b1b9ffe1ade42c9426832f8553aa7579c4965e7a5c6d5feebd2702abe186e87d

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-04-2024 16:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe
Size

188KB
MD5

d89d41cd8cbc4a049efa3554a5c18ad9
SHA1

aba1a9bfd571db51afe096392b3f3ed6a22eb7fb
SHA256

b1b9ffe1ade42c9426832f8553aa7579c4965e7a5c6d5feebd2702abe186e87d
SHA512

579d444aff11777fff530d7ce53cac151cf0afd5d2c524ac9f815f744f101b942b37dc1515853cc9ce632c2ea70d160ce6c9644afd5c671064925d7eceb791e5
SSDEEP

3072:+MjkoClGwJu19Oj94b2/F760Iw1JVQWiaOxfVjSD8lv1pFd:+M4ogk19y4C/F7V3i28lv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2324	Unicorn-493.exe
1852	Unicorn-44899.exe
2592	Unicorn-33201.exe
2992	Unicorn-23000.exe
2720	Unicorn-64587.exe
2504	Unicorn-47696.exe
2940	Unicorn-46757.exe
1636	Unicorn-43419.exe
2768	Unicorn-1832.exe
2160	Unicorn-10747.exe
2156	Unicorn-18361.exe
1936	Unicorn-13373.exe
1436	Unicorn-43778.exe
1184	Unicorn-10358.exe
2304	Unicorn-15189.exe
2092	Unicorn-39139.exe
2172	Unicorn-7234.exe
268	Unicorn-11318.exe
776	Unicorn-7981.exe
2416	Unicorn-9647.exe
840	Unicorn-59403.exe
2204	Unicorn-42512.exe
1820	Unicorn-27100.exe
1352	Unicorn-6679.exe
1040	Unicorn-3150.exe
1828	Unicorn-43628.exe
3056	Unicorn-51775.exe
1692	Unicorn-26716.exe
836	Unicorn-27270.exe
2248	Unicorn-55304.exe
1712	Unicorn-49933.exe
2252	Unicorn-50488.exe
3028	Unicorn-35111.exe
2716	Unicorn-38449.exe
2552	Unicorn-9860.exe
2604	Unicorn-24504.exe
2476	Unicorn-44370.exe
2456	Unicorn-52730.exe
2492	Unicorn-52730.exe
2472	Unicorn-32864.exe
2728	Unicorn-32864.exe
2444	Unicorn-48646.exe
2448	Unicorn-44370.exe
2200	Unicorn-7805.exe
2520	Unicorn-57177.exe
1180	Unicorn-11505.exe
2968	Unicorn-11505.exe
2752	Unicorn-60166.exe
2740	Unicorn-14494.exe
1664	Unicorn-15834.exe
1872	Unicorn-38634.exe
2360	Unicorn-23388.exe
1864	Unicorn-15791.exe
2664	Unicorn-60357.exe
2656	Unicorn-33435.exe
764	Unicorn-58899.exe
2384	Unicorn-22911.exe
1000	Unicorn-43331.exe
2120	Unicorn-59859.exe
792	Unicorn-63943.exe
576	Unicorn-18827.exe
696	Unicorn-51691.exe
3016	Unicorn-10850.exe
2320	Unicorn-19019.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe
2380	d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe
2324	Unicorn-493.exe
2324	Unicorn-493.exe
2380	d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe
2380	d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe
1852	Unicorn-44899.exe
1852	Unicorn-44899.exe
2324	Unicorn-493.exe
2324	Unicorn-493.exe
2592	Unicorn-33201.exe
2592	Unicorn-33201.exe
2992	Unicorn-23000.exe
2992	Unicorn-23000.exe
1852	Unicorn-44899.exe
1852	Unicorn-44899.exe
2720	Unicorn-64587.exe
2720	Unicorn-64587.exe
2592	Unicorn-33201.exe
2592	Unicorn-33201.exe
2504	Unicorn-47696.exe
2504	Unicorn-47696.exe
2940	Unicorn-46757.exe
2940	Unicorn-46757.exe
2992	Unicorn-23000.exe
2992	Unicorn-23000.exe
2768	Unicorn-1832.exe
2768	Unicorn-1832.exe
2720	Unicorn-64587.exe
2720	Unicorn-64587.exe
1636	Unicorn-43419.exe
1636	Unicorn-43419.exe
2160	Unicorn-10747.exe
2160	Unicorn-10747.exe
2156	Unicorn-18361.exe
2156	Unicorn-18361.exe
2504	Unicorn-47696.exe
2504	Unicorn-47696.exe
1936	Unicorn-13373.exe
1936	Unicorn-13373.exe
2940	Unicorn-46757.exe
2940	Unicorn-46757.exe
1436	Unicorn-43778.exe
1436	Unicorn-43778.exe
2304	Unicorn-15189.exe
2304	Unicorn-15189.exe
2092	Unicorn-39139.exe
2092	Unicorn-39139.exe
1636	Unicorn-43419.exe
1636	Unicorn-43419.exe
1184	Unicorn-10358.exe
1184	Unicorn-10358.exe
2768	Unicorn-1832.exe
2768	Unicorn-1832.exe
268	Unicorn-11318.exe
268	Unicorn-11318.exe
2156	Unicorn-18361.exe
2156	Unicorn-18361.exe
776	Unicorn-7981.exe
776	Unicorn-7981.exe
2416	Unicorn-9647.exe
2416	Unicorn-9647.exe
1936	Unicorn-13373.exe
1936	Unicorn-13373.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
2876	2728	WerFault.exe	67
1544	2472	WerFault.exe	68
2312	792	WerFault.exe	90
2112	700	WerFault.exe	116
2276	1240	WerFault.exe	144
2256	2772	WerFault.exe	110
876	2308	WerFault.exe	195
560	2204	WerFault.exe	115

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2380	d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe
2324	Unicorn-493.exe
1852	Unicorn-44899.exe
2592	Unicorn-33201.exe
2992	Unicorn-23000.exe
2720	Unicorn-64587.exe
2504	Unicorn-47696.exe
2940	Unicorn-46757.exe
1636	Unicorn-43419.exe
2768	Unicorn-1832.exe
2160	Unicorn-10747.exe
2156	Unicorn-18361.exe
1936	Unicorn-13373.exe
1436	Unicorn-43778.exe
1184	Unicorn-10358.exe
2092	Unicorn-39139.exe
2304	Unicorn-15189.exe
2172	Unicorn-7234.exe
776	Unicorn-7981.exe
268	Unicorn-11318.exe
2416	Unicorn-9647.exe
2204	Unicorn-42512.exe
840	Unicorn-59403.exe
1820	Unicorn-27100.exe
1352	Unicorn-6679.exe
3056	Unicorn-51775.exe
1040	Unicorn-3150.exe
1828	Unicorn-43628.exe
1692	Unicorn-26716.exe
2248	Unicorn-55304.exe
836	Unicorn-27270.exe
1712	Unicorn-49933.exe
2252	Unicorn-50488.exe
2552	Unicorn-9860.exe
3028	Unicorn-35111.exe
2752	Unicorn-60166.exe
2472	Unicorn-32864.exe
2968	Unicorn-11505.exe
2200	Unicorn-7805.exe
2476	Unicorn-44370.exe
2716	Unicorn-38449.exe
1180	Unicorn-11505.exe
2604	Unicorn-24504.exe
2492	Unicorn-52730.exe
2520	Unicorn-57177.exe
2728	Unicorn-32864.exe
2444	Unicorn-48646.exe
2740	Unicorn-14494.exe
2456	Unicorn-52730.exe
2448	Unicorn-44370.exe
1664	Unicorn-15834.exe
1872	Unicorn-38634.exe
2360	Unicorn-23388.exe
1864	Unicorn-15791.exe
2664	Unicorn-60357.exe
2656	Unicorn-33435.exe
764	Unicorn-58899.exe
2384	Unicorn-22911.exe
1000	Unicorn-43331.exe
2120	Unicorn-59859.exe
576	Unicorn-18827.exe
792	Unicorn-63943.exe
2320	Unicorn-19019.exe
696	Unicorn-51691.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2324	2380	d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe	28
PID 2380 wrote to memory of 2324	2380	d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe	28
PID 2380 wrote to memory of 2324	2380	d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe	28
PID 2380 wrote to memory of 2324	2380	d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe	28
PID 2324 wrote to memory of 1852	2324	Unicorn-493.exe	29
PID 2324 wrote to memory of 1852	2324	Unicorn-493.exe	29
PID 2324 wrote to memory of 1852	2324	Unicorn-493.exe	29
PID 2324 wrote to memory of 1852	2324	Unicorn-493.exe	29
PID 2380 wrote to memory of 2592	2380	d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe	30
PID 2380 wrote to memory of 2592	2380	d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe	30
PID 2380 wrote to memory of 2592	2380	d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe	30
PID 2380 wrote to memory of 2592	2380	d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe	30
PID 1852 wrote to memory of 2992	1852	Unicorn-44899.exe	31
PID 1852 wrote to memory of 2992	1852	Unicorn-44899.exe	31
PID 1852 wrote to memory of 2992	1852	Unicorn-44899.exe	31
PID 1852 wrote to memory of 2992	1852	Unicorn-44899.exe	31
PID 2324 wrote to memory of 2720	2324	Unicorn-493.exe	32
PID 2324 wrote to memory of 2720	2324	Unicorn-493.exe	32
PID 2324 wrote to memory of 2720	2324	Unicorn-493.exe	32
PID 2324 wrote to memory of 2720	2324	Unicorn-493.exe	32
PID 2592 wrote to memory of 2504	2592	Unicorn-33201.exe	33
PID 2592 wrote to memory of 2504	2592	Unicorn-33201.exe	33
PID 2592 wrote to memory of 2504	2592	Unicorn-33201.exe	33
PID 2592 wrote to memory of 2504	2592	Unicorn-33201.exe	33
PID 2992 wrote to memory of 2940	2992	Unicorn-23000.exe	34
PID 2992 wrote to memory of 2940	2992	Unicorn-23000.exe	34
PID 2992 wrote to memory of 2940	2992	Unicorn-23000.exe	34
PID 2992 wrote to memory of 2940	2992	Unicorn-23000.exe	34
PID 1852 wrote to memory of 1636	1852	Unicorn-44899.exe	35
PID 1852 wrote to memory of 1636	1852	Unicorn-44899.exe	35
PID 1852 wrote to memory of 1636	1852	Unicorn-44899.exe	35
PID 1852 wrote to memory of 1636	1852	Unicorn-44899.exe	35
PID 2720 wrote to memory of 2768	2720	Unicorn-64587.exe	36
PID 2720 wrote to memory of 2768	2720	Unicorn-64587.exe	36
PID 2720 wrote to memory of 2768	2720	Unicorn-64587.exe	36
PID 2720 wrote to memory of 2768	2720	Unicorn-64587.exe	36
PID 2592 wrote to memory of 2160	2592	Unicorn-33201.exe	37
PID 2592 wrote to memory of 2160	2592	Unicorn-33201.exe	37
PID 2592 wrote to memory of 2160	2592	Unicorn-33201.exe	37
PID 2592 wrote to memory of 2160	2592	Unicorn-33201.exe	37
PID 2504 wrote to memory of 2156	2504	Unicorn-47696.exe	38
PID 2504 wrote to memory of 2156	2504	Unicorn-47696.exe	38
PID 2504 wrote to memory of 2156	2504	Unicorn-47696.exe	38
PID 2504 wrote to memory of 2156	2504	Unicorn-47696.exe	38
PID 2940 wrote to memory of 1936	2940	Unicorn-46757.exe	39
PID 2940 wrote to memory of 1936	2940	Unicorn-46757.exe	39
PID 2940 wrote to memory of 1936	2940	Unicorn-46757.exe	39
PID 2940 wrote to memory of 1936	2940	Unicorn-46757.exe	39
PID 2992 wrote to memory of 1436	2992	Unicorn-23000.exe	40
PID 2992 wrote to memory of 1436	2992	Unicorn-23000.exe	40
PID 2992 wrote to memory of 1436	2992	Unicorn-23000.exe	40
PID 2992 wrote to memory of 1436	2992	Unicorn-23000.exe	40
PID 2768 wrote to memory of 1184	2768	Unicorn-1832.exe	41
PID 2768 wrote to memory of 1184	2768	Unicorn-1832.exe	41
PID 2768 wrote to memory of 1184	2768	Unicorn-1832.exe	41
PID 2768 wrote to memory of 1184	2768	Unicorn-1832.exe	41
PID 2720 wrote to memory of 2304	2720	Unicorn-64587.exe	42
PID 2720 wrote to memory of 2304	2720	Unicorn-64587.exe	42
PID 2720 wrote to memory of 2304	2720	Unicorn-64587.exe	42
PID 2720 wrote to memory of 2304	2720	Unicorn-64587.exe	42
PID 1636 wrote to memory of 2092	1636	Unicorn-43419.exe	43
PID 1636 wrote to memory of 2092	1636	Unicorn-43419.exe	43
PID 1636 wrote to memory of 2092	1636	Unicorn-43419.exe	43
PID 1636 wrote to memory of 2092	1636	Unicorn-43419.exe	43

C:\Users\Admin\AppData\Local\Temp\d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d89d41cd8cbc4a049efa3554a5c18ad9_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9647.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33435.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
        11⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
        12⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        13⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15745.exe
        14⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        15⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        12⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        13⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        11⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        12⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
        13⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24961.exe
        11⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4834.exe
        12⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60166.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15834.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10850.exe
        10⤵
        Executes dropped EXE
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60373.exe
        11⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        12⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        13⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
        14⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        15⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10760.exe
        16⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
        17⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7039.exe
        15⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40055.exe
        16⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        17⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64528.exe
        18⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        17⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49665.exe
        13⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43708.exe
        14⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe
        15⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
        10⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        11⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
        12⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9302.exe
        13⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        14⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59403.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9860.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38449.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34971.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11172.exe
        9⤵
        
        PID:700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 240
        10⤵
        Program crash
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
        9⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35537.exe
        10⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
        11⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        12⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58970.exe
        13⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
        10⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25366.exe
        11⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        12⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60537.exe
        13⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        12⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5000.exe
        13⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe
        8⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8619.exe
        9⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7005.exe
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
        11⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        12⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
        13⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
        14⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25041.exe
        15⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20718.exe
        14⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24456.exe
        15⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26992.exe
        13⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        14⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        15⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
        11⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44492.exe
        12⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63964.exe
        10⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        11⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
        12⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        9⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
        10⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60485.exe
        11⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
        12⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65389.exe
        13⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2774.exe
        14⤵
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51691.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
        9⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 220
        10⤵
        Program crash
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        8⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
        9⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        11⤵
        
        PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6679.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        10⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        11⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        12⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55630.exe
        13⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe
        14⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        15⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
        16⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
        12⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
        13⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
        14⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
        15⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        16⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        15⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        10⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        11⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62859.exe
        12⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        13⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23003.exe
        14⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        9⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58894.exe
        10⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
        11⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
        12⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10952.exe
        13⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
        14⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
        10⤵
        
        PID:1240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
        11⤵
        Program crash
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24504.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58899.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10139.exe
        8⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11037.exe
        9⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        10⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51162.exe
        11⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
        12⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59385.exe
        13⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
        14⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
        10⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4888.exe
        11⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
        12⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
        13⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61743.exe
        10⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        11⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        12⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52049.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        9⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        10⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        11⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        9⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        10⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
        11⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
        10⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
        7⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51878.exe
        8⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        9⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
        10⤵
        
        PID:1972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1832.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10358.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43628.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64841.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35537.exe
        10⤵
        
        PID:288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        10⤵
        Program crash
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        8⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
        9⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
        10⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 244
        7⤵
        Program crash
        
        PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51775.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23788.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
        8⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
        9⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
        10⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe
        8⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe
        9⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
        10⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42966.exe
        11⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64704.exe
        12⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16107.exe
        9⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        10⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        11⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
        12⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
        11⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        12⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
        10⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18462.exe
        11⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8617.exe
        12⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
        13⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-674.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62641.exe
        9⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 200
        10⤵
        Program crash
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35759.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        9⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3874.exe
        10⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52084.exe
        11⤵
        
        PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15189.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59859.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        9⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        10⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63985.exe
        12⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
        13⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32048.exe
        14⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        11⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
        12⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35537.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        10⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22573.exe
        9⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
        10⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        11⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19547.exe
        7⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        10⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14548.exe
        10⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 224
        6⤵
        Program crash
        
        PID:2876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11318.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26716.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60357.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
        10⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6377.exe
        11⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41292.exe
        12⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47270.exe
        13⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
        14⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59110.exe
        15⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36547.exe
        16⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe
        13⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31321.exe
        14⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37600.exe
        15⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39401.exe
        16⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39114.exe
        14⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
        15⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        16⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3137.exe
        16⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64353.exe
        12⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        11⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
        12⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43881.exe
        10⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43513.exe
        11⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53651.exe
        12⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        13⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63403.exe
        9⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48041.exe
        10⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60143.exe
        12⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
        10⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe
        11⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7805.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15791.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43331.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        9⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        10⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26082.exe
        11⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61196.exe
        12⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30896.exe
        13⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62272.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13258.exe
        9⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
        9⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        10⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33918.exe
        11⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37792.exe
        12⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
        13⤵
        
        PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7981.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55304.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 200
        8⤵
        Program crash
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57177.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10747.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7234.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        5⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        6⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15745.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41108.exe
        8⤵
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24171.exe
        5⤵
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        6⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        8⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26957.exe
        10⤵
        
        PID:1696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23000.exe

Filesize
188KB

MD5
13ef7bd7636bbdb93f6266479f2e2909

SHA1
481e419944282c22948538582827b347b5d52197

SHA256
f539dd7db573ecd3e3571b8faf19429c1b2b5c617832d486dabe632b19980055

SHA512
f5fe45c89eddf5f58705faf88ce924eb8e137e5a7bb242ca5a282dc89feabc53323f38410510a1faeb2365af460b2f85052c40791cdbe1ca721dc5f8aa553eb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe

Filesize
188KB

MD5
f69a33d01050e54b2ccb48976e5445ab

SHA1
021dafe34b9b6638dcb7cdbb17e48a1e3f28452a

SHA256
1f8d9a1cff07d17102b6bc2b419857b42a1b33d87a7c1284c23a6b90d1914cbc

SHA512
e5667469fcc7eeab4db69bd42ad3d3b29726dcf52457ee3f251bcbc27a71dc93275d9a9623f9d170c178c588c668b74d9b68a569b895d4dc2d3328d640906c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40699.exe

Filesize
188KB

MD5
40118a75165bf8e638cd93e65e576e42

SHA1
4838586417f6a0b1799f3225f453fce1491055c4

SHA256
5797532b43566535e8e3d0230d707cbf567ad8edea8fafbcb123e0a953e4ff84

SHA512
d64666f8bf8b955b04c759496b8ab8803e25d5037b2c0e096a43704d5b7317122ccad6f164b07ea105232a6415f9895fc830e5d3af5d773bf4cad10c33b2e3c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe

Filesize
188KB

MD5
d27f56dcbc7246bde3b8d61025ae7640

SHA1
f7fee21e48ca503eb85bd0d9b222ce705afd32e3

SHA256
6ec6668cd0784eb7b250760398b92d70e6e6fa89718108c7604030c50cf17c5c

SHA512
b102730deaf6441df1fad7a579ebc4bab6a904491f1a28d4452f2afb27d75f85344074f44180641b2a75292095e02b6cab64968a35d1670ffb343261b28fb6ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe

Filesize
188KB

MD5
7c77154d84d9bdeb6303871b0d069f77

SHA1
1cff6b953967b3b4c6525c8fcd51dd453310cae2

SHA256
3caaa0052d368b0dfd5f685085b53b33dfb088c85da6862687b3cc425f978181

SHA512
acf354aa8640b615ce0ca94eb37a3c2551daa4812b1e75f3e942ed49208fb85f962fd82c8e6389bdd4309d8858458e06ce73879bb172fd909752beec55b6245f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe

Filesize
188KB

MD5
4f29d328fa7d2c4e8dfba068573a2327

SHA1
d5aba0b7dd81a0e1b8f50fc7527c72c1bb0b6b0a

SHA256
084e7b1a3e4776b8ef221402a87d746019558a5fdb181ede503da703a808997d

SHA512
3d0de24ce383076d01daf679fa61cd945a7e66aa86e045da8c886413dcdfa876e79be087a6cfafe5a98d256a861715c5266ad07cfc1bdacb91e84807f8469370

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6679.exe

Filesize
188KB

MD5
3e7431951e9232206addc82d280afa0f

SHA1
d5af5c1364b7c4b0239a3a1b1009fb88c8ffc0cf

SHA256
84bd755391b52bdd3f857a0ecaa2e0e9e0f3d257f43444c561cedd6a35a35364

SHA512
81c57bd83dada4a169e920a3476f70c86766fbe695bc46c968dad7f920715796d8edea9fcd4ca657759cc514a89a33f4eabc181d87231b3646599f9743d4ba26

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10358.exe

Filesize
188KB

MD5
fa743cc13627ab266306e1daca2924bc

SHA1
a6a82c5d034222f3bafa3f5ed068131905fd13e1

SHA256
8f462c75688a6213c5f7686059ec128a7f7a16d22124d0bed4f7e0d86a91db76

SHA512
a2c0d2c09456ba8dd8917b123c5734992aa4870bcf8461f373e6e70988b249f867b5ad03893d9d59816a68dc82d705ced795d51a002878a9898ed11e49371c94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10747.exe

Filesize
188KB

MD5
742ef096b5e351ee76350b0f639f10de

SHA1
4d30b48faa6183bd93d257cb979167546a8a70e4

SHA256
db577f0642e7d640f80d62c655c9308d2194eeb21db7963f6c1a39671f681881

SHA512
72387c4bfd59c6aa76dab1a355a2c597d2ff2fdea88c502e312e9b55c55025b5ac846f8a0882a13719621789c020fb36df7535c5617af911397c0c3454199672

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11318.exe

Filesize
188KB

MD5
affabcab8db0c90fb5ae3e7f07c8bd86

SHA1
bf37ee3fdf5d1e2a938b6a69b9dd9cf48e30b0ee

SHA256
4f344043848516bea1038edaea842ac1b257a6e1b9bc60e1c7d551cf7883effc

SHA512
7fe6d1b03044cbf1c7feffd04aa01e0133d4a6fb6593a6120d1d6d9275539abf5b3dde7a7ed8f2189cf0d8b8e664dad9cecb5fd45dc4d0068fdfeb3d93df7ea5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe

Filesize
188KB

MD5
a4263e78fdf9b239ba450088e90eca23

SHA1
4ea554360adfc46221503bf36082c7160671fa82

SHA256
9a365355d6ab559e71111c3b050d3ad44f7e1dd6683a8b9a078aa7618336ad83

SHA512
f743ede0a04da8da8b9180a945fe9884c95bea71f305408a6fa053371456100260327e825acf33f76e08d8b3208b42456634d873278ace3aec4875d9ca0e4636

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15189.exe

Filesize
188KB

MD5
84f04280eb409853998ad29c1e89ddc3

SHA1
cab44bc796208b31247330d32f109e6c81adaeb8

SHA256
e3085b8e41051e9cf74971c607878add3b5471949d88133c51240c42bf9f17cb

SHA512
a18e654c1c7bd076f4430fe06532219423460abdd9aae8633a9e43de6e45810d957f9306c75e62cc80c5a467356a4b40e4714f4425627028a906bb1c3460f030

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1832.exe

Filesize
188KB

MD5
fd69565639a010eea3fae6384262a04a

SHA1
a30d6816483392cebcf9d77ec0aaef72fb223b83

SHA256
40690eab280cd34dbb56a631fcd0e7c377bab51089439cb33646c0fd3cba5e12

SHA512
c0ab80ed8e60a9791dfe088a7086fc7aeee4d309b98c669683df44e77f41ad5ce8188ca89e2f034e9414559611de86a329bb54c0be24e25f4110d6445992be98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18361.exe

Filesize
188KB

MD5
c10405c01adb2e06eabcd9fbec6aceaa

SHA1
1ef9d289e0089fc8244653f4f9378fc658a1d69c

SHA256
8f89381d9104dc86c371c883d71b5323866b44e8ec767aba8454685022e4e533

SHA512
be1148593ae3f0d0b948d4b912e19338a2e159bad72bb73831720ed69292cff4f1c811e464b5f07edcbc08140ca13f6692a9387dfed2c9fa9a2bf486e05b754b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe

Filesize
188KB

MD5
25fb852f0c54ac199bc9426842500575

SHA1
b42f2feb2b828446bb997b38eb14e493fa029d5a

SHA256
d4c4658935e9c0175a41f2c2177d22cb4ae9a23f26c8795bbb4b85cf532daaa4

SHA512
2c31ca2b82167812593b03617db354016401a06db87027ae3bd1da5a481def0c958ff01191a5eab5534145ba30ee4a2aab04162127e700ee6248f8ce5522bd4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe

Filesize
188KB

MD5
af9818d312dc5d8e11708da042b2c08a

SHA1
6251151ed72f2d7de532cbed44a37d593fbc3a81

SHA256
71c5944f2ad2fdc52871b96852f28a6f288221e126d996a2c88cab89c10c62ff

SHA512
330873a457374779e94e6a3d16eee5239544cb5fa68fe49a6374f760c6b68208984d9e70e50f187aaaa29156e8d4154c3035e272208d7349874d993945f971c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe

Filesize
188KB

MD5
e016d43f2153cdcdb60e246d6f1f6e86

SHA1
eb2f7a0b0240abf6b5a89ae3735e9262c8d64bdd

SHA256
0be14e59cf91f162bb61cd46ddeb348e10d9f3dc79b1f28373d3e8698380baca

SHA512
2451bbfc5e2239661ad5168c6246d4eb93cc12b04e7fb35298ad16d45d42f623e8b6a1d1a1a8159bc1e568dce29a95c4e09b0cd7cb800c6b90e904a7bd6152c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe

Filesize
188KB

MD5
5dbfe186dedf2c85e4f031fe4c58affa

SHA1
eab7c854e24d32aa3a01da61410582db72c34144

SHA256
605836270a8879973a79af5e93a76751705980100aa38a8bd5939316dbc76c96

SHA512
e266ead424cd4461cfaa8f651dd18fa43fd138a76fe5ff06e23da710ab55874d0fb75a42b79e7d049fec3c25669063f1e4b9593579cad535531e18927b01dd2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe

Filesize
188KB

MD5
ef1c8f73175ecf8ddab2888ce46729c1

SHA1
33144b299d4c11556b2891ea4a1a47e888ab860f

SHA256
c3f7b60c982ebf0633040f1d8534313070320f7f70f97d856a43da58eb599d6f

SHA512
d5babcf647bed1f7d6c8a4a487d89e0ecfe15b3af67661c2b9ead0663dab7d5d5b4074c4238ab75f99cfd32c75da436fe7645001c9f11ddf148a949438a7d114

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe

Filesize
188KB

MD5
66a4823010f890ffc9ad4133ddeadced

SHA1
e636b67d80ab0822d2d5f99ce3bbbf204cb2ab16

SHA256
d2c34693ac7f18bd93d753c51567e5e7696d0b6da00ae6136ffe1df193586de2

SHA512
eb753fc66e923a336f535a8d6449db5f73b028f659ba92bc6ba5711053ad7529dbd9ca5cd0af7d3c2942961a5123b159d80073d93600a9d2784adceab78f71cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe

Filesize
188KB

MD5
39e53efcbe55d9d550c6f6224534393b

SHA1
9430b92ab4c4e2217f8b66dc4300f6efdd0b4cb5

SHA256
5bd448f985c064a58d5944aecc6ee9c277f757d75dbf9336fbc25018a43fbd75

SHA512
90e706df728f2ae86321f05b78a17276ca3bdf1dc9e2fa076cca7b68d90b5049f433ef941dd77a9acd1e84bd57b4c1fa1d8b1dd825113d16e3fb10f5f037ca50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64587.exe

Filesize
188KB

MD5
1f4b67ffbba31b44c3bdd85d4afe5b7a

SHA1
0e9f1380b3f7f81020fb8d4af33e166b600c0f97

SHA256
7e76a36a92075e57e71f8284609b82124ee16d6af50b26516154a75bb81de51c

SHA512
ec02fbe784bfb06afbb25ee0c9db37520cd46bd5047a65513f4935ff87acdb1df2a23b0c95dc638083585a72bdbd574c9d9bac2ab813895d1eda3b0af157244c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7234.exe

Filesize
188KB

MD5
d7a7a7bdf2c2a0277b7aee73a76c4a3e

SHA1
b3f7e6b771ad647bf0fbd8ba2a56a0be2c7c8276

SHA256
cd3bcfbc02b30df4c81f96d583999430ab0c1dc09339733fe9c670d1b90ab56a

SHA512
4dafaa223a61f225d75bbeb5e08deba7cd4ec525f56bc7420bb194f7097c29976d74ff216be9d0bb74cc259bbbc2af532de84fd0724b17681215c6e5e16d5258

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads