9b8f08efe48cd93040c5e7fcbe01b0d8ae632995503b5de685233a55e07febf3

Analysis

max time kernel
98s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/04/2024, 14:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe
Size

184KB
MD5

f829c03c24b8c26d4ed0c5071b6451d4
SHA1

defbdc055bc92096db4281d6686080ce463dc5b7
SHA256

9b8f08efe48cd93040c5e7fcbe01b0d8ae632995503b5de685233a55e07febf3
SHA512

91362fb86b94263143a3f825e33c125158cadf27210e21bad06df76a41557e8966001cea0cad27df4acb6e6582d93a6d8c4660aa100395116857636ef72bac58
SSDEEP

3072:SvEGoAZU50AUk1OHpdsjLG88TP+pr3QuTU0Yx7Qt4aNlPvwFa:Sv1odFj1udWLG8YME0NlPvwF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2812	Unicorn-44570.exe
2640	Unicorn-40652.exe
2584	Unicorn-28954.exe
2536	Unicorn-44181.exe
2572	Unicorn-28399.exe
2440	Unicorn-60517.exe
1348	Unicorn-32370.exe
2476	Unicorn-45177.exe
2140	Unicorn-15842.exe
1088	Unicorn-60958.exe
2172	Unicorn-553.exe
592	Unicorn-44788.exe
1268	Unicorn-20824.exe
2300	Unicorn-57772.exe
1492	Unicorn-4487.exe
848	Unicorn-29930.exe
1128	Unicorn-24346.exe
2856	Unicorn-48488.exe
2112	Unicorn-29738.exe
1904	Unicorn-54814.exe
2864	Unicorn-13397.exe
1796	Unicorn-42540.exe
312	Unicorn-62406.exe
2212	Unicorn-1892.exe
988	Unicorn-34010.exe
292	Unicorn-34010.exe
2252	Unicorn-47222.exe
1376	Unicorn-27356.exe
1536	Unicorn-27356.exe
2516	Unicorn-10273.exe
2100	Unicorn-52053.exe
1920	Unicorn-22163.exe
2848	Unicorn-42945.exe
2588	Unicorn-30824.exe
2544	Unicorn-2235.exe
2152	Unicorn-5058.exe
2540	Unicorn-64648.exe
2716	Unicorn-64264.exe
2708	Unicorn-797.exe
2472	Unicorn-52588.exe
3000	Unicorn-36230.exe
2168	Unicorn-2790.exe
2760	Unicorn-37191.exe
2492	Unicorn-23232.exe
2460	Unicorn-58166.exe
2404	Unicorn-14165.exe
2928	Unicorn-9889.exe
2292	Unicorn-7087.exe
2496	Unicorn-57248.exe
684	Unicorn-8602.exe
1008	Unicorn-3252.exe
2000	Unicorn-3937.exe
2156	Unicorn-1581.exe
2672	Unicorn-30554.exe
2536	Unicorn-25894.exe
760	Unicorn-42422.exe
1696	Unicorn-39851.exe
3052	Unicorn-36919.exe
2996	Unicorn-45087.exe
2576	Unicorn-16861.exe
2316	Unicorn-32643.exe
2444	Unicorn-46239.exe
2512	Unicorn-42325.exe
2668	Unicorn-23380.exe

Loads dropped DLL 64 IoCs

pid	Process
2404	f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe
2404	f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe
2812	Unicorn-44570.exe
2812	Unicorn-44570.exe
2404	f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe
2404	f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe
2640	Unicorn-40652.exe
2812	Unicorn-44570.exe
2640	Unicorn-40652.exe
2584	Unicorn-28954.exe
2812	Unicorn-44570.exe
2584	Unicorn-28954.exe
2440	Unicorn-60517.exe
2440	Unicorn-60517.exe
2584	Unicorn-28954.exe
2584	Unicorn-28954.exe
2572	Unicorn-28399.exe
2572	Unicorn-28399.exe
2536	Unicorn-44181.exe
2536	Unicorn-44181.exe
2640	Unicorn-40652.exe
2640	Unicorn-40652.exe
1348	Unicorn-32370.exe
1348	Unicorn-32370.exe
2140	Unicorn-15842.exe
2140	Unicorn-15842.exe
2172	Unicorn-553.exe
2536	Unicorn-44181.exe
2172	Unicorn-553.exe
2536	Unicorn-44181.exe
2440	Unicorn-60517.exe
2440	Unicorn-60517.exe
2476	Unicorn-45177.exe
2476	Unicorn-45177.exe
1088	Unicorn-60958.exe
1088	Unicorn-60958.exe
2572	Unicorn-28399.exe
2572	Unicorn-28399.exe
592	Unicorn-44788.exe
592	Unicorn-44788.exe
1128	Unicorn-24346.exe
1128	Unicorn-24346.exe
1348	Unicorn-32370.exe
2300	Unicorn-57772.exe
1348	Unicorn-32370.exe
2300	Unicorn-57772.exe
2476	Unicorn-45177.exe
2476	Unicorn-45177.exe
848	Unicorn-29930.exe
1268	Unicorn-20824.exe
1268	Unicorn-20824.exe
848	Unicorn-29930.exe
2112	Unicorn-29738.exe
2140	Unicorn-15842.exe
2172	Unicorn-553.exe
2112	Unicorn-29738.exe
2172	Unicorn-553.exe
2140	Unicorn-15842.exe
2856	Unicorn-48488.exe
2856	Unicorn-48488.exe
1088	Unicorn-60958.exe
1088	Unicorn-60958.exe
312	Unicorn-62406.exe
1492	Unicorn-4487.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2212	2316	WerFault.exe	87
1116	1944	WerFault.exe	147

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2404	f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe
2812	Unicorn-44570.exe
2640	Unicorn-40652.exe
2584	Unicorn-28954.exe
2440	Unicorn-60517.exe
2572	Unicorn-28399.exe
2536	Unicorn-44181.exe
1348	Unicorn-32370.exe
1088	Unicorn-60958.exe
2476	Unicorn-45177.exe
2140	Unicorn-15842.exe
2172	Unicorn-553.exe
592	Unicorn-44788.exe
2300	Unicorn-57772.exe
1268	Unicorn-20824.exe
1492	Unicorn-4487.exe
848	Unicorn-29930.exe
1128	Unicorn-24346.exe
2112	Unicorn-29738.exe
2856	Unicorn-48488.exe
1904	Unicorn-54814.exe
2864	Unicorn-13397.exe
312	Unicorn-62406.exe
1796	Unicorn-42540.exe
2212	Unicorn-1892.exe
988	Unicorn-34010.exe
292	Unicorn-34010.exe
1536	Unicorn-27356.exe
2516	Unicorn-10273.exe
1376	Unicorn-27356.exe
2252	Unicorn-47222.exe
2100	Unicorn-52053.exe
1920	Unicorn-22163.exe
2848	Unicorn-42945.exe
2588	Unicorn-30824.exe
2760	Unicorn-37191.exe
2472	Unicorn-52588.exe
2540	Unicorn-64648.exe
2168	Unicorn-2790.exe
2152	Unicorn-5058.exe
2708	Unicorn-797.exe
2716	Unicorn-64264.exe
2928	Unicorn-9889.exe
2292	Unicorn-7087.exe
2492	Unicorn-23232.exe
2460	Unicorn-58166.exe
684	Unicorn-8602.exe
3000	Unicorn-36230.exe
2404	Unicorn-14165.exe
2496	Unicorn-57248.exe
1008	Unicorn-3252.exe
2000	Unicorn-3937.exe
2156	Unicorn-1581.exe
2536	Unicorn-25894.exe
2672	Unicorn-30554.exe
760	Unicorn-42422.exe
1696	Unicorn-39851.exe
3052	Unicorn-36919.exe
2996	Unicorn-45087.exe
2576	Unicorn-16861.exe
2316	Unicorn-32643.exe
2444	Unicorn-46239.exe
2420	Unicorn-31548.exe
2512	Unicorn-42325.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2812	2404	f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe	28
PID 2404 wrote to memory of 2812	2404	f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe	28
PID 2404 wrote to memory of 2812	2404	f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe	28
PID 2404 wrote to memory of 2812	2404	f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe	28
PID 2812 wrote to memory of 2640	2812	Unicorn-44570.exe	29
PID 2812 wrote to memory of 2640	2812	Unicorn-44570.exe	29
PID 2812 wrote to memory of 2640	2812	Unicorn-44570.exe	29
PID 2812 wrote to memory of 2640	2812	Unicorn-44570.exe	29
PID 2404 wrote to memory of 2584	2404	f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe	30
PID 2404 wrote to memory of 2584	2404	f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe	30
PID 2404 wrote to memory of 2584	2404	f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe	30
PID 2404 wrote to memory of 2584	2404	f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe	30
PID 2640 wrote to memory of 2536	2640	Unicorn-40652.exe	31
PID 2640 wrote to memory of 2536	2640	Unicorn-40652.exe	31
PID 2640 wrote to memory of 2536	2640	Unicorn-40652.exe	31
PID 2640 wrote to memory of 2536	2640	Unicorn-40652.exe	31
PID 2812 wrote to memory of 2572	2812	Unicorn-44570.exe	32
PID 2812 wrote to memory of 2572	2812	Unicorn-44570.exe	32
PID 2812 wrote to memory of 2572	2812	Unicorn-44570.exe	32
PID 2812 wrote to memory of 2572	2812	Unicorn-44570.exe	32
PID 2584 wrote to memory of 2440	2584	Unicorn-28954.exe	33
PID 2584 wrote to memory of 2440	2584	Unicorn-28954.exe	33
PID 2584 wrote to memory of 2440	2584	Unicorn-28954.exe	33
PID 2584 wrote to memory of 2440	2584	Unicorn-28954.exe	33
PID 2440 wrote to memory of 1348	2440	Unicorn-60517.exe	34
PID 2440 wrote to memory of 1348	2440	Unicorn-60517.exe	34
PID 2440 wrote to memory of 1348	2440	Unicorn-60517.exe	34
PID 2440 wrote to memory of 1348	2440	Unicorn-60517.exe	34
PID 2584 wrote to memory of 2476	2584	Unicorn-28954.exe	35
PID 2584 wrote to memory of 2476	2584	Unicorn-28954.exe	35
PID 2584 wrote to memory of 2476	2584	Unicorn-28954.exe	35
PID 2584 wrote to memory of 2476	2584	Unicorn-28954.exe	35
PID 2572 wrote to memory of 1088	2572	Unicorn-28399.exe	36
PID 2572 wrote to memory of 1088	2572	Unicorn-28399.exe	36
PID 2572 wrote to memory of 1088	2572	Unicorn-28399.exe	36
PID 2572 wrote to memory of 1088	2572	Unicorn-28399.exe	36
PID 2536 wrote to memory of 2140	2536	Unicorn-44181.exe	37
PID 2536 wrote to memory of 2140	2536	Unicorn-44181.exe	37
PID 2536 wrote to memory of 2140	2536	Unicorn-44181.exe	37
PID 2536 wrote to memory of 2140	2536	Unicorn-44181.exe	37
PID 2640 wrote to memory of 2172	2640	Unicorn-40652.exe	38
PID 2640 wrote to memory of 2172	2640	Unicorn-40652.exe	38
PID 2640 wrote to memory of 2172	2640	Unicorn-40652.exe	38
PID 2640 wrote to memory of 2172	2640	Unicorn-40652.exe	38
PID 1348 wrote to memory of 592	1348	Unicorn-32370.exe	39
PID 1348 wrote to memory of 592	1348	Unicorn-32370.exe	39
PID 1348 wrote to memory of 592	1348	Unicorn-32370.exe	39
PID 1348 wrote to memory of 592	1348	Unicorn-32370.exe	39
PID 2140 wrote to memory of 1492	2140	Unicorn-15842.exe	40
PID 2140 wrote to memory of 1492	2140	Unicorn-15842.exe	40
PID 2140 wrote to memory of 1492	2140	Unicorn-15842.exe	40
PID 2140 wrote to memory of 1492	2140	Unicorn-15842.exe	40
PID 2172 wrote to memory of 1268	2172	Unicorn-553.exe	41
PID 2172 wrote to memory of 1268	2172	Unicorn-553.exe	41
PID 2172 wrote to memory of 1268	2172	Unicorn-553.exe	41
PID 2172 wrote to memory of 1268	2172	Unicorn-553.exe	41
PID 2536 wrote to memory of 848	2536	Unicorn-44181.exe	42
PID 2536 wrote to memory of 848	2536	Unicorn-44181.exe	42
PID 2536 wrote to memory of 848	2536	Unicorn-44181.exe	42
PID 2536 wrote to memory of 848	2536	Unicorn-44181.exe	42
PID 2440 wrote to memory of 1128	2440	Unicorn-60517.exe	43
PID 2440 wrote to memory of 1128	2440	Unicorn-60517.exe	43
PID 2440 wrote to memory of 1128	2440	Unicorn-60517.exe	43
PID 2440 wrote to memory of 1128	2440	Unicorn-60517.exe	43

C:\Users\Admin\AppData\Local\Temp\f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f829c03c24b8c26d4ed0c5071b6451d4_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4487.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        10⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        11⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        12⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        13⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35519.exe
        14⤵
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27356.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64648.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1581.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50297.exe
        9⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
        10⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        11⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59659.exe
        12⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
        13⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44787.exe
        14⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3806.exe
        15⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        16⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34519.exe
        15⤵
        
        PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7087.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52331.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
        10⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47199.exe
        11⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
        12⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
        13⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        14⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
        15⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56078.exe
        10⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13411.exe
        11⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30542.exe
        12⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49826.exe
        13⤵
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8602.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30554.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        9⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        10⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
        11⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe
        12⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54385.exe
        13⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        14⤵
        
        PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-553.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31024.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48061.exe
        10⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-941.exe
        11⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
        12⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1014.exe
        13⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28459.exe
        14⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14165.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59980.exe
        7⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51252.exe
        8⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
        9⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        10⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4532.exe
        11⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30542.exe
        12⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31492.exe
        13⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
        14⤵
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27356.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30824.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33022.exe
        8⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        9⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60012.exe
        10⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        11⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46655.exe
        12⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3806.exe
        13⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        11⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
        12⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8355.exe
        13⤵
        
        PID:1272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10273.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2235.exe
        7⤵
        Executes dropped EXE
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-437.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        9⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe
        10⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2856.exe
        11⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3167.exe
        9⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe
        10⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        11⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
        12⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2790.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35435.exe
        8⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35492.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62617.exe
        10⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
        11⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        12⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
        13⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe
        8⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        9⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        10⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        11⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
        12⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
        13⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52053.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36919.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        9⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45876.exe
        10⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        11⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11932.exe
        12⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59649.exe
        13⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        14⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25622.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
        9⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9332.exe
        10⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26790.exe
        11⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        12⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
        13⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
        8⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8761.exe
        9⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
        10⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
        11⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18290.exe
        12⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53379.exe
        13⤵
        
        PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54765.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        9⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31647.exe
        10⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56717.exe
        11⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        12⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4190.exe
        13⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        14⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
        7⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        8⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
        9⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        10⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
        12⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
        13⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
        12⤵
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36230.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
        6⤵
        Executes dropped EXE
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35492.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
        10⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
        11⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41366.exe
        12⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21931.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6893.exe
        8⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50718.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2856.exe
        10⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27029.exe
        11⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        12⤵
        
        PID:2640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5372.exe
        9⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54760.exe
        10⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
        11⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29753.exe
        12⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59851.exe
        13⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
        14⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        15⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        12⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51486.exe
        13⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30677.exe
        14⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40755.exe
        15⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        16⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
        10⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        11⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41668.exe
        12⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        13⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37848.exe
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        9⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
        10⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37397.exe
        11⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
        12⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10329.exe
        13⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5568.exe
        14⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29404.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41668.exe
        10⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56798.exe
        11⤵
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57248.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39716.exe
        7⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31040.exe
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        10⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42047.exe
        11⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28119.exe
        12⤵
        
        PID:992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13397.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-797.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42422.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
        7⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        9⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
        10⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
        11⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35389.exe
        12⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47770.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50028.exe
        10⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62654.exe
        11⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
        12⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52907.exe
        6⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51444.exe
        7⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53852.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45513.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
        10⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
        10⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45550.exe
        11⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64473.exe
        12⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51496.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        9⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20864.exe
        10⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12882.exe
        11⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25187.exe
        12⤵
        
        PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22163.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-541.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1304.exe
        10⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        11⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
        12⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46873.exe
        13⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
        14⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        11⤵
        Program crash
        
        PID:1116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
        9⤵
        Program crash
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54957.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26769.exe
        9⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6893.exe
        10⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37340.exe
        11⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
        12⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
        10⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        11⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
        12⤵
        
        PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9889.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        7⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-764.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30857.exe
        9⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
        10⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        11⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
        12⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50660.exe
        6⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        7⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51865.exe
        10⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        11⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63981.exe
        12⤵
        
        PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64264.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42325.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        7⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37521.exe
        8⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        9⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
        10⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42187.exe
        11⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        12⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        13⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22467.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48310.exe
        9⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
        10⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
        11⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        12⤵
        
        PID:620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20824.exe

Filesize
184KB

MD5
0d7dddca69fc064b1ecbe676821dad29

SHA1
f1ce75cfa7e218118a1e2a90d95eb8db3702271b

SHA256
56eff58e1bc10e037f167b08eba31c53090c26fe4c724a329442078d2b9b63b7

SHA512
5ab533a0a13998a0d80abdf2af2044552f1d272bd65f124e0d531e0e7790833804610851a5860c5b3cea7ef11ef87fc32aad5e7c201f7dad1c924757daf05852

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe

Filesize
184KB

MD5
97b8153977d564537e2189754fe32cc0

SHA1
4c5ce0bd3c814206fea77f736924224995588485

SHA256
03cd0b4ff24f8e059426a276cf38f73c0eb19570f2c36ddce8eee773d208b821

SHA512
ab71a99883ef226cecfd90282941b470eea627ffa8f3855156ff50d6b922dea3c132797898e57dda986b6d45bfb890544e80c29afa76a0ca5d4e39b32fa7f920

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2524.exe

Filesize
184KB

MD5
f868dc6653a46b856e221615702c2bc4

SHA1
4984a0189089154c83530bfa2e00699d493c809f

SHA256
d648b17ba45263b6d657ccf6e9753a47f6806ad09a51d1ef1f9aff1ebf494ed3

SHA512
60df0b8ea1c45d2bc0b30de4a024729aa747889912edff59fc7989560fe1e7680c5fd0b72e3b9fedc95fafc925b59739a66862a9b8d62c3debe6e6d3e8775afc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29930.exe

Filesize
184KB

MD5
87f8f905e4a7b6e241fa5065bf817ccb

SHA1
31a738ab2c4b1807f2469bd36b3f3e2b5cd6865b

SHA256
fec39838b9de69f9a42d74471bae4a9ac701aa7ce09fb0ecb154465718ba1d7e

SHA512
4fde9a1ac502b96c2e3719b0f489a180b6f4ed795823149eef61e64b0278ee5b3ff8c8ac7f2a0f2269f2d3f128a86659f416a62cf6aa5c09572ba5abcac973df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe

Filesize
184KB

MD5
88881d7fc07fa8091d09cf6c610d4605

SHA1
63ccf021d630ff6680a178821ed0dd687105564d

SHA256
bf5222871955a650093d783f80a9cbee02ce409561a0c342415970ea7f40e017

SHA512
029726d2951bdd943f4efa01fc551856305cfef98f4b33dce425e9c4ab05d9f6b2b5b0092f53f3c926b47ca6012c0c599e6c0d82e9ffd7d71169c26a79ed3211

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5435.exe

Filesize
184KB

MD5
4b6ac8208f5e6bdc0469ff01b53ca763

SHA1
31e69b479913259c3d085ca21b66aa92e0370a68

SHA256
fea6704e884d27b219f2fb16efff571281367f79873dd52e8dffbce33f120b4e

SHA512
9e1d26c4852baccf29adbb08cde6f597511cd6db3256e094e39fe4c5e51cf757f845470a77185b48d7cd75020b79c4e570182b7b5d929639e198b7b8d32d9e5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe

Filesize
184KB

MD5
88ea64d2c21635316a001329eb2c2cc0

SHA1
084f19a277b506c10a7191754e6fc5fc8844971f

SHA256
3dad9e5cd60ec02e88fc7eaebe971a4143858a817363c714e68108dc5093868f

SHA512
31cb07210b7fcf524cda7db72d60815b4706fcfb1ac05a01c7b75bf13c12a9c3ed9b7644059846c3f5771f1b49d0064a1fe0fed5847fe1edf6fd08c64b234321

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60517.exe

Filesize
184KB

MD5
b97e10269e826408a2f7402603e034d1

SHA1
c92fd2153efb1349631fafefa7cf07a0385666d1

SHA256
868da9544b7a1ee68c7ea250c66f0be1dca0ca82fe6fb5479de113c939908ba0

SHA512
13e373b8cad891716be8d695a748ec4fbc4ca24da8c87329df77b9a0f894fb93f5a5b5be06c5c58ec693e678af6b79c91e067fe8feedf4497868b7513a2b2118

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe

Filesize
184KB

MD5
4a91f04584cb9878bebf11d93a24afae

SHA1
896e7a4605570b0a8a255f2f7487b5a5c747b401

SHA256
f1d92f20050e4ec4cf62cf7c7087ccb4e547bad6083d02f36a635ae1b1ea4884

SHA512
3d10f3c21377897ce063a06a9d29639d4f3ac7ec14ccc41cefbb60629099269758ef2dbe5ad44c03124fb58250ecdfaaeeabdcdfd031e9da7e12753f100b0c75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe

Filesize
184KB

MD5
0668cd2e6a953b8267a1c44cc45924a6

SHA1
0b07bb69e969bd1c827cf48d045e9fbf40b67a20

SHA256
4aaa78eeca558b38325c3f4aabc2e77b7087bd57a380730aa726aa5e571cc513

SHA512
bd81809df43c140f86ef1ac9aa9e1df785fc774ac5035601c961db20aaef3112ca8a01ab53f2c989fad9b275f93788813f984ff1bedf35bf7116a8950a1f5a79

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe

Filesize
184KB

MD5
f0f82feb51919c7d1cdfc8a25f494e31

SHA1
2d3f0ea5329352b72887de8a18206e9611c5f3cc

SHA256
ce4f5b9ec3e1e16b9892c2caab78a10f25296324773fa83b156970e24ef02284

SHA512
ef8414f9a7b1cfbf506f65c4603d56f1bec7376a3f642b547d8ea4dbf54ddf1d680dab36371c2b64fda965385ea6ffcec9116badb356420626fb9dd1142ba502

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe

Filesize
184KB

MD5
5d4cec224725ee4c5b9a4f9e38fa3505

SHA1
ac23526061d1d23dab6a887556927d7fda6f34e5

SHA256
2853b52a67e12418a9e95b4b5618a21c6848996ec9c18223a0eda2dfdaa69381

SHA512
e25e7e04cbeb829b635c37eda810ad53af3e2200cfa98d7ffe0aa68cad15d5ea735d641eaed52b3ada71fc98d3a92488c425a9c86ceeb3e7935aa9f07646d7bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32370.exe

Filesize
184KB

MD5
d6fdb79ced8ec6bcf5821f425769d5c6

SHA1
10c0860d5220d30e1a5756b62e9f22b72668168b

SHA256
beb81f17b0e78a9f1ccd2e1a6bdf0c53ab487bace596da8fd8178bfa3a7fa318

SHA512
65f620d658613e82cecdf8a4d1a76098c522ebe078a1eda0852a95957f04c454c90ef3c4f097bfdd375eb8f10a5bc8572c80a6e49a34524020adb4381d2f53da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe

Filesize
184KB

MD5
c87f32d8ddc2e0bfeea7f9230e87dafa

SHA1
3ec03f425a069c19befadf3ff85ea3ee4d1c3402

SHA256
de5b3d713bd15ac3b3a9191b057c5ad86bd21a593b363e2332e528df96ff7edc

SHA512
d86f1fee3b3f4794649b319e4a6065b435847b6c583632679665ddea2f467702e50470c4dfacf542a7fe5e141c01e6b407669e77ec3d49e0fcc0e5b910be28d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe

Filesize
184KB

MD5
f0d80b85ffe967c954a569353d4410d3

SHA1
3dfac6b9d38e9c2cf86c303a0cd9431346553aad

SHA256
1b5988dd2b47c4ae0c89705740ba71eb970087c6c968707b058fa39315c4238a

SHA512
cdf34aed1c3c2e92cc5c214036570d6a55ae21bf1b6d8b4adb102b7c66cf4572084a0f74043fc0e08e8c9dc1c07397f30c8e2141070ee8bfeb3474bc920a3321

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe

Filesize
184KB

MD5
6ad517f3a48df95bfadbfc3aea77588a

SHA1
2b73a13142a7079b383e0671060ed9c4b1aa9c44

SHA256
d774ec77934dea45624069d9e1d2ac0b1c945815a2c2d73cb6849aa0baa56362

SHA512
9bd233da2b8fa47e4434f553dece335e897c2367864199b8b62bae0d378678a2d95f0d989f6f2982f08620413953009124486cf4d56325c9c79f0112dcc88587

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44788.exe

Filesize
184KB

MD5
f043609e9e6b0be96650203dc5a74991

SHA1
5548921c9d843298573c7e80578aaeed2fb29e28

SHA256
26d52325a60e398ffdb258a074df6089e2abfa332f8fe08a1780dc177d0eea70

SHA512
7697496bbb626588742f5c582cc56016ec63b46ba3ba73eeca3eac9014c7b2796249e330d6bfe24a98ccde787bcf777db2623f4a97bfeaa2f40dce4cae6d0e98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4487.exe

Filesize
184KB

MD5
9f2dbdec619187d90415e8abcbb5bcda

SHA1
99b59b00e2b984404c02a49ad3fd157d94181798

SHA256
06a36754ae9340d8a61d3b1dff6a133da341ff3183a3a475765973c20e7fc369

SHA512
5c2f2efac504b2fe2e07b3c2ca9e2b30223daaea3d65ab260a78b63e0dfac5759bad606bcda42ea6c845d428af220a906c4c7e1108d404e54c3a4fd11eddcd63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45177.exe

Filesize
184KB

MD5
d8e4347ce9a44c2220508430c011f868

SHA1
7bc1fc20b175400c73a8eeeade565c494f7c5e17

SHA256
3ffd9b87cecfac08a390eb81b2a72e646a223fddd2ef2a242460a94ed49f12a0

SHA512
f42f7ccc2842c4af8d4292d444077eecb9ee30b8198dee085a83b13eb5b16a5dde4673bcd4eea92316b95a4676937708881490869621b12833a5435eb4d30cd9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48488.exe

Filesize
184KB

MD5
cdd5359b8a469abf55886196d66eb876

SHA1
cf5944c7fc387f66ce151d469549152eb684198b

SHA256
70de44641698d28a2d47570639b02bfca1f99c084eb1766bebded97bff5a36c1

SHA512
1dbc0ba4aefe8b1f12d963abb34af24c4af1e1e807ae575c505d1b9318e98ce66efafda61170a5da4b8a32552accf785e0bb1bbdc31777890e758e4f3c924c22

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-553.exe

Filesize
184KB

MD5
8a8a786dc8b96ba27172673a02a146a0

SHA1
f599723b511f17d30ffe396e4aa8fad3f436fc93

SHA256
8559e2a47fc983d1bce27d626089505b315bc253865fb3142c0e9026e075ad91

SHA512
21dba3c4736f40b0c2c884f62e3195775457e04fa84b6025486967e21526f74fc2a5522a6434f258ca3869b182c3d27ba19f8ee8d5057bb9558e21e6f8eeec8f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57772.exe

Filesize
184KB

MD5
26e045be0cc7d90a521d43d12db9a8cb

SHA1
5d8da700af7fbc17571936b5e2a63944341bae4e

SHA256
df25122588bda0fb4352817cd989cb3e852357b2cda158124237d9c33cc0e6aa

SHA512
c21b648f525317d7da5b8b13e4cde265e0aa26b54aaa38aa458ede1ae2d3174b8ea7e2c3f3834897bcc59f85644ab79bbdb62cec50a79376153bb3aab5f69997

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe

Filesize
184KB

MD5
9141d9f4d782d7a7f38f4633430b6563

SHA1
6f794dbe9d2ce8aa0e17cb72fdd2f5942a6c44bf

SHA256
f3ee521bddbc6b6de9dab466748a376e6dfa0328ad6b5c845cc3f889bccafdbc

SHA512
4c4e534d85a65275234deae53f5a92d37045b77a7fbed525f68581e2c912653ab5a886d7c75d9f9bdf831cbe5e470fe2fe19473fab1c7ec65c2c610f9e476d15

Download Submit
memory/2176-1768-0x0000000002B90000-0x0000000002CEC000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads