ac7b740111a246bb56b9eb303b0a2af3158ac449f2b85b24459c6c463996e78c

Analysis

max time kernel
171s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 18:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe
Size

184KB
MD5

ebbdd6926d7a637b53449a7621fde865
SHA1

847a8aab1756bf4fc79251e4aedfd473d7d1a4d8
SHA256

ac7b740111a246bb56b9eb303b0a2af3158ac449f2b85b24459c6c463996e78c
SHA512

ca242410709dc466cb65abaa6a15cfe56fd9349827d6c9e4ebe77b0153207c055205995a0b2978d3d6dd0f7b0632c2d80c64732979d52fbdad88bf0cb0f73f2e
SSDEEP

3072:M4H8osvfjhilEjhd/AG3zybOb26G/HI0zYxALP4b7lPdpFl:M4coe1ilUdIG3zsoIG7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2524	Unicorn-28776.exe
2844	Unicorn-12008.exe
2684	Unicorn-27790.exe
1652	Unicorn-11920.exe
1916	Unicorn-4307.exe
2728	Unicorn-32341.exe
2812	Unicorn-28340.exe
364	Unicorn-53612.exe
1512	Unicorn-41914.exe
1408	Unicorn-37359.exe
2652	Unicorn-21577.exe
848	Unicorn-39305.exe
2252	Unicorn-33083.exe
2116	Unicorn-48028.exe
816	Unicorn-9694.exe
1528	Unicorn-56757.exe
2248	Unicorn-6165.exe
1484	Unicorn-11640.exe
1180	Unicorn-55942.exe
1080	Unicorn-52180.exe
1504	Unicorn-42943.exe
1060	Unicorn-4603.exe
2180	Unicorn-7639.exe
1780	Unicorn-34836.exe
1044	Unicorn-28828.exe
2284	Unicorn-56025.exe
2576	Unicorn-18522.exe
1592	Unicorn-57224.exe
3012	Unicorn-51002.exe
2600	Unicorn-410.exe
3008	Unicorn-35242.exe
2764	Unicorn-24936.exe
2696	Unicorn-13238.exe
1728	Unicorn-25490.exe
2224	Unicorn-37188.exe
2768	Unicorn-6352.exe
2640	Unicorn-6352.exe
788	Unicorn-16851.exe
2588	Unicorn-12958.exe
1704	Unicorn-55745.exe
1596	Unicorn-322.exe
592	Unicorn-52216.exe
572	Unicorn-36071.exe
2844	Unicorn-62522.exe
2124	Unicorn-981.exe
2436	Unicorn-28754.exe
2276	Unicorn-28754.exe
2868	Unicorn-28754.exe
2256	Unicorn-28754.exe
2304	Unicorn-39705.exe
1740	Unicorn-48418.exe
1720	Unicorn-43815.exe
2708	Unicorn-43815.exe
1588	Unicorn-30349.exe
2604	Unicorn-38325.exe
2616	Unicorn-54225.exe
2816	Unicorn-13000.exe
1220	Unicorn-35642.exe
2076	Unicorn-38211.exe
2092	Unicorn-46955.exe
1908	Unicorn-35362.exe
2272	Unicorn-52466.exe
2380	Unicorn-28516.exe
2296	Unicorn-5787.exe

Loads dropped DLL 64 IoCs

pid	Process
1700	ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe
1700	ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe
1700	ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe
2524	Unicorn-28776.exe
1700	ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe
2524	Unicorn-28776.exe
2684	Unicorn-27790.exe
2684	Unicorn-27790.exe
2524	Unicorn-28776.exe
2524	Unicorn-28776.exe
2844	Unicorn-12008.exe
2844	Unicorn-12008.exe
1916	Unicorn-4307.exe
1916	Unicorn-4307.exe
2728	Unicorn-32341.exe
2728	Unicorn-32341.exe
2844	Unicorn-12008.exe
2844	Unicorn-12008.exe
2812	Unicorn-28340.exe
2812	Unicorn-28340.exe
1916	Unicorn-4307.exe
1916	Unicorn-4307.exe
364	Unicorn-53612.exe
364	Unicorn-53612.exe
1512	Unicorn-41914.exe
1512	Unicorn-41914.exe
2728	Unicorn-32341.exe
2728	Unicorn-32341.exe
2652	Unicorn-21577.exe
2652	Unicorn-21577.exe
1408	Unicorn-37359.exe
1408	Unicorn-37359.exe
2812	Unicorn-28340.exe
2812	Unicorn-28340.exe
848	Unicorn-39305.exe
848	Unicorn-39305.exe
364	Unicorn-53612.exe
364	Unicorn-53612.exe
2252	Unicorn-33083.exe
2116	Unicorn-48028.exe
1512	Unicorn-41914.exe
2116	Unicorn-48028.exe
2252	Unicorn-33083.exe
1512	Unicorn-41914.exe
816	Unicorn-9694.exe
816	Unicorn-9694.exe
2652	Unicorn-21577.exe
2652	Unicorn-21577.exe
1528	Unicorn-56757.exe
1528	Unicorn-56757.exe
1408	Unicorn-37359.exe
1408	Unicorn-37359.exe
2248	Unicorn-6165.exe
2248	Unicorn-6165.exe
1484	Unicorn-11640.exe
1484	Unicorn-11640.exe
1180	Unicorn-55942.exe
1180	Unicorn-55942.exe
848	Unicorn-39305.exe
848	Unicorn-39305.exe
1060	Unicorn-4603.exe
1060	Unicorn-4603.exe
1504	Unicorn-42943.exe
1504	Unicorn-42943.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
1960	1596	WerFault.exe	69
2692	2688	WerFault.exe	116
2060	2496	WerFault.exe	110
2216	2380	WerFault.exe	160
932	1256	WerFault.exe	212

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1700	ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe
2524	Unicorn-28776.exe
2684	Unicorn-27790.exe
2844	Unicorn-12008.exe
1652	Unicorn-11920.exe
1916	Unicorn-4307.exe
2728	Unicorn-32341.exe
2812	Unicorn-28340.exe
364	Unicorn-53612.exe
1512	Unicorn-41914.exe
2652	Unicorn-21577.exe
1408	Unicorn-37359.exe
848	Unicorn-39305.exe
2116	Unicorn-48028.exe
2252	Unicorn-33083.exe
816	Unicorn-9694.exe
1528	Unicorn-56757.exe
2248	Unicorn-6165.exe
1484	Unicorn-11640.exe
1180	Unicorn-55942.exe
1060	Unicorn-4603.exe
1080	Unicorn-52180.exe
1504	Unicorn-42943.exe
2180	Unicorn-7639.exe
1780	Unicorn-34836.exe
1044	Unicorn-28828.exe
2284	Unicorn-56025.exe
2576	Unicorn-18522.exe
1592	Unicorn-57224.exe
2600	Unicorn-410.exe
3012	Unicorn-51002.exe
3008	Unicorn-35242.exe
2764	Unicorn-24936.exe
2696	Unicorn-13238.exe
2224	Unicorn-37188.exe
2640	Unicorn-6352.exe
2768	Unicorn-6352.exe
1596	Unicorn-322.exe
2276	Unicorn-28754.exe
592	Unicorn-52216.exe
2124	Unicorn-981.exe
2436	Unicorn-28754.exe
788	Unicorn-16851.exe
2844	Unicorn-62522.exe
572	Unicorn-36071.exe
1740	Unicorn-48418.exe
2588	Unicorn-12958.exe
1720	Unicorn-43815.exe
1588	Unicorn-30349.exe
1704	Unicorn-55745.exe
2616	Unicorn-54225.exe
2868	Unicorn-28754.exe
2256	Unicorn-28754.exe
2816	Unicorn-13000.exe
2304	Unicorn-39705.exe
2092	Unicorn-46955.exe
2604	Unicorn-38325.exe
2708	Unicorn-43815.exe
1728	Unicorn-25490.exe
1220	Unicorn-35642.exe
2076	Unicorn-38211.exe
1908	Unicorn-35362.exe
2272	Unicorn-52466.exe
2832	Unicorn-13955.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 2524	1700	ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe	27
PID 1700 wrote to memory of 2524	1700	ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe	27
PID 1700 wrote to memory of 2524	1700	ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe	27
PID 1700 wrote to memory of 2524	1700	ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe	27
PID 1700 wrote to memory of 2844	1700	ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe	28
PID 1700 wrote to memory of 2844	1700	ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe	28
PID 1700 wrote to memory of 2844	1700	ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe	28
PID 1700 wrote to memory of 2844	1700	ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe	28
PID 2524 wrote to memory of 2684	2524	Unicorn-28776.exe	29
PID 2524 wrote to memory of 2684	2524	Unicorn-28776.exe	29
PID 2524 wrote to memory of 2684	2524	Unicorn-28776.exe	29
PID 2524 wrote to memory of 2684	2524	Unicorn-28776.exe	29
PID 2684 wrote to memory of 1652	2684	Unicorn-27790.exe	32
PID 2684 wrote to memory of 1652	2684	Unicorn-27790.exe	32
PID 2684 wrote to memory of 1652	2684	Unicorn-27790.exe	32
PID 2684 wrote to memory of 1652	2684	Unicorn-27790.exe	32
PID 2524 wrote to memory of 1916	2524	Unicorn-28776.exe	33
PID 2524 wrote to memory of 1916	2524	Unicorn-28776.exe	33
PID 2524 wrote to memory of 1916	2524	Unicorn-28776.exe	33
PID 2524 wrote to memory of 1916	2524	Unicorn-28776.exe	33
PID 2844 wrote to memory of 2728	2844	Unicorn-12008.exe	34
PID 2844 wrote to memory of 2728	2844	Unicorn-12008.exe	34
PID 2844 wrote to memory of 2728	2844	Unicorn-12008.exe	34
PID 2844 wrote to memory of 2728	2844	Unicorn-12008.exe	34
PID 1916 wrote to memory of 2812	1916	Unicorn-4307.exe	35
PID 1916 wrote to memory of 2812	1916	Unicorn-4307.exe	35
PID 1916 wrote to memory of 2812	1916	Unicorn-4307.exe	35
PID 1916 wrote to memory of 2812	1916	Unicorn-4307.exe	35
PID 2728 wrote to memory of 364	2728	Unicorn-32341.exe	36
PID 2728 wrote to memory of 364	2728	Unicorn-32341.exe	36
PID 2728 wrote to memory of 364	2728	Unicorn-32341.exe	36
PID 2728 wrote to memory of 364	2728	Unicorn-32341.exe	36
PID 2844 wrote to memory of 1512	2844	Unicorn-12008.exe	37
PID 2844 wrote to memory of 1512	2844	Unicorn-12008.exe	37
PID 2844 wrote to memory of 1512	2844	Unicorn-12008.exe	37
PID 2844 wrote to memory of 1512	2844	Unicorn-12008.exe	37
PID 2812 wrote to memory of 1408	2812	Unicorn-28340.exe	38
PID 2812 wrote to memory of 1408	2812	Unicorn-28340.exe	38
PID 2812 wrote to memory of 1408	2812	Unicorn-28340.exe	38
PID 2812 wrote to memory of 1408	2812	Unicorn-28340.exe	38
PID 1916 wrote to memory of 2652	1916	Unicorn-4307.exe	39
PID 1916 wrote to memory of 2652	1916	Unicorn-4307.exe	39
PID 1916 wrote to memory of 2652	1916	Unicorn-4307.exe	39
PID 1916 wrote to memory of 2652	1916	Unicorn-4307.exe	39
PID 364 wrote to memory of 848	364	Unicorn-53612.exe	40
PID 364 wrote to memory of 848	364	Unicorn-53612.exe	40
PID 364 wrote to memory of 848	364	Unicorn-53612.exe	40
PID 364 wrote to memory of 848	364	Unicorn-53612.exe	40
PID 1512 wrote to memory of 2252	1512	Unicorn-41914.exe	41
PID 1512 wrote to memory of 2252	1512	Unicorn-41914.exe	41
PID 1512 wrote to memory of 2252	1512	Unicorn-41914.exe	41
PID 1512 wrote to memory of 2252	1512	Unicorn-41914.exe	41
PID 2728 wrote to memory of 2116	2728	Unicorn-32341.exe	42
PID 2728 wrote to memory of 2116	2728	Unicorn-32341.exe	42
PID 2728 wrote to memory of 2116	2728	Unicorn-32341.exe	42
PID 2728 wrote to memory of 2116	2728	Unicorn-32341.exe	42
PID 2652 wrote to memory of 816	2652	Unicorn-21577.exe	43
PID 2652 wrote to memory of 816	2652	Unicorn-21577.exe	43
PID 2652 wrote to memory of 816	2652	Unicorn-21577.exe	43
PID 2652 wrote to memory of 816	2652	Unicorn-21577.exe	43
PID 1408 wrote to memory of 1528	1408	Unicorn-37359.exe	44
PID 1408 wrote to memory of 1528	1408	Unicorn-37359.exe	44
PID 1408 wrote to memory of 1528	1408	Unicorn-37359.exe	44
PID 1408 wrote to memory of 1528	1408	Unicorn-37359.exe	44

C:\Users\Admin\AppData\Local\Temp\ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ebbdd6926d7a637b53449a7621fde865_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13955.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        6⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
        7⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62344.exe
        8⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51950.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
        10⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53564.exe
        11⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
        12⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
        7⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18401.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        9⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63621.exe
        10⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
        11⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        9⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30814.exe
        10⤵
        
        PID:1452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56757.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12958.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28754.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30349.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35362.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        11⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56449.exe
        12⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        13⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        14⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61763.exe
        15⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
        16⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50741.exe
        17⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3579.exe
        14⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29579.exe
        15⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8654.exe
        12⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        13⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
        14⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61867.exe
        15⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10284.exe
        16⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16539.exe
        10⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
        9⤵
        Executes dropped EXE
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61293.exe
        10⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        11⤵
        Program crash
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16851.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4692.exe
        10⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
        11⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        12⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        13⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        14⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        15⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46244.exe
        7⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12484.exe
        9⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41815.exe
        10⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
        11⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46579.exe
        12⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57648.exe
        13⤵
        
        PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9694.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7639.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5787.exe
        9⤵
        Executes dropped EXE
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47479.exe
        10⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27394.exe
        11⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20928.exe
        12⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38930.exe
        13⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        14⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
        15⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52118.exe
        9⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 200
        10⤵
        Program crash
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36071.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13000.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11625.exe
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        9⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57409.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        11⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        12⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33196.exe
        13⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        14⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41442.exe
        15⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
        13⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        14⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
        9⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
        10⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
        11⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        12⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
        13⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60061.exe
        14⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26486.exe
        10⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        11⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4882.exe
        12⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24784.exe
        13⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
        14⤵
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34836.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
        8⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
        9⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1218.exe
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58068.exe
        11⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        12⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29112.exe
        13⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        14⤵
        
        PID:2820
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53612.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57224.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28754.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38211.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46628.exe
        11⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
        12⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
        13⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
        14⤵
        
        PID:2380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 148
        15⤵
        Program crash
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
        11⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        12⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        13⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64285.exe
        14⤵
        
        PID:1256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 188
        15⤵
        Program crash
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-410.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28754.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
        10⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        11⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        12⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        13⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
        14⤵
        
        PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55942.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28754.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
        9⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        10⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        11⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        12⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        13⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
        14⤵
        
        PID:112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
        9⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        10⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29205.exe
        11⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8758.exe
        12⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        13⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        14⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56605.exe
        15⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        16⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
        15⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
        13⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        14⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10284.exe
        15⤵
        
        PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25490.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58688.exe
        6⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59490.exe
        7⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
        9⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        10⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8971.exe
        11⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39864.exe
        12⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
        13⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        14⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44057.exe
        12⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
        13⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2547.exe
        14⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        7⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14705.exe
        8⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        9⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        10⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        11⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        12⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18488.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
        10⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18697.exe
        11⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        12⤵
        
        PID:1268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30676.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
        8⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        9⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        10⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        11⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33196.exe
        12⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42490.exe
        13⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        8⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2261.exe
        9⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        10⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
        11⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
        12⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        13⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
        14⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        11⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21494.exe
        12⤵
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-322.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 220
        7⤵
        Program crash
        
        PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4603.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35242.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46628.exe
        7⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        8⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        9⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        10⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
        11⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55370.exe
        12⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18287.exe
        13⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46472.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1519.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        9⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7113.exe
        10⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62915.exe
        11⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        12⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28012.exe
        13⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
        9⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        10⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15551.exe
        11⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
        12⤵
        
        PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49233.exe
        9⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17472.exe
        10⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
        11⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64394.exe
        12⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34950.exe
        13⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
        14⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63143.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        10⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
        8⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
        9⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
        10⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58644.exe
        11⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53128.exe
        12⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59153.exe
        13⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45095.exe
        14⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38778.exe
        10⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28816.exe
        11⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7959.exe
        12⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37446.exe
        13⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
        14⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
        9⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40217.exe
        10⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
        11⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
        12⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58551.exe
        13⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23305.exe
        14⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9412.exe
        12⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17637.exe
        13⤵
        
        PID:2980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe

Filesize
184KB

MD5
821a57dc7551f980f656d333ae99d58a

SHA1
a9722b8103d693a13049e61691ed60735a284816

SHA256
7ad5a4cb3fcb470839872975bb0f0561808b04b02278bee2865702f6d7381683

SHA512
4920ecc8fb3995b9e0ebdb63d1a5e0cc15e3408f20a643ac5d45f30423c02810aad042a16b3012e7ddc32893000bafd03abc370566aa6bbd79b49956a0eff4fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28340.exe

Filesize
184KB

MD5
58ee8aca10afa0a2c304560109cc8832

SHA1
bd3b5daaa68c37828961593e8b346fef82f5d826

SHA256
b2426dbe94cd78fed3983f292f489e1deb2ce3162017a7e63322c0dbde5e2273

SHA512
83bb36569c86a7f0b6d02286390896cd890130012475c526b8ea4278821d800106ad7ed8b57dd90f783ba0904a31e4a4155e3b18d5822a20c92ff097addcc038

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33083.exe

Filesize
184KB

MD5
6abdb1bbbd077a754e3ddcfec72dd613

SHA1
c4cd7da0cd69010453b72c39d295bf2865d65568

SHA256
ef6b1b3431107ab3bcb3f71c1f1b5c9aae14a23bc9e94c50de86bfd6aa21f8a6

SHA512
dd18594421349f3a770288b956b2fbba068c65b0549477c94ee6134151fabbc9b5463d8dadb0ecc8cf58c78c06e9cc9b39b027a2c701d318bc548bf7e594a098

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe

Filesize
184KB

MD5
5a02094aa8acf053e030c31a9a0ec759

SHA1
a4489d0af64ea340e758cb8878a7722625e0eb92

SHA256
ccbfa82f4823d134f5c8948315cce4c3c45f2f7dd2abfca8cf2e1da15356fa75

SHA512
b94f73c36a4b7d0391451c6a1e24bebbee6edbeda83797808ccf71bbe63c7b61af89e3b1de7267233e7e80ac30997580a76e3bb5e0760c52ccb9f23c62e1d7dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe

Filesize
184KB

MD5
fc81466dc869a0a0a9e22e8c5bca4f86

SHA1
a50f7f119b63621d8e865e2cc059009b50c04e83

SHA256
1a513ce9483e771ef7dd8b41b2f58d94ad9177ef1223535a82aee5468c9e70a2

SHA512
065c0e402c6ef121d3e2c8669ec629212c374c509a3df90907afe9a073c090b65d43229d02375d271a65db695dd6c0902ece5d386b4f86a5d3e9ce29d123333b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39705.exe

Filesize
184KB

MD5
36747c14b885ca237413bc4c3339dcc5

SHA1
e07c1dd34a74a59f13a3647c60aea8a991ff0dfa

SHA256
058ece968cc54d1bea4177a25377a589679a167a75b9b6973cca109c3954a573

SHA512
b84de0be812b0de0af6d72603254a931f3861450ce8db83e622f9514fcf9786e7aa1dfe7d4e2c8b226dca339d732cff9f076cbd26301cade27e098f9c3cf9ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe

Filesize
184KB

MD5
ddfeef7c15754a09fcdbf430ceadc231

SHA1
0da167b80d0e09f0a8cc48dc4769e22ed490d32c

SHA256
af03655253a048d14b989ba79ea9fca75c1f0b50926bd5ed962d48b6612db3a0

SHA512
85b5b32a4838fa1fa84e50edefe905fb34ba64d12b42a271c3899fb092267c8ce9ce01b904e29753c14a2df635517e6a906eca68d70f6316983644e0f7b679a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53612.exe

Filesize
184KB

MD5
1451988c943059622e0f1416eb14c97e

SHA1
11c2967643b63cf43c783459e74497c0ef122490

SHA256
7980ffd6af3f607e6468e68a2795f21ac9611dacdc351a75ca666342e8ed961d

SHA512
492daee4cc6681a0281acdc1f80f515df49eee36a01668fb34927587786e77e7dd821c08bd8709c4ad98918772f7f6158d46e883e61bdb3c273da3455e4f34ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56757.exe

Filesize
184KB

MD5
e30710f7f3176110bd2be86ea7e2d59b

SHA1
f51be9d858d0c9b259a8eb2d1cbf0209065e1086

SHA256
c0c770bb611d42f2cde1522baf5d05de0d59468db479be5f00e65a998e9b0079

SHA512
ae971784af9eff43ad048a7081aef691e0e71f056acc50a94be683ab9a498cc4911ef530f55f031183750d85bb5b9f23b66cf96f1bbb66ec5db4cad711bb13a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe

Filesize
184KB

MD5
0215c3991990a34511c5eb2661be24fc

SHA1
0e4692f9ca429ee3a6d12587438de72aa7f722ef

SHA256
e0504a2802dd27d05f6acb16930f768f9af4a219cfabb507737f6f8d051ebbed

SHA512
a14b132f08a0f3ea71326091c62c176b8276ffb0c3ed6680612af047c4ba04704fe497ac73f64e5aebb6663824c2840ab6ee9e99940e86594edb2a69163629a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5787.exe

Filesize
184KB

MD5
e8d34948a79945fe24ab926b30ee9ff9

SHA1
685b2e7ae8cd4b2be9ac4b6190082170327cb108

SHA256
3fc6767f9676da1719979d86019416fcf3e02dc40ae57d442f9d6577f452bc2f

SHA512
1879cabfc37cd8ac9446a42718f4209f5d80c6c7c09b6d353b073268740719bd7ab9e3f6c22dc8bfba559cf16e8f8bc9ea099d59bb27e2645dec418d651fcb0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59490.exe

Filesize
184KB

MD5
a8c1a8ba41e83db45fc5cdeb6c0c1fca

SHA1
bcf2713b3900cfaa194cb2ea2f9e1ef18601ea5b

SHA256
7895e9e5a6cf719b3a6666e40fd3113345c3c6a6eecbc161b115bb4f80af708f

SHA512
f4591aff4ce1b9d1327568f4611ee05aa978346df9c0b7de45fe3d948e43b9d20118ce110ec91c15dfe196663806aff92dc98a6416edb6a85f4f36e46a399556

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe

Filesize
184KB

MD5
5ab37770ea58663985d27ea034ba3556

SHA1
876ad7d18c112fc8faee0665c048ff72c908d105

SHA256
859f44f0076468a435a1792c789d38c66d5978d7bfec78a081c0b60c740250a0

SHA512
4ca952efa54acb8bd35087e05877197018bb37c416f3356d1015d83c41ae16139aae0f55bf6462f806935f19a1864ca98eb8ff53b36fc0f81e6f148c9f8b5d6e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11920.exe

Filesize
184KB

MD5
76575ea2f5d2e37ea3de2449fd831e16

SHA1
ed7721529482ebb8a9c93552d429fc26d3d14eb7

SHA256
c022dc386757d0098b912eac79ebf69cd7034db1c4720ccbc79b55e64eb7af71

SHA512
a69925afd56a2b6401226e2c4c1c00b2971e42af2c74c1d26c70f84806b1b68d6d7b6552e33b06bed36f9a66935f958c258c80ffb1fd3d29817de591c2b87f58

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12008.exe

Filesize
184KB

MD5
293061f6dcc7d7b77100230de95727eb

SHA1
ff698e7834779d5d979dfc2840e5492eb422b171

SHA256
83a8663596c8c01e381b8996a6c80a947eea2489e071a0bbbea68f79aa70c7d7

SHA512
60da3a369595288f6edaed587b68cf4f7421e25059d280b051a58fc8b49dcfab7ff5e63345f70b017007aaa82f65877c017d457fcd686ce3c3a1968a2d111edb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27790.exe

Filesize
184KB

MD5
5361c78efb07e6a50022b1efb6f1c2c4

SHA1
b16fc49b4bcafd20a75ce367d4cb9b0e5c16bc55

SHA256
0eb75859d487a405e2470a6eed75a1f1d4f336bc017520c60ad2b30734a96bd8

SHA512
1c44d98e68037e56aa09f967d110fc13e75093ce3be46bc1213adfd4e11cd5bfb09b5fb217c24b3bfb5949340d112a72ed31ff969b0093532c08da327603034e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe

Filesize
184KB

MD5
b04457b3477205ce24b9b9ebc1d50950

SHA1
294ebdea4153e29c2ff20d6b98b08cdf608fb893

SHA256
7fcc61e60719603fd24c064e33c9f37fbf72ede8d0a9067571b4281c7b3cfbe9

SHA512
811f6f335d1fb6a408e114e79f7b81649c736961e937a43abfc84047b745e426012e7cdda1418b4987b1b5321d79cb5668a3c2f3febb45eaca131ce5e4202ba8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32341.exe

Filesize
184KB

MD5
4130f1e829d9d07f12ca4dac195314fa

SHA1
21aca6a26f2c9e74db98793611dd3dc57f1017c1

SHA256
dafc7936039ac54531560c11c48b0e2fdac92222d4c51e5fbf8ce398ebb9abe5

SHA512
e81aacc0094a020ed75375e5c23c03a3257e869af5bbd23b7036bc9ebda965e9a1b87e83e8ab893bf40977966fdace41e7b4bd16b92564fe9bbb7b46d2e3b4a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39305.exe

Filesize
184KB

MD5
cc37048390cbf7ffd60f2a77b0555041

SHA1
e5356429519d525b8ac6ea44a2d21878d1f11451

SHA256
adae406cdd877b2a03f432935b9b0415e1e2fb5879bc06c52f607e23722ea8a7

SHA512
16d031025bc2f887601f05e1cf0145f23973fceef90409de530ff6b265a82b8b56ef3b7ff58f7d9d690e9fc0c60ed0419f428ae5a158c2bbae9a5d6d91b7aa1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe

Filesize
184KB

MD5
5259a44faedaf85ed4880583a2f6e560

SHA1
3ead57f2b24648e8ab22671653e47f1c330afeb5

SHA256
a497906982ec10def5c6fae4c626f88c1f2b6a03f1f96958eb7acd06243973a6

SHA512
9752aae15b6c9959ec6f3cc433d4ee4b1d155aa86692da38f4da9c25fc5d434cc1758a764002217bc9b160d9ecd31d20556a748460d805ad5b50ff568a4ea0e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe

Filesize
184KB

MD5
b8b51b78fb50014351bed0fabf263b86

SHA1
440ec6ba2085c87a9ca603d7cb53e5cb9cab0d94

SHA256
1374cc7a8822e11315015141be7e7fb4bf0163c1d6600ca89596c0e9b4c645ec

SHA512
481e8c7794c280c035e03132b2455c36df706035a24eedd672408bb0ada50123c848894918bca86ea8db78ca23f9decf27efeafb10926086b5adafbd7ae6ec59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe

Filesize
184KB

MD5
50cc62313283ffe8d666b5b437c09d47

SHA1
02ccb5acac9a040b1728ca9150d2f604fd44496a

SHA256
61d1dd8f3bee3b7a5ac1a905e08feae79a705764c380d143b34ffaa4175f1fc9

SHA512
a1f3d1bbb60509bbaa66f4085231e7dec2f0348a2d1b286f89eb4e785ac9c5b62b0d426e2497002126b40aad6eeb337d59ed5d54b5597004ce343c5b672f4221

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9694.exe

Filesize
184KB

MD5
b693d9327a16c7bd984d3956ebdbc52d

SHA1
ebf7dd0675a4bd2c0236695b48e58439bbd983e8

SHA256
ef6f00de8b5cbee8dba4dbce0ad3543e5cb3b916478578bf12b93273383b58c2

SHA512
d39c207619491052a7de2aeec71381c89d6b7de950441e1f43187ea6f263ab17e705391ef3dc4512bcb05e6dd10675ded37b601917228dfc642dd620e9ba6754

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads