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
        12⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        13⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58553.exe
        14⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26211.exe
        15⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24655.exe
        13⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36460.exe
        14⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20241.exe
        7⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
        9⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23287.exe
        10⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21386.exe
        11⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42367.exe
        12⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
        13⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13854.exe
        14⤵
        
        PID:2564
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58717.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65510.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55604.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35786.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48809.exe
        10⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18722.exe
        11⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
        12⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59412.exe
        13⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1091.exe
        14⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30677.exe
        15⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        16⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26073.exe
        17⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
        18⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64627.exe
        12⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18710.exe
        13⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
        14⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        15⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
        16⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14712.exe
        17⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24864.exe
        18⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        15⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        16⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49070.exe
        17⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44128.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42178.exe
        11⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7806.exe
        12⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20288.exe
        13⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47608.exe
        14⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48366.exe
        15⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57837.exe
        16⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61296.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
        8⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59121.exe
        10⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        11⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        12⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63240.exe
        13⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        14⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43617.exe
        15⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe
        16⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40714.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        7⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 240
        8⤵
        Program crash
        
        PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38230.exe
        7⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59774.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        9⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
        10⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        11⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
        12⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        13⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5615.exe
        14⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
        15⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        16⤵
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26217.exe
        7⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        8⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43236.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
        10⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        11⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        12⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
        13⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31464.exe
        14⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
        15⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
        16⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48778.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        9⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
        10⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39389.exe
        11⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39945.exe
        12⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60604.exe
        13⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        14⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31122.exe
        15⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
        16⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe
        9⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36784.exe
        10⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21014.exe
        11⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56001.exe
        12⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18823.exe
        13⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
        14⤵
        
        PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65308.exe
        6⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11891.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45670.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
        9⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59303.exe
        10⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10048.exe
        11⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
        12⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63998.exe
        13⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        14⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18865.exe
        15⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
        16⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52975.exe
        11⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54444.exe
        12⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21634.exe
        13⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-104.exe
        14⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20295.exe
        15⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58146.exe
        16⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe
        9⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        10⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49618.exe
        11⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31059.exe
        12⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
        13⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41755.exe
        14⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33471.exe
        15⤵
        
        PID:2072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11093.exe

Filesize
192KB

MD5
931df870e49f3346da4b4a71f3f596d6

SHA1
a9dfb5918d2d7814ffe17d38e7d1eb20f1645b69

SHA256
e35abf78ed56772ce2a64f4711d2bee76b62da2002416d54ee344a1a0e0687ce

SHA512
e71f7c90f55c3cf0ab6ce362c424b630e7109679a3d94cc73bf7f9fe03297cfd4d3f01369dbd00d0889853cb427b91b7e1c497f7cae71c92deb80c6231405951

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30677.exe

Filesize
192KB

MD5
cb2914e96eb61b8bef9a35137f32f7e2

SHA1
f9d0e9533e2ffc7cbf7bd32afd0be220eeeaf18b

SHA256
dfe4c507ee2cd1986a3edfd2dafa7b1a7d818687fe31592cd41282d20be92783

SHA512
ad70a41d624a91f8b021bd042284f139ae7136acedf3169f69572f80745c073bb842fb56bcb46035a2ca7f6c19e8b1e21529bb27afea80909d2ac8051d2016b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe

Filesize
192KB

MD5
e1041f6e6dc6816696498ff87e6e1e54

SHA1
06bc850ef1f121348d3db886a4df919b0923a783

SHA256
923f71cf6a673ed3008c5733cb88f4f402f73a1721fa1d84b2ad1612ab371484

SHA512
8d8a7bab20d195f553d2878741c24b52b962543aaac51d22539acf5052ee562d5198c438d32987a315dbf404ef85343df52acd814dae71099b4c948aa1e3aca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39738.exe

Filesize
192KB

MD5
75f602c2664b5811e9d7a42db80d670c

SHA1
5af29a6be8ed74fdbf998078c6f723547bb54191

SHA256
97aaee9e54e6bbb1fea3fede5dfd7f1b033ae5b003a6a480c81e0f4dda7165c1

SHA512
08cb9d89958e75e9832f0d635be9f22c4a341a01ebbacf386ee2d387ecdff0e752c9aec6f70341c5e1b05710650f46b57bd594efc421dddb56ab53e570ee10aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52085.exe

Filesize
192KB

MD5
91579afe99b84d63ce00b31820dbdd54

SHA1
4b18ea7bca40ae6d9f36faf416488eb1bb5775a0

SHA256
7222e7854fd805add285ca907290cf759353f7c70ad64a6e99187b2d7cf88b4f

SHA512
bd28e1441a1b50728131de77ad425fe0003b69058e58470e8c8e83f9406ab47680bd90a155655f781dc98f1b4a16e85b24a2dec7f98d6b2201157d712ec6b5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5636.exe

Filesize
192KB

MD5
917a924c2a14c03846fd64a77d67b05e

SHA1
9c60dc8084a3274ad720de7fae43c6ebf93259cf

SHA256
77ef452c11a0c74df341a5aed049ba34578d8b58aa6722b10ae5f99d2138508a

SHA512
b753d538b9703f57abd04b3917ca799a1cd4d40bb141dbf45a582707702f7484c127c3d5e797d2911a4ca155adbea04e890c99b3199a6a0936a2117dabde74c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe

Filesize
192KB

MD5
2babfefddd3b6035b8264fa24e22090f

SHA1
1ed5498916a710370625a0b9d5287851d2d9c81f

SHA256
5f96a01f8bd8f1b6c7ff13e8bdb50f07791bffe1e1730ed57c5cd0eacce16738

SHA512
048831edf63f7ea312d3f12c1a645a8e30fdf29ac8d8daa627836d8b3fe082cd0b9b19d43dae2890f0feb35b562229f1d8c07b437e324c7677f5c5af56ad5610

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe

Filesize
192KB

MD5
923e014fc8cc30a2bb339d49d5c06bdd

SHA1
69b254d396eab989347ba3b9059cae89e6f7091d

SHA256
79f418574749752f8effd26906663405e8c26aa62cefd1a0ffa987e87c42352b

SHA512
15df2dc2bf280b1b4f811950540e94a6e46440ff08ff8e80297c100c39e4d04e210a3fa0d9f7401e52741a2b59d45ad0230957376727be1088a6a96fd23ce619

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-120.exe

Filesize
192KB

MD5
46cdf68c158954a3820de60dc5e6fabc

SHA1
64040f0245822a09f8bc699e03af4106c0a091b1

SHA256
4ec232580b24d049d28c13127078609092007421d46c7fdf1460e40ea754491c

SHA512
ad2e17b253342f1406190df2b03b327ba25bdc6fcbdb9276bbe193316341263e88bac9227d3185b4b7a998ada4173a2fce35f6bef6513e7c1427353c7ab06d87

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15582.exe

Filesize
192KB

MD5
df1c9bff02dc638bee03a45fa767b4b3

SHA1
87873ed61d248c4ffb10664589a163471b559598

SHA256
4c1ee803cc672c3498156f18a1d1ade40ba993c96e46ea4776a40e883f754ecc

SHA512
bb23967d63a909c366388b3d6a187fa19d508eaf51aa9c14d980808309ab3fe04bc3131823bf6f688002a2228ac5a30676759e8236fc5abe0dac6eed685d2424

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe

Filesize
192KB

MD5
05cf6cc3b5b13229aa147693f4282ed7

SHA1
af4a4532d6ccfcddeaf6dc2d474c61061ba4dd5a

SHA256
b3c29fc5f829fef3da8e31e544d440ed7ae68990c970933450125ccee8c040ef

SHA512
4fd4a406164fa34e2d697dece0e82b74af56be7a6df3e34622bd1441bdcbf5fae342c9ee78f0cd8b156372d752c6136fb095b3f5056c43708186851ce10eecee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22129.exe

Filesize
192KB

MD5
f06c943048a8439b8cc4df5b5fc09328

SHA1
072bcb5d470b1507745ec7e6d6145e441644ef61

SHA256
669ec082015758e99aca3ce9b23b39ed6506e3dd52120c3ed01a18e22e568d07

SHA512
668f24d925ad567f1f10fddd9e14a701b5f32aec0c3ecae992da9233761a65b267c0846f472816cbf53dee1b804bf3a01ca0c89391b3d5ad9e6c9be9d7a1573d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22184.exe

Filesize
192KB

MD5
5fc591092ba20f60d980a1510dfb014f

SHA1
87ca39055bf653a2932c79731a5fb29943243cd3

SHA256
75be30dd93b16f7f5968fe4821a53bbd3bf84bf8207ff973d37e23f67076f07d

SHA512
9fac9381422a9fa39e1eb3a8c306b1ce0891de8a39b5a478054742de2f50431a5ec79167ab526435f5df6931798947e38c0b8a02a54428542a1a11b58f35b05a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe

Filesize
192KB

MD5
2dd4691ab367a818483fbbecc96d9a1e

SHA1
0ab6fd3de96188b67804fa49e4ab2498c7a47868

SHA256
ca61f2ca2adc539a14c9cb5e6c249e2dc67f08a578254bf5de9498ac1d3c7bed

SHA512
d0a570bcea816960e0c1d585985633b26ce7f0363b2039ad24837a7306fa3e7aa74347b7a076a7a30bcc5e607aced67a02774852d5c7a7267ad86683b78d39be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27014.exe

Filesize
192KB

MD5
1b4adf17fb4360fe972433237bf787a1

SHA1
de888575152d9a2f042e924f4345a858586e6b29

SHA256
bae91c4a8d7ef29c87387d5fafe49415f34ff15dc133cdeafc2424883f16dd30

SHA512
35e8119344b4e522e9c79096d2c236470161d397684d360123ec96cdd55913ccf21197d24255c5a18706fb1b477fcbc305f9b5aec3c6a9be82d24376552ab815

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34935.exe

Filesize
192KB

MD5
616583309b5f1e29623e176cfadba45c

SHA1
0f352b7e85ab7fc160dfeacbb193ba6dedd460eb

SHA256
18c78f81f2cf15024b884c6cd21496e80512ea44b14d5f73341ebcf3bffe1c6a

SHA512
4678d27e235edf0f61052ab9802acd3cbdaf7250d7ac157f36a2ec9201023c6b19cf728bd9fa7e2f005c3a2a4a1cdba2eac9788f3a6ba6d284b110dbcdcbeaeb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe

Filesize
192KB

MD5
07c540156f03d47259591b398ea93737

SHA1
c37a3c85f4403b937ad7421e81d21ea76202a64c

SHA256
02d7b47ef0b47ba7c873cf50914bdfaa8b2614bf5ddee3a0411d616030cc138b

SHA512
b91977e18e22ca659b412a04f7617ffc1b0f2f3996693d4e097ca344317c90dc4d7c64eb359ce2a6cbd9e850fdfb7b44ee228a148fb9b3e7cce251122734ade1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe

Filesize
192KB

MD5
20cd9466871142b1d1e2afb43dfed50a

SHA1
f8f2d8ba5e41b495b809576c28d3ede5acd6cf30

SHA256
7210bc7ab4c77531110f7ade55c30733f07efb711c06cd921d743997591d0307

SHA512
a158846a29b3ec599a84704b31449595230727dbb9ed8498b4791642c7fbb6fcf5434a33bb78204f4f48188a1104ae9d5b5c5e4df520b6ea6e5983d0b677771a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe

Filesize
192KB

MD5
916914279c6a32adfac851858c5360cf

SHA1
5c3be128b36db3004198c8b2c82252acf9cf0789

SHA256
2cdb4816f2550af88077c41c7fccdb2d2422e1b567f099949e6697037c2c321c

SHA512
9fa8bdf5620c89ae141b6fb3071efe94ccba75f5bbdaaaa9e9cb9514e3f90d09c7f28b5ac2099bdadc8ce78e6ae8aa1b75411ca72b48111eb8ca6a21f1eee536

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe

Filesize
192KB

MD5
4bae052043e82fb3c2c674694998ac30

SHA1
c8a1f07e62c4226f67aae0134134e2b9eca6a327

SHA256
4d7f383cad92d65a8bb873e7d7424af76815b1e17a12cb66a7d49f84c9f96b14

SHA512
bfb3cc8bdc5cf125763ab0a136b91ec7e18755e4d7dd4df7ec7ab7e8cb8fd0cb600c997d76944a33c0777307feb1ecdf23df2cc2e09412438f4576f495bea71f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe

Filesize
192KB

MD5
c189bfa09db49704aa6fdbcb7faa117e

SHA1
3ff80554b6936b68afcd11726d8e0ce814d67a9b

SHA256
1e4eb321ca8b87eeafbecdd4c2257b0c23b9fdb463947e2a082bd3519e241fcb

SHA512
4d4f0af620f7d7a2ee0556ece5652c15891781d71dff53e3c3b4136c264e88d911ff3aba557078001fd94ba5f54a847692125f90b268759453cb24805e03cd0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52850.exe

Filesize
192KB

MD5
4fd2ac0625395a5dd530346900e12d21

SHA1
8bffc5708abd7a395d42dcd37b8ce252bd1e7d3f

SHA256
2c11c257ca3545dde6931ccaf457160a410b5e6219abdf8c007f068ebfda452c

SHA512
bf9dfaf7a4b40ea51a14c496eebb1069187273155cd61461824eef2de8db1b47223168ca790930ddc02da9967b3993e09f03d006224d23842cad408305490c18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55240.exe

Filesize
192KB

MD5
e8850c2961a4e81b2369410c52606f80

SHA1
982e3c211e0a443438b3e9aae7cd6168d66f1c39

SHA256
d9340f97adca19af60b7fc59a7899441ef09a85bd08b2cba820710734af51721

SHA512
72db4d7cae210e15d93076d0886e9560bd9eed45abda162fdc2fa734bb3021ce8df5e3bf1dc3ab561bb6c356d011f0415be28238e41776b8f09238281959460e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7414.exe

Filesize
192KB

MD5
ee463f071837ac9705643766c73fdef9

SHA1
9a3e84c34630fa340704db2da3a8a2060fe8afac

SHA256
434e3c5aca9335a78d93fd46afbc0bf258e2d2b0065c050667841d7bbaa1d346

SHA512
f83d37c773c19a959fd53a7c04ff1eca530f887f14402f250c605c8d5e72ef4a7e7b999d2ea95f0ebd3b1dd4d4e279d0ae46238fb65dc1ea9c304223866adb85

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads