0b35b0f5587cef201f2a7807b7f8e46fe0ebb3218f54ed30e8c48d593d14d9a2

Analysis

max time kernel
108s
max time network
125s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe
Size

184KB
MD5

f60156f13419eb0324504d2492962a7d
SHA1

2885655e0a98b43008f7e5fae66dab335b68d9fa
SHA256

0b35b0f5587cef201f2a7807b7f8e46fe0ebb3218f54ed30e8c48d593d14d9a2
SHA512

44c8cff8add944eca7ea94e966ad690277673dbf801c130bdb250e888f422897f674f91959904e7bda72664e6312e317c851afe21d0d69a0dec15ecf8d9b28d7
SSDEEP

3072:ZvOZoAQU50AUkgOHpd3RL08bbI2prX/5TH0px7Ft40BlVvwFb:ZvIoMFjgudBL08rxwRBlVvwF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
752	Unicorn-42986.exe
1216	Unicorn-59358.exe
2024	Unicorn-9602.exe
2724	Unicorn-35102.exe
1336	Unicorn-50884.exe
2484	Unicorn-13935.exe
3012	Unicorn-26126.exe
1660	Unicorn-51377.exe
2884	Unicorn-5705.exe
2816	Unicorn-26680.exe
2784	Unicorn-46546.exe
2668	Unicorn-34735.exe
2768	Unicorn-38819.exe
1684	Unicorn-55710.exe
2044	Unicorn-34927.exe
2932	Unicorn-55902.exe
584	Unicorn-10230.exe
1160	Unicorn-14314.exe
2032	Unicorn-22653.exe
1520	Unicorn-1123.exe
1992	Unicorn-42902.exe
1140	Unicorn-49940.exe
1780	Unicorn-47672.exe
1624	Unicorn-64605.exe
1040	Unicorn-52353.exe
912	Unicorn-6660.exe
1328	Unicorn-23573.exe
2944	Unicorn-48248.exe
3028	Unicorn-31165.exe
2232	Unicorn-11299.exe
3044	Unicorn-64584.exe
108	Unicorn-9841.exe
2896	Unicorn-21579.exe
3056	Unicorn-54190.exe
2704	Unicorn-1289.exe
2644	Unicorn-10012.exe
2912	Unicorn-18586.exe
2460	Unicorn-51450.exe
2436	Unicorn-43452.exe
2604	Unicorn-30454.exe
2480	Unicorn-64065.exe
2416	Unicorn-43858.exe
2968	Unicorn-61071.exe
2332	Unicorn-1517.exe
1516	Unicorn-21383.exe
2632	Unicorn-59426.exe
2780	Unicorn-55534.exe
1708	Unicorn-54787.exe
980	Unicorn-23568.exe
1824	Unicorn-20444.exe
1720	Unicorn-16168.exe
396	Unicorn-599.exe
1368	Unicorn-30065.exe
1048	Unicorn-27133.exe
2348	Unicorn-14304.exe
3068	Unicorn-35877.exe
1732	Unicorn-7288.exe
2712	Unicorn-45498.exe
2664	Unicorn-59094.exe
2584	Unicorn-34952.exe
2188	Unicorn-18254.exe
1660	Unicorn-6556.exe
2984	Unicorn-22338.exe
2576	Unicorn-13785.exe

Loads dropped DLL 64 IoCs

pid	Process
2380	f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe
2380	f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe
2380	f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe
752	Unicorn-42986.exe
2380	f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe
752	Unicorn-42986.exe
2024	Unicorn-9602.exe
752	Unicorn-42986.exe
2024	Unicorn-9602.exe
752	Unicorn-42986.exe
1216	Unicorn-59358.exe
1216	Unicorn-59358.exe
2484	Unicorn-13935.exe
2484	Unicorn-13935.exe
1216	Unicorn-59358.exe
1216	Unicorn-59358.exe
1336	Unicorn-50884.exe
1336	Unicorn-50884.exe
2724	Unicorn-35102.exe
2024	Unicorn-9602.exe
2024	Unicorn-9602.exe
2724	Unicorn-35102.exe
3012	Unicorn-26126.exe
1660	Unicorn-51377.exe
3012	Unicorn-26126.exe
1660	Unicorn-51377.exe
2484	Unicorn-13935.exe
2484	Unicorn-13935.exe
2884	Unicorn-5705.exe
2884	Unicorn-5705.exe
2816	Unicorn-26680.exe
2816	Unicorn-26680.exe
1336	Unicorn-50884.exe
1336	Unicorn-50884.exe
2784	Unicorn-46546.exe
2784	Unicorn-46546.exe
2724	Unicorn-35102.exe
2724	Unicorn-35102.exe
2768	Unicorn-38819.exe
2768	Unicorn-38819.exe
1660	Unicorn-51377.exe
1660	Unicorn-51377.exe
2668	Unicorn-34735.exe
2668	Unicorn-34735.exe
3012	Unicorn-26126.exe
3012	Unicorn-26126.exe
2932	Unicorn-55902.exe
2932	Unicorn-55902.exe
2032	Unicorn-22653.exe
2032	Unicorn-22653.exe
1160	Unicorn-14314.exe
1160	Unicorn-14314.exe
584	Unicorn-10230.exe
584	Unicorn-10230.exe
2816	Unicorn-26680.exe
2816	Unicorn-26680.exe
2784	Unicorn-46546.exe
2044	Unicorn-34927.exe
2784	Unicorn-46546.exe
2044	Unicorn-34927.exe
2884	Unicorn-5705.exe
2884	Unicorn-5705.exe
1520	Unicorn-1123.exe
1520	Unicorn-1123.exe

Program crash 45 IoCs

pid	pid_target	Process	procid_target
2264	912	WerFault.exe	53
2748	3028	WerFault.exe	57
1996	2896	WerFault.exe	60
1624	2576	WerFault.exe	94
2080	2712	WerFault.exe	88
1092	2584	WerFault.exe	90
992	2480	WerFault.exe	128
1604	2336	WerFault.exe	116
368	1888	WerFault.exe	151
1344	2240	WerFault.exe	140
2492	2012	WerFault.exe	157
840	1096	WerFault.exe	166
2244	980	WerFault.exe	175
1500	3016	WerFault.exe	154
1692	2196	WerFault.exe	196
2860	3056	WerFault.exe	190
1268	2436	WerFault.exe	230
1532	2616	WerFault.exe	219
2052	2128	WerFault.exe	218
2004	1756	WerFault.exe	212
2284	292	WerFault.exe	234
396	1552	WerFault.exe	183
2768	2248	WerFault.exe	241
1448	1036	WerFault.exe	214
1336	388	WerFault.exe	256
3308	2648	WerFault.exe	228
3468	1608	WerFault.exe	244
1732	524	WerFault.exe	227
3176	2592	WerFault.exe	247
3188	1612	WerFault.exe	223
3204	1960	WerFault.exe	240
3248	3096	WerFault.exe	279
1776	1548	WerFault.exe	253
3316	3788	WerFault.exe	288
3304	2096	WerFault.exe	211
3260	2620	WerFault.exe	239
3420	3940	WerFault.exe	290
3632	2272	WerFault.exe	197
3644	2188	WerFault.exe	249
3444	1948	WerFault.exe	205
1048	2228	WerFault.exe	233
3692	3512	WerFault.exe	283
3404	1924	WerFault.exe	231
4056	2836	WerFault.exe	278
3860	2780	WerFault.exe	277

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2380	f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe
752	Unicorn-42986.exe
2024	Unicorn-9602.exe
1216	Unicorn-59358.exe
1336	Unicorn-50884.exe
2484	Unicorn-13935.exe
2724	Unicorn-35102.exe
1660	Unicorn-51377.exe
3012	Unicorn-26126.exe
2816	Unicorn-26680.exe
2784	Unicorn-46546.exe
2884	Unicorn-5705.exe
2768	Unicorn-38819.exe
2668	Unicorn-34735.exe
2032	Unicorn-22653.exe
1160	Unicorn-14314.exe
2044	Unicorn-34927.exe
2932	Unicorn-55902.exe
584	Unicorn-10230.exe
1520	Unicorn-1123.exe
1992	Unicorn-42902.exe
1140	Unicorn-49940.exe
1780	Unicorn-47672.exe
1624	Unicorn-64605.exe
1040	Unicorn-52353.exe
1328	Unicorn-23573.exe
2232	Unicorn-11299.exe
3028	Unicorn-31165.exe
2944	Unicorn-48248.exe
912	Unicorn-6660.exe
3044	Unicorn-64584.exe
2912	Unicorn-18586.exe
108	Unicorn-9841.exe
2704	Unicorn-1289.exe
2896	Unicorn-21579.exe
3056	Unicorn-54190.exe
2644	Unicorn-10012.exe
2480	Unicorn-64065.exe
2436	Unicorn-43452.exe
2460	Unicorn-51450.exe
2604	Unicorn-30454.exe
2416	Unicorn-43858.exe
2332	Unicorn-1517.exe
2968	Unicorn-61071.exe
1516	Unicorn-21383.exe
2780	Unicorn-55534.exe
2632	Unicorn-59426.exe
1708	Unicorn-54787.exe
980	Unicorn-23568.exe
1824	Unicorn-20444.exe
1720	Unicorn-16168.exe
396	Unicorn-599.exe
1368	Unicorn-30065.exe
1048	Unicorn-27133.exe
2348	Unicorn-14304.exe
1684	Unicorn-55710.exe
3068	Unicorn-35877.exe
1732	Unicorn-7288.exe
2712	Unicorn-45498.exe
2584	Unicorn-34952.exe
2664	Unicorn-59094.exe
2188	Unicorn-18254.exe
1660	Unicorn-6556.exe
2984	Unicorn-22338.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 752	2380	f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe	28
PID 2380 wrote to memory of 752	2380	f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe	28
PID 2380 wrote to memory of 752	2380	f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe	28
PID 2380 wrote to memory of 752	2380	f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe	28
PID 2380 wrote to memory of 1216	2380	f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe	30
PID 2380 wrote to memory of 1216	2380	f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe	30
PID 2380 wrote to memory of 1216	2380	f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe	30
PID 2380 wrote to memory of 1216	2380	f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe	30
PID 752 wrote to memory of 2024	752	Unicorn-42986.exe	29
PID 752 wrote to memory of 2024	752	Unicorn-42986.exe	29
PID 752 wrote to memory of 2024	752	Unicorn-42986.exe	29
PID 752 wrote to memory of 2024	752	Unicorn-42986.exe	29
PID 2024 wrote to memory of 1336	2024	Unicorn-9602.exe	31
PID 2024 wrote to memory of 1336	2024	Unicorn-9602.exe	31
PID 2024 wrote to memory of 1336	2024	Unicorn-9602.exe	31
PID 2024 wrote to memory of 1336	2024	Unicorn-9602.exe	31
PID 752 wrote to memory of 2724	752	Unicorn-42986.exe	32
PID 752 wrote to memory of 2724	752	Unicorn-42986.exe	32
PID 752 wrote to memory of 2724	752	Unicorn-42986.exe	32
PID 752 wrote to memory of 2724	752	Unicorn-42986.exe	32
PID 1216 wrote to memory of 2484	1216	Unicorn-59358.exe	33
PID 1216 wrote to memory of 2484	1216	Unicorn-59358.exe	33
PID 1216 wrote to memory of 2484	1216	Unicorn-59358.exe	33
PID 1216 wrote to memory of 2484	1216	Unicorn-59358.exe	33
PID 2484 wrote to memory of 3012	2484	Unicorn-13935.exe	34
PID 2484 wrote to memory of 3012	2484	Unicorn-13935.exe	34
PID 2484 wrote to memory of 3012	2484	Unicorn-13935.exe	34
PID 2484 wrote to memory of 3012	2484	Unicorn-13935.exe	34
PID 1216 wrote to memory of 1660	1216	Unicorn-59358.exe	35
PID 1216 wrote to memory of 1660	1216	Unicorn-59358.exe	35
PID 1216 wrote to memory of 1660	1216	Unicorn-59358.exe	35
PID 1216 wrote to memory of 1660	1216	Unicorn-59358.exe	35
PID 1336 wrote to memory of 2884	1336	Unicorn-50884.exe	36
PID 1336 wrote to memory of 2884	1336	Unicorn-50884.exe	36
PID 1336 wrote to memory of 2884	1336	Unicorn-50884.exe	36
PID 1336 wrote to memory of 2884	1336	Unicorn-50884.exe	36
PID 2024 wrote to memory of 2816	2024	Unicorn-9602.exe	38
PID 2024 wrote to memory of 2816	2024	Unicorn-9602.exe	38
PID 2024 wrote to memory of 2816	2024	Unicorn-9602.exe	38
PID 2024 wrote to memory of 2816	2024	Unicorn-9602.exe	38
PID 2724 wrote to memory of 2784	2724	Unicorn-35102.exe	37
PID 2724 wrote to memory of 2784	2724	Unicorn-35102.exe	37
PID 2724 wrote to memory of 2784	2724	Unicorn-35102.exe	37
PID 2724 wrote to memory of 2784	2724	Unicorn-35102.exe	37
PID 3012 wrote to memory of 2668	3012	Unicorn-26126.exe	39
PID 3012 wrote to memory of 2668	3012	Unicorn-26126.exe	39
PID 3012 wrote to memory of 2668	3012	Unicorn-26126.exe	39
PID 3012 wrote to memory of 2668	3012	Unicorn-26126.exe	39
PID 1660 wrote to memory of 2768	1660	Unicorn-51377.exe	40
PID 1660 wrote to memory of 2768	1660	Unicorn-51377.exe	40
PID 1660 wrote to memory of 2768	1660	Unicorn-51377.exe	40
PID 1660 wrote to memory of 2768	1660	Unicorn-51377.exe	40
PID 2484 wrote to memory of 1684	2484	Unicorn-13935.exe	41
PID 2484 wrote to memory of 1684	2484	Unicorn-13935.exe	41
PID 2484 wrote to memory of 1684	2484	Unicorn-13935.exe	41
PID 2484 wrote to memory of 1684	2484	Unicorn-13935.exe	41
PID 2884 wrote to memory of 2044	2884	Unicorn-5705.exe	42
PID 2884 wrote to memory of 2044	2884	Unicorn-5705.exe	42
PID 2884 wrote to memory of 2044	2884	Unicorn-5705.exe	42
PID 2884 wrote to memory of 2044	2884	Unicorn-5705.exe	42
PID 2816 wrote to memory of 584	2816	Unicorn-26680.exe	43
PID 2816 wrote to memory of 584	2816	Unicorn-26680.exe	43
PID 2816 wrote to memory of 584	2816	Unicorn-26680.exe	43
PID 2816 wrote to memory of 584	2816	Unicorn-26680.exe	43

C:\Users\Admin\AppData\Local\Temp\f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f60156f13419eb0324504d2492962a7d_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9602.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31165.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
        8⤵
        Program crash
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59426.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        8⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55999.exe
        9⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        10⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
        11⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61071.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35877.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49507.exe
        9⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24095.exe
        10⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
        11⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
        12⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
        13⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16151.exe
        14⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        15⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46745.exe
        16⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60699.exe
        17⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe
        16⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        8⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11136.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        10⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31163.exe
        11⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 224
        12⤵
        Program crash
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64605.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7288.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15355.exe
        9⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63456.exe
        10⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        11⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        12⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe
        13⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
        14⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43452.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13785.exe
        8⤵
        Executes dropped EXE
        
        PID:2576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 244
        9⤵
        Program crash
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
        8⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17380.exe
        9⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33410.exe
        10⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8708.exe
        11⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
        12⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40663.exe
        13⤵
        
        PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26680.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23573.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21383.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14304.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        9⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22616.exe
        10⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43799.exe
        11⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40094.exe
        12⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55714.exe
        13⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
        14⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26026.exe
        15⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
        16⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22433.exe
        17⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
        14⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
        15⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58670.exe
        16⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38090.exe
        13⤵
        
        PID:1612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 220
        14⤵
        Program crash
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56580.exe
        8⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
        9⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39326.exe
        10⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27131.exe
        11⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
        12⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13026.exe
        13⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
        14⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12401.exe
        15⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 224
        16⤵
        Program crash
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41780.exe
        13⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
        14⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53045.exe
        15⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55885.exe
        11⤵
        
        PID:2096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        12⤵
        Program crash
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57343.exe
        10⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56482.exe
        11⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 244
        12⤵
        Program crash
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8474.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39720.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
        10⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        11⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20764.exe
        12⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10213.exe
        13⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
        14⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26042.exe
        15⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4991.exe
        16⤵
        
        PID:3712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 372
        16⤵
        Program crash
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 368
        15⤵
        Program crash
        
        PID:3204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 376
        14⤵
        Program crash
        
        PID:2004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 376
        13⤵
        Program crash
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
        12⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56093.exe
        13⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        14⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15107.exe
        15⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25474.exe
        16⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 380
        15⤵
        Program crash
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        14⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 224
        15⤵
        Program crash
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 380
        14⤵
        Program crash
        
        PID:3404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 376
        13⤵
        Program crash
        
        PID:1448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 376
        12⤵
        Program crash
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
        11⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 224
        12⤵
        Program crash
        
        PID:3632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 380
        11⤵
        Program crash
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe
        10⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        11⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 244
        12⤵
        Program crash
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe
        10⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        11⤵
        
        PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46546.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14314.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6660.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        7⤵
        Program crash
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45498.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 220
        8⤵
        Program crash
        
        PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11299.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43858.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5617.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30400.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20048.exe
        10⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4282.exe
        11⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36431.exe
        12⤵
        
        PID:3096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 224
        13⤵
        Program crash
        
        PID:3248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52353.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30454.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
        9⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29876.exe
        10⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
        11⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe
        12⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
        13⤵
        
        PID:2248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 244
        14⤵
        Program crash
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23568.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        8⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8329.exe
        9⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55148.exe
        10⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55143.exe
        11⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        12⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61329.exe
        13⤵
        
        PID:2228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 224
        14⤵
        Program crash
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10202.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21724.exe
        10⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
        11⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22160.exe
        12⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
        13⤵
        
        PID:2592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 244
        14⤵
        Program crash
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16897.exe
        12⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
        13⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe
        14⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47525.exe
        10⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31781.exe
        11⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        12⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34018.exe
        13⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        14⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11306.exe
        15⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
        14⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
        11⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 220
        12⤵
        Program crash
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6556.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53072.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
        9⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27323.exe
        10⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
        11⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 244
        12⤵
        Program crash
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
        11⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23367.exe
        12⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9853.exe
        10⤵
        
        PID:4044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49940.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1289.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
        9⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56575.exe
        10⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 220
        11⤵
        Program crash
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41509.exe
        8⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41910.exe
        9⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48018.exe
        10⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
        11⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
        12⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
        13⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59274.exe
        14⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38491.exe
        15⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28027.exe
        16⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
        14⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5429.exe
        15⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18541.exe
        16⤵
        
        PID:3788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 220
        17⤵
        Program crash
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55307.exe
        16⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-384.exe
        11⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30323.exe
        12⤵
        
        PID:388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 224
        13⤵
        Program crash
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10012.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41915.exe
        8⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        10⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43218.exe
        11⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45460.exe
        12⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37925.exe
        13⤵
        
        PID:1948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 224
        14⤵
        Program crash
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
        12⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55953.exe
        13⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
        14⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2583.exe
        15⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44946.exe
        11⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49269.exe
        12⤵
        
        PID:292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
        13⤵
        Program crash
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47672.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28895.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7374.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37686.exe
        10⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        11⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
        12⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11381.exe
        13⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 244
        14⤵
        Program crash
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25557.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51593.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54401.exe
        10⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
        12⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58143.exe
        13⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19283.exe
        14⤵
        
        PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
        5⤵
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49559.exe
        6⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56762.exe
        7⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 244
        8⤵
        Program crash
        
        PID:368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51377.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38819.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18745.exe
        8⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50317.exe
        9⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe
        10⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9635.exe
        11⤵
        
        PID:3344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21579.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
        6⤵
        Program crash
        
        PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54190.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59094.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15023.exe
        9⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
        10⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39383.exe
        11⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31034.exe
        12⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        13⤵
        Program crash
        
        PID:3260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34952.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62885.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4416.exe
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47712.exe
        9⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        10⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8542.exe
        11⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21584.exe
        12⤵
        
        PID:524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 244
        13⤵
        Program crash
        
        PID:1732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 380
        12⤵
        Program crash
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51796.exe
        11⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
        12⤵
        
        PID:2188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 224
        13⤵
        Program crash
        
        PID:3644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 376
        12⤵
        Program crash
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 376
        11⤵
        Program crash
        
        PID:2860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 376
        10⤵
        Program crash
        
        PID:840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 376
        9⤵
        Program crash
        
        PID:1344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 376
        8⤵
        Program crash
        
        PID:1604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 376
        7⤵
        Program crash
        
        PID:1092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10230.exe

Filesize
184KB

MD5
94e47a312592042a9b0ebb6fda53763b

SHA1
be6c41404c1c3b69ec3ad00d87a89dd770e23335

SHA256
d457c6cde942d423806794b018416c40a4c3604a5c39fa67330aa3fcbac2d4df

SHA512
17da50ea84e365c240eaf658d37629bd441724b3d372422a169d17780335edb3e513c81dc9d01dccf9df48ffdaac55ab390db4f6d7a9eb30834f24de73c080c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe

Filesize
184KB

MD5
b9f6f109b1b5dc94760612c7b40978c9

SHA1
4a6974edef077785eaf6473a8d45d472be95a8b1

SHA256
d47c4e75c5770351babedee2e39e5df956c7ad7679eb891fdc69f429ae916645

SHA512
33cc110a065f5a298113fe3c8e5e533908e6fcda3f7e1018593c4f5b1704e72bcb524490dd4ff09d3938ba84942a7370a2ddb18d2384b054b0c6fbc89be8d239

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35102.exe

Filesize
184KB

MD5
63a9fb4bfad517e43a9329a4d5e591a8

SHA1
d418395cc9dc040e27bb2f64e8bf72661d1e5782

SHA256
8bb435e66d3e264382dc7c52770c2b32f6e976b13140839dde08eeca55900a3f

SHA512
4296605573ba4511e0fe75e9c0cf2745c506295bd13d936a4630ff42ba2c7758e804d317650f6c3e46e2ebd89df857eefc0b0a8603e799519fb54f5e3501fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40257.exe

Filesize
184KB

MD5
44397899cc48cbc5d28d06dde18b151c

SHA1
8724c39946f5ac83b15253f3ddc7eac5f9c454cc

SHA256
0384b3e4de6f2070e44e214584642943326f709e787f3055fe581fd5e91f35c9

SHA512
0b8f1bf3d5e91cf33bfc25a4ac8a5c3929bb060ea1ac3ba2bec5bde5b910266c2e886fc4028b12821785850f531409c97c502d09a33250b9d8d72b421a597967

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6129.exe

Filesize
184KB

MD5
77c45aae2e224ce14f71fdd921a06f84

SHA1
fa83b1604fc47f29b0eccc867e6837430aa1f0f9

SHA256
27bd44c0e34bc8b3ff000fe2786cf9769c399a7f2841e2995fd728779b34f8f9

SHA512
a0fe284799237ecc0bf8b2f43c63735858b942a489afa112a9934acf5eff074da94bc10826719bcb28eeea241fc13aa8e79ba34ee3523c5b2d6a8592fdcd73df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe

Filesize
184KB

MD5
42e1d03aaa50548dacba1cdade31406f

SHA1
32ac12a6071d50c216a1f0927b6be67568f3e18b

SHA256
af9f406aa7159b1c6c18a855dee10567b2779a581c9d3b5433ae797e60a39236

SHA512
f442863b32b84b15c78a72c4e33179387d70f2a61fdf895bf633f1878b2e19d8ccc4a618ba67ee6ab267fe774543199258c5758d992011101781eaf933926f15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6660.exe

Filesize
184KB

MD5
9f77a415afaf51f56232a8f20cc7780f

SHA1
be0cf1a5acae015ce7427b58e8ecc78f006ad7d3

SHA256
09e5133986fd6ec80253e9e77b92bd7b7c5eaed8f438bb299e3d82c303aa6729

SHA512
6efe2808c53044508015cde338c219943b6794cc82e8bb0186fc9d9d36ffe8c568a19c645fde3b6425e50457dfae451ef7b5ace301c87278a11843b219dce7e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe

Filesize
184KB

MD5
74ba2c2e6aabf773d042100992008d95

SHA1
3dad98d1ab96ff3e419dd54c31484b8dd1ebe622

SHA256
f78bb9091dff464b2f49139f75c9b188bd77b36d15032c066461ec542d046d64

SHA512
3ecc8aae306ae9332af5f3ac55a9d07122cb8062b92054ace7e348fd89b41b7a8964238daf1903ec43bca42ac10ee9d64ce0298a36422fe5bf44116b22e7a24a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14314.exe

Filesize
184KB

MD5
3a1536fc1f84cff1ab838ec3b8323c6c

SHA1
e1b103c4a797e4349ba73238f8d18a40942d558a

SHA256
17e9a64b20333678711058b8478635158e1d2e364e3ba16cdaf0750cf219fb5e

SHA512
1da1527f3522d24b01043d6d6e0fe80404d19c64c4ceb835996d2660923c675f5ae6b2e46f7c0e243d9cff676cb221e1539fd91dc1a0d47eeb5fb27b7505f100

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26126.exe

Filesize
184KB

MD5
a0394eb878c6ea94655393cf91185e68

SHA1
3e903156ed3ab2864b6c563f0cca1dce89389d75

SHA256
b7e343b03e69e3da4471a86f6312eb19032944744ebf82dcdfbbd5c5539b34c4

SHA512
a5101e748e685edcb005806d16f0f144ed5bf6562ed9a8430a20818fa2494e9b82d57b41204259ac71b78295aa7b5a561661e9d178f8a9c65b69cf5b2ef8c656

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26680.exe

Filesize
184KB

MD5
44589b6a8fe93ff4fb579ba3444e4857

SHA1
f2ff373aa5f731eea4d72b0602c613bf272cd4f1

SHA256
95853b3dec586c25dd76ae1d61eec6d514e5c198618568f45e8f41535134ec0d

SHA512
51b1a7e457b67b8c4d9a536a7b81082d3f1bcb0117ac266230eef8f52a5509f0bfe5c01c78db9859842e0deb1f9672de30c3a3dcac09e8a04083b052b55d422c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34735.exe

Filesize
184KB

MD5
8edc3318b513b9875191aab2690f1323

SHA1
023d23880f1588e5b8ea9f2f3629db96a884d94e

SHA256
dcfc4c524705fbf67cc4a2c9ae8a500f0f2442a18378a9252322596e53bb4ad0

SHA512
4bbe0cec1a5b4e51bd3ecab17687fe25f132477823a98ae5fefc50c7ce425447c9643b03f96d93a5ae446a7e0136eed7813bdb85090f273919059bd6040f7647

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34927.exe

Filesize
184KB

MD5
2dd01a66e735087d52057c9c18ca77a7

SHA1
a092ebeda7a65c67e0a784a7a9b4a03cc9f59b7d

SHA256
7247cf2eb7938ee62a82bc7c7087f0d24931116d4b38d02ae21210c3fb67556d

SHA512
135f76d1e3fc48c9686771eb9ad20891b2c5f26e5b838c548549faf0c350142f0c503aac73f7935e0c83ec9b1d5a8071a2115562e8ef461ea3dc9a2e0f4885f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38819.exe

Filesize
184KB

MD5
38bd57aa429ae9faa9268ff0f440aab5

SHA1
aec66e6f535f6336416ffd78669a950181af700f

SHA256
a5c3b7de9d10662dc7067bfb81f61c8fbac5fa165a6fa01651820f418599bd3f

SHA512
54d61d15c4d4e173ac334576fa10e2ab413b67fb4cc8bfc7a5f41601284d76a45c22a46088c74ad7f425f9981c9777da91b166e6c83a02391cfec12d194222bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe

Filesize
184KB

MD5
a7408c9a3ec45ad9f35c662beb48aaba

SHA1
e780ebd223a9edd5a3698e849e247b9f464c2206

SHA256
0fa108d9e48fe56f401eb21f7b4a874b74da10b9f38946e85c3d12c33ce02fb8

SHA512
0982e93f47b350f29eb9aff2ee79485f076a2613be0cd599d8f43bf7bccab5b2f30cb1db7b2a13f9e1eef31b169c036e1c0fdba8763a416e20e29294d284f7a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46546.exe

Filesize
184KB

MD5
964f401cc75ffeb1e2cf01b9f1164ee0

SHA1
6b687d84afbc8a9154b5b94fdaee4925137b8b54

SHA256
59a2713276266f6740d4bd5c5b09edc8d29afeae7143399e5dcda099b281fc62

SHA512
18b9ac7d575d4f62f5909f2331c1e6cbae54ca6aa0fe1b03281c6d94b8d5dcf330237cb54af6f04f99a7df6ea3792c7a70e1db03350417babd3d1cd9e802f16c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe

Filesize
184KB

MD5
3a504d0c473b86e3dc42e2101e4c6704

SHA1
4e80ea93d39ce1094bed042ba962ad248005da11

SHA256
4c535f1b39f098338a61a3dae890d56b728d9cf61d9fb80097502506df296908

SHA512
09b202c7102773f497d7f67dd957a11bb503d093b6184abe451233cd13fbdf5fc554bdca31c0cc5cbfc424a657192869df8413a6be1ec52da861b978f48e7f5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51377.exe

Filesize
184KB

MD5
e95973e241265a4ee4d12f61b4af6e98

SHA1
fab90bdb8a5e93dcc0c12728a388e76d3de0ddb3

SHA256
3d275c67e623aa19e5e454e3123aaea162401734ea45438c56b0174b0400e953

SHA512
007466bcf0934312e52544df0623974df0710dad1b0ca4fd53f1d31f64316202da370393b8143fbb880876c45e381bc17e98868fc87c6764ee8481a183b107ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55710.exe

Filesize
184KB

MD5
fd10971c7ce49669b2b9533220846cbf

SHA1
dbedd75a3cdecbe67cda13a050310be7b77aa394

SHA256
1bea44694b3c2f1b73b9ef28d511ae8c415b96bba001c031cf85616d7226342c

SHA512
7d8f6081b419c9c7480a7d283386e6d59afa87c73c703f134605a80d073f0857cd95bb34f53293b0dd9429fa1cd38fb9c1a2c0936582720091225b4f6a200798

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe

Filesize
184KB

MD5
1ac45ddc97e401a3e2f29a7d14e2abf0

SHA1
30fc7d156333e418dc76f61d41dd9656837e8ad1

SHA256
a32f6ae4aeaa3231e7438f75347a27d3844813b31f2828dacad16b905ddd84ac

SHA512
e111e27143ed899bb917b9c9b424205ce793b4a258c4cf46c68b6c964e7ad2b3b20e6d699c163708082e3e1808540df377489b2b8eb975d38ed4ac57f56d3c1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe

Filesize
184KB

MD5
f31c138191426bd44b76db1375c59604

SHA1
e42a917048619f276c3406d0eca95308aa1f3a2a

SHA256
5c5232711ece985f965c4dc1f82dc2d04b6a44041e773f5a17a464476b49525b

SHA512
03e987eef6c70cd889ceb77f09ee3029910c6a7667a7a25f88167f857bbf7f619193e2fbcf59f5735ff98dc1a03e92129dcd32929a3fc5ecd22c6ef737ec49a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe

Filesize
184KB

MD5
f240e284fe17366c059d9f4827b55f9e

SHA1
eabb09d24777cc11dacf3b6d91cbe630989faa66

SHA256
d1a0172a0105c0db04ba34ba37453b2dc5233c63990f6023af04302ca3f4d4cb

SHA512
f5bb4fd882c1b3c9f420928588671e06b35b4e6be224135bd865f2c5146c2cff0439ccc658aba1a32f219e095102d72382d34e3a57429c98a367cc93b3ea0d15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9602.exe

Filesize
184KB

MD5
c7fe8593b65f373c8459beb71b05d16b

SHA1
060a814b4049cfae452e249b61c07c2af9af57b7

SHA256
c02d4a5eead5476eec0170846babe350fa882826cdd4852bbfd5627f958efb23

SHA512
d13ac915d5aeea2512c24466e77679b5d5217d1d9543b1df4923f219c7660e84364f7e5b2c08d442cfbde9288c905c02def0d18be2db2a3648e23599c5e58b25

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads