5eaa9366347565126226d8402fa398b4754448a9606a824752882e883d3361d9

Analysis

max time kernel
135s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe
Size

184KB
MD5

fa59c67e8effd8696a47eee9c2566a0c
SHA1

47ad611cbfd987cf7a2278fea8d6c5155d41781b
SHA256

5eaa9366347565126226d8402fa398b4754448a9606a824752882e883d3361d9
SHA512

e7e7a3a666d9c3dea0dcae3d6daeae2b775b707d3b8eacc6c498bb84a8307b98f8266d222811086ea56e8221bdc3d856164d05bea8024f778a3999a5f8dfd0cb
SSDEEP

3072:nVS2o4SytN5oFqjCoar+vJcXPLhMoE2Sd6xv4EqVNlvvpF2:nVzos7oFFo0+vJsLRsNlvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2932	Unicorn-37023.exe
2692	Unicorn-24709.exe
2764	Unicorn-41791.exe
2748	Unicorn-31974.exe
2524	Unicorn-19722.exe
2488	Unicorn-56841.exe
696	Unicorn-23780.exe
1492	Unicorn-57199.exe
976	Unicorn-31071.exe
240	Unicorn-13390.exe
2864	Unicorn-16920.exe
1236	Unicorn-57049.exe
1476	Unicorn-28077.exe
2172	Unicorn-36991.exe
1132	Unicorn-56857.exe
1768	Unicorn-27885.exe
2928	Unicorn-29783.exe
2784	Unicorn-25145.exe
2976	Unicorn-38143.exe
2384	Unicorn-59846.exe
1752	Unicorn-31812.exe
1180	Unicorn-39426.exe
1020	Unicorn-49493.exe
1148	Unicorn-24434.exe
300	Unicorn-16951.exe
2208	Unicorn-58346.exe
1380	Unicorn-4506.exe
564	Unicorn-37371.exe
948	Unicorn-5253.exe
2116	Unicorn-45347.exe
1612	Unicorn-55186.exe
1972	Unicorn-43832.exe
2940	Unicorn-57791.exe
2620	Unicorn-44984.exe
2252	Unicorn-12674.exe
2408	Unicorn-3567.exe
2412	Unicorn-52768.exe
584	Unicorn-58559.exe
636	Unicorn-13634.exe
2032	Unicorn-21802.exe
2064	Unicorn-57812.exe
1264	Unicorn-53728.exe
2140	Unicorn-54880.exe
2248	Unicorn-55757.exe
1680	Unicorn-56120.exe
2020	Unicorn-42929.exe
1136	Unicorn-27553.exe
3040	Unicorn-116.exe
2936	Unicorn-40765.exe
1656	Unicorn-16623.exe
2616	Unicorn-63214.exe
3028	Unicorn-30542.exe
1580	Unicorn-42602.exe
1564	Unicorn-50386.exe
1676	Unicorn-33111.exe
2168	Unicorn-33111.exe
2108	Unicorn-62275.exe
2136	Unicorn-21051.exe
2560	Unicorn-7298.exe
2008	Unicorn-27164.exe
2436	Unicorn-45420.exe
2536	Unicorn-16064.exe
2848	Unicorn-16064.exe
2420	Unicorn-48928.exe

Loads dropped DLL 64 IoCs

pid	Process
2832	fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe
2832	fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe
2932	Unicorn-37023.exe
2932	Unicorn-37023.exe
2832	fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe
2832	fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe
2764	Unicorn-41791.exe
2764	Unicorn-41791.exe
2692	Unicorn-24709.exe
2692	Unicorn-24709.exe
2932	Unicorn-37023.exe
2932	Unicorn-37023.exe
2748	Unicorn-31974.exe
2748	Unicorn-31974.exe
2764	Unicorn-41791.exe
2764	Unicorn-41791.exe
2524	Unicorn-19722.exe
2524	Unicorn-19722.exe
2692	Unicorn-24709.exe
2692	Unicorn-24709.exe
2488	Unicorn-56841.exe
2488	Unicorn-56841.exe
240	Unicorn-13390.exe
240	Unicorn-13390.exe
696	Unicorn-23780.exe
696	Unicorn-23780.exe
2748	Unicorn-31974.exe
2748	Unicorn-31974.exe
1492	Unicorn-57199.exe
1492	Unicorn-57199.exe
2864	Unicorn-16920.exe
2864	Unicorn-16920.exe
2488	Unicorn-56841.exe
2488	Unicorn-56841.exe
976	Unicorn-31071.exe
976	Unicorn-31071.exe
2524	Unicorn-19722.exe
2524	Unicorn-19722.exe
1476	Unicorn-28077.exe
1476	Unicorn-28077.exe
696	Unicorn-23780.exe
696	Unicorn-23780.exe
1236	Unicorn-57049.exe
1236	Unicorn-57049.exe
240	Unicorn-13390.exe
240	Unicorn-13390.exe
1132	Unicorn-56857.exe
1132	Unicorn-56857.exe
2172	Unicorn-36991.exe
2172	Unicorn-36991.exe
1492	Unicorn-57199.exe
1492	Unicorn-57199.exe
2784	Unicorn-25145.exe
2784	Unicorn-25145.exe
976	Unicorn-31071.exe
976	Unicorn-31071.exe
2928	Unicorn-29783.exe
2928	Unicorn-29783.exe
1768	Unicorn-27885.exe
1768	Unicorn-27885.exe
2864	Unicorn-16920.exe
2864	Unicorn-16920.exe
2384	Unicorn-59846.exe
2384	Unicorn-59846.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
840	3040	WerFault.exe	77
1484	3064	WerFault.exe	226

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2832	fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe
2932	Unicorn-37023.exe
2692	Unicorn-24709.exe
2764	Unicorn-41791.exe
2748	Unicorn-31974.exe
2524	Unicorn-19722.exe
2488	Unicorn-56841.exe
1492	Unicorn-57199.exe
976	Unicorn-31071.exe
696	Unicorn-23780.exe
240	Unicorn-13390.exe
2864	Unicorn-16920.exe
1236	Unicorn-57049.exe
1476	Unicorn-28077.exe
1132	Unicorn-56857.exe
1768	Unicorn-27885.exe
2172	Unicorn-36991.exe
2928	Unicorn-29783.exe
2784	Unicorn-25145.exe
2976	Unicorn-38143.exe
2384	Unicorn-59846.exe
1752	Unicorn-31812.exe
1180	Unicorn-39426.exe
1148	Unicorn-24434.exe
300	Unicorn-16951.exe
1020	Unicorn-49493.exe
2208	Unicorn-58346.exe
1380	Unicorn-4506.exe
948	Unicorn-5253.exe
564	Unicorn-37371.exe
2116	Unicorn-45347.exe
1612	Unicorn-55186.exe
1972	Unicorn-43832.exe
2940	Unicorn-57791.exe
2620	Unicorn-44984.exe
2252	Unicorn-12674.exe
2408	Unicorn-3567.exe
2412	Unicorn-52768.exe
584	Unicorn-58559.exe
636	Unicorn-13634.exe
2032	Unicorn-21802.exe
1264	Unicorn-53728.exe
2064	Unicorn-57812.exe
2140	Unicorn-54880.exe
2248	Unicorn-55757.exe
1680	Unicorn-56120.exe
2020	Unicorn-42929.exe
1136	Unicorn-27553.exe
3040	Unicorn-116.exe
2936	Unicorn-40765.exe
1656	Unicorn-16623.exe
2616	Unicorn-63214.exe
3028	Unicorn-30542.exe
1580	Unicorn-42602.exe
1564	Unicorn-50386.exe
2168	Unicorn-33111.exe
1676	Unicorn-33111.exe
2108	Unicorn-62275.exe
2136	Unicorn-21051.exe
2560	Unicorn-7298.exe
2008	Unicorn-27164.exe
2436	Unicorn-45420.exe
2536	Unicorn-16064.exe
2848	Unicorn-16064.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 2932	2832	fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe	28
PID 2832 wrote to memory of 2932	2832	fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe	28
PID 2832 wrote to memory of 2932	2832	fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe	28
PID 2832 wrote to memory of 2932	2832	fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe	28
PID 2932 wrote to memory of 2692	2932	Unicorn-37023.exe	29
PID 2932 wrote to memory of 2692	2932	Unicorn-37023.exe	29
PID 2932 wrote to memory of 2692	2932	Unicorn-37023.exe	29
PID 2932 wrote to memory of 2692	2932	Unicorn-37023.exe	29
PID 2832 wrote to memory of 2764	2832	fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe	30
PID 2832 wrote to memory of 2764	2832	fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe	30
PID 2832 wrote to memory of 2764	2832	fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe	30
PID 2832 wrote to memory of 2764	2832	fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe	30
PID 2764 wrote to memory of 2748	2764	Unicorn-41791.exe	31
PID 2764 wrote to memory of 2748	2764	Unicorn-41791.exe	31
PID 2764 wrote to memory of 2748	2764	Unicorn-41791.exe	31
PID 2764 wrote to memory of 2748	2764	Unicorn-41791.exe	31
PID 2692 wrote to memory of 2524	2692	Unicorn-24709.exe	32
PID 2692 wrote to memory of 2524	2692	Unicorn-24709.exe	32
PID 2692 wrote to memory of 2524	2692	Unicorn-24709.exe	32
PID 2692 wrote to memory of 2524	2692	Unicorn-24709.exe	32
PID 2932 wrote to memory of 2488	2932	Unicorn-37023.exe	33
PID 2932 wrote to memory of 2488	2932	Unicorn-37023.exe	33
PID 2932 wrote to memory of 2488	2932	Unicorn-37023.exe	33
PID 2932 wrote to memory of 2488	2932	Unicorn-37023.exe	33
PID 2748 wrote to memory of 696	2748	Unicorn-31974.exe	34
PID 2748 wrote to memory of 696	2748	Unicorn-31974.exe	34
PID 2748 wrote to memory of 696	2748	Unicorn-31974.exe	34
PID 2748 wrote to memory of 696	2748	Unicorn-31974.exe	34
PID 2764 wrote to memory of 1492	2764	Unicorn-41791.exe	35
PID 2764 wrote to memory of 1492	2764	Unicorn-41791.exe	35
PID 2764 wrote to memory of 1492	2764	Unicorn-41791.exe	35
PID 2764 wrote to memory of 1492	2764	Unicorn-41791.exe	35
PID 2524 wrote to memory of 976	2524	Unicorn-19722.exe	36
PID 2524 wrote to memory of 976	2524	Unicorn-19722.exe	36
PID 2524 wrote to memory of 976	2524	Unicorn-19722.exe	36
PID 2524 wrote to memory of 976	2524	Unicorn-19722.exe	36
PID 2692 wrote to memory of 240	2692	Unicorn-24709.exe	37
PID 2692 wrote to memory of 240	2692	Unicorn-24709.exe	37
PID 2692 wrote to memory of 240	2692	Unicorn-24709.exe	37
PID 2692 wrote to memory of 240	2692	Unicorn-24709.exe	37
PID 2488 wrote to memory of 2864	2488	Unicorn-56841.exe	38
PID 2488 wrote to memory of 2864	2488	Unicorn-56841.exe	38
PID 2488 wrote to memory of 2864	2488	Unicorn-56841.exe	38
PID 2488 wrote to memory of 2864	2488	Unicorn-56841.exe	38
PID 240 wrote to memory of 1236	240	Unicorn-13390.exe	39
PID 240 wrote to memory of 1236	240	Unicorn-13390.exe	39
PID 240 wrote to memory of 1236	240	Unicorn-13390.exe	39
PID 240 wrote to memory of 1236	240	Unicorn-13390.exe	39
PID 696 wrote to memory of 1476	696	Unicorn-23780.exe	40
PID 696 wrote to memory of 1476	696	Unicorn-23780.exe	40
PID 696 wrote to memory of 1476	696	Unicorn-23780.exe	40
PID 696 wrote to memory of 1476	696	Unicorn-23780.exe	40
PID 2748 wrote to memory of 2172	2748	Unicorn-31974.exe	41
PID 2748 wrote to memory of 2172	2748	Unicorn-31974.exe	41
PID 2748 wrote to memory of 2172	2748	Unicorn-31974.exe	41
PID 2748 wrote to memory of 2172	2748	Unicorn-31974.exe	41
PID 1492 wrote to memory of 1132	1492	Unicorn-57199.exe	42
PID 1492 wrote to memory of 1132	1492	Unicorn-57199.exe	42
PID 1492 wrote to memory of 1132	1492	Unicorn-57199.exe	42
PID 1492 wrote to memory of 1132	1492	Unicorn-57199.exe	42
PID 2864 wrote to memory of 1768	2864	Unicorn-16920.exe	43
PID 2864 wrote to memory of 1768	2864	Unicorn-16920.exe	43
PID 2864 wrote to memory of 1768	2864	Unicorn-16920.exe	43
PID 2864 wrote to memory of 1768	2864	Unicorn-16920.exe	43

C:\Users\Admin\AppData\Local\Temp\fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fa59c67e8effd8696a47eee9c2566a0c_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37023.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37023.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4506.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40765.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1201.exe
        9⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
        11⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
        12⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5226.exe
        13⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        14⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        15⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2388.exe
        16⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50912.exe
        17⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56698.exe
        18⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
        19⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19569.exe
        20⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57445.exe
        17⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
        18⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
        11⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52242.exe
        12⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26057.exe
        13⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58361.exe
        14⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        15⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1706.exe
        16⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37747.exe
        17⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48349.exe
        18⤵
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        9⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42133.exe
        10⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
        11⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35522.exe
        12⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
        13⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        14⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25392.exe
        15⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        16⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        17⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38143.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18589.exe
        9⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        10⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
        11⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
        12⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        13⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        14⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
        15⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
        16⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe
        17⤵
        
        PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13390.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39426.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62275.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33355.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe
        10⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
        11⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        12⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59715.exe
        13⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25943.exe
        14⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        15⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36486.exe
        16⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        10⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37712.exe
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        12⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11604.exe
        13⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
        14⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2282.exe
        15⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15297.exe
        16⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        17⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
        16⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12674.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30542.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10137.exe
        8⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        9⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
        10⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4894.exe
        11⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26057.exe
        12⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        13⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
        14⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        11⤵
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57812.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        9⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
        10⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        11⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13254.exe
        12⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
        13⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1711.exe
        14⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
        15⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
        16⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
        17⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
        8⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
        9⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52097.exe
        11⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        12⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
        13⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        14⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36843.exe
        15⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53166.exe
        11⤵
        
        PID:3064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        12⤵
        Program crash
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58222.exe
        7⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
        9⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
        10⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56752.exe
        11⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
        12⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14897.exe
        13⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
        14⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4544.exe
        12⤵
        
        PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50786.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
        9⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16337.exe
        10⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        11⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46835.exe
        12⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38335.exe
        13⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49700.exe
        14⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61711.exe
        15⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5079.exe
        16⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53948.exe
        17⤵
        
        PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37371.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55757.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
        9⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
        10⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        11⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11536.exe
        12⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        13⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8973.exe
        14⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12917.exe
        15⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        16⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63164.exe
        17⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        10⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
        11⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        12⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        13⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26595.exe
        14⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        15⤵
        
        PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16064.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37775.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
        8⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21568.exe
        9⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        10⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21615.exe
        11⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
        12⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12917.exe
        13⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5320.exe
        14⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        15⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21084.exe
        16⤵
        
        PID:1772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59846.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43832.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-116.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 220
        9⤵
        Program crash
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16623.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7563.exe
        9⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
        10⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35154.exe
        11⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55299.exe
        12⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        13⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        14⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23777.exe
        15⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe
        16⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
        17⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13423.exe
        14⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11581.exe
        15⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        16⤵
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63214.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62846.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9123.exe
        10⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
        11⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
        12⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
        13⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        14⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
        15⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26839.exe
        16⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7298.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18991.exe
        8⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7981.exe
        9⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
        10⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        11⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58511.exe
        12⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        13⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58366.exe
        14⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
        15⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12309.exe
        10⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        11⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
        12⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        13⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
        14⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31812.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42929.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48928.exe
        7⤵
        Executes dropped EXE
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34541.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60571.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65070.exe
        10⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63991.exe
        11⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62445.exe
        12⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11410.exe
        13⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        14⤵
        
        PID:240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3567.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27164.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
        9⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
        10⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42398.exe
        11⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22741.exe
        12⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26104.exe
        13⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33480.exe
        14⤵
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50386.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
        7⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39009.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
        9⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        10⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18086.exe
        11⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37427.exe
        12⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        13⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        14⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
        9⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        10⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24983.exe
        11⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
        12⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56283.exe
        13⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43870.exe
        14⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60414.exe
        15⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
        13⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41993.exe
        8⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5226.exe
        9⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21423.exe
        10⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23141.exe
        11⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45349.exe
        12⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        13⤵
        
        PID:1544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56857.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24434.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32945.exe
        8⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41255.exe
        9⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59850.exe
        10⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46877.exe
        11⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
        12⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29532.exe
        13⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
        14⤵
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30593.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38464.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        9⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        10⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
        11⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38901.exe
        12⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47832.exe
        13⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8919.exe
        14⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
        15⤵
        
        PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16064.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
        8⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30675.exe
        10⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5226.exe
        11⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13809.exe
        12⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40551.exe
        13⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56939.exe
        14⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28297.exe
        15⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41696.exe
        16⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-752.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
        9⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        11⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22212.exe
        12⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54996.exe
        13⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20316.exe
        14⤵
        
        PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe

Filesize
184KB

MD5
5c892e0c81927f3433163c987164db08

SHA1
d0a210bd71f02aa14c4b450fb8e3e0aeec567b59

SHA256
65a4228dbe6cefe704ad504c6301bc2a7d2e18e659df6b287c76113d98f390d5

SHA512
a4b4d3f585063b90d6513bd577ac433e431c0d31dc350a0441f19628822d625301cb6e95cd7c98439fbe42c03cad4661e9d03ba70edd353649d270fb99f589a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe

Filesize
184KB

MD5
2dbc8f52b099d55a0135cdde9f8dd61f

SHA1
0f5ca6de63e52148945d454fc1b97a9a5f2cefd8

SHA256
89f73c480dcf5dc341e9fa3bcd3cea44b3f8cc5c00ed6b22b45f21af95ed2ba5

SHA512
b233b05c669cb488da074964ce149f5c72a290ae1e1d1edb042e10daf2a573055ce0c1d011e3664bdaab297e89170ff13a55c0ae3d57332ca3828bf97ede74e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31071.exe

Filesize
184KB

MD5
d7bf5fdc498e49f906354c26a46dc41f

SHA1
d2deb283d2f5ea9608a0c12549881463f8b67605

SHA256
96fc400db9e3902f9cc7d9f55305588630a05389d6478508c9a0eb14da10e09b

SHA512
652f795b3d3b56219af2dcc1774542920412c89221c33cbd85705590ffb1c0abe3c761c0ddbaa2b50dbb22b063bd08d0ac8a8c7ac79f2c000e19e25f199254f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe

Filesize
184KB

MD5
6e9cfea90639aeb981221315be151624

SHA1
90aed3904ecb4ccdd3dab8e2bc906554a3aea930

SHA256
8400ff79b8376d1da281cee7a15a8b71955b07a6ea63ad9acaa01eb1d310623e

SHA512
9e6f57a62bf1fbecc1acc514c12afcf2fe90e2494d21ba03786c4ab826c64fce20a64b42a096ee5e3c07012d4590404cf0a851b22f8190a495b437b0ed9f5500

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57445.exe

Filesize
184KB

MD5
c47d042d204494b2b58208e05ad82299

SHA1
6b7437f9d6f3a2d501d9cd803e18f562422dd25b

SHA256
2b795c41f3be253bd0ba0a6532d223c94b8d7fec5875eced3801eca4414abaad

SHA512
737b7bd3acc46eebf68e86c5a5c6a3345c2fef522308d4b615fe665348348deabf72259e3c8f2f85484f7fb8f8f10b7e4a5b210cf5a54fa4ee71605bcd29b14b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58940.exe

Filesize
184KB

MD5
4ad1427595eda30bbd21a2896328969d

SHA1
7b36ffc32c15b44b677fc0e634bc14fc1837bd42

SHA256
afa3723086eda4b730b3278b7d78e3184c07162f40241341746800c41a29f621

SHA512
4f905d3a658eb04b410c0ee65faa6b0bdb7bebd870371f23ab9fa65b8f9190948a040bac38d6f94899576c59daedd8c9e0b9db515d0a4bfad5d8ac40ce6b8197

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13390.exe

Filesize
184KB

MD5
39648ec214411def6ab4ee3f57bed5ec

SHA1
7bf431cbbdbe14b0273842343831ee9c5e301368

SHA256
c6bd1eae315900bf734acba07ba5b451097a411d7170b420b7e820dad5187f18

SHA512
e809e62e5ff6fa5a4c80ee6746dd13eec2840936b094737d2b954c1e20ff0268b43ef9e6fdbbfae0e3a6917710e0c405c7a18a4efd187083ee62aafa974d82e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe

Filesize
184KB

MD5
e8c53cd9739bc5cf0c8c28e2c669f0e0

SHA1
46982eb1d0b969ea1a97463f00bce7f2e4eed867

SHA256
c762162282eed68d965c4d3a91c251a569e1a489d5d3d0475bc8790cefbf1917

SHA512
565e4961e6fccf9797fac7f8b575c2781198dccb63118397e6fe2029bed23124f687d6d028ec1c71a11b4138c6618c82b9faeea7a45bd39fd52a41f34ff3bd1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe

Filesize
184KB

MD5
e4756b3711a449f0fc143c387d338e92

SHA1
208c1d1bc373f8f5bcf56963b40de2c6764e9c3e

SHA256
57acca0803383ca68d9334b6f9ef3984599e3b3bc80b670f1528a580dbd9fdde

SHA512
9596a87aa8a551bef57a545bb836cd4b4b8758d00e12ee55fc2ab64f4939b3090a660c3ff0ccedbd6e5f536b5d2b6b13dc5a13e86b2390495c4c65fbcd5b0adc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe

Filesize
184KB

MD5
dfcc61081454cc6883885b5978cceb47

SHA1
b6748ffa486d7b842e91bc455b73ca860a686bf5

SHA256
e4b21a84857fb60b4ef664464a67884c0b53a040400437e7d9e3f08a099e2330

SHA512
644afa5432951baf763f11ba5a6f6cc1c6e1f1b9e38873cf24c33b0d4ba9315ef474658c076bd194f99941db1a12509e753502dd7550763292b3e72e8faf3b2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24709.exe

Filesize
184KB

MD5
7c5a48d6740cf6734e5daeddb1c60e31

SHA1
2fb75395282c3edcdb5290c0d09ad1035df4b707

SHA256
29151c7e370f7ac33caf70a4db02c72fae3300a17d87147ad3a4d4e28d6a69a1

SHA512
8d356a1495d0836146e29f5f665c6aa75e5879c56afebaf7c7b2e25d7dc96d59c3dbdf92883b9596c2d03facd7e93b9b7e0b83f13c925c77d4c3639ad5a74b71

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe

Filesize
184KB

MD5
c5da28162016c3ee80f63cd51118c012

SHA1
970edee0420694909e3a8dbf2605f8d70a500322

SHA256
09c8fe0c712d4f7a8b2dd40e6b7ea2712cd0ca94564d3adbee0ca42b1ace0612

SHA512
aab6fd06e37f5973d3cffc511ea805b0c07292b271915269b02e1cccfaf057fa56df1b4c203fd199269142abec505d9a9cf5406867169df6b1968cf6a6205206

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe

Filesize
184KB

MD5
95c49b354471375fcdf63cb7da3f02dc

SHA1
07ae69b3ab3d033f56036ccdbc19df32a6e956be

SHA256
17eb5565d1e182a93c56615bac807e7cfc053b99079dbc53d2e0d18b67920744

SHA512
53a40f2ae465ed28dc1bcdb2562ca2f4b7933012471dbcefb0806d1b726053dcdaae3a3782b54ce83b6161018b01a8999d1be4dd95853de98507a34ae5b929ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe

Filesize
184KB

MD5
96f16370dc48d0a4e2519d16751fb9a1

SHA1
fb386011ddc58f9f6fc4b49cd85052ead43dff2c

SHA256
161f1c18cef9056da45b5483ae95d58ab818eb1cdd40bc81d3f0b189e3851a2b

SHA512
7d62e972c3aacb4a137644762d1874085a25c489c7028da6f45461d470cd1e4285c0a916998027fe773583fadc2e078fe947017498b4885072407977517cfdac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe

Filesize
184KB

MD5
0f1f22821547d1ea640eec405a61c20f

SHA1
160238db391e1e697f5de973936a7362f91f6490

SHA256
30b81fa0e5e9111c9128423131546704fc7d3fe7b57cf5a1b0003b60225005f6

SHA512
00b41de23ee877fe139694db5b13f6715b0a0eb70103ef3f06d4b40a4a655231f278c1004ac54789e0707f44e5739d1fbe719183a8fcd55457810c8154aa0256

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe

Filesize
184KB

MD5
2f1f9e781a74d3f3617d8ac279ea310c

SHA1
c060cc536a765b0c750297117ee45149b818bb78

SHA256
217682a29f1ca0c3abdea3f23af91adf040666b35e8699b3adc5f238b2e2cf12

SHA512
710afd29fa0b55a8cb3d798f9c03ebc542711a6f8184c4de091a90d0284248e1b8acd56a27ae30f97aa91a90cfb290e94ca3629d10873feb4e6b03617d767aaa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37023.exe

Filesize
184KB

MD5
4d8c51c716532f6f5a28921f98c0b5b8

SHA1
ae2ce01b1ce75201daccdeb84dd57f6478512833

SHA256
94a74f64f69d75b9a1ead6549e391ec9ce682ba310ae6b0bb698a498d99f3661

SHA512
89279b98ba54e8c31020ec9186121c660aa10676fe670b092865f3bf30de6b26c0a3009ab9cc5097fddb15eb41c596a0e3de2408716cd60f57808830f71312ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe

Filesize
184KB

MD5
d6e5eb91acf3ef0ae953037b6ff159c5

SHA1
e545ace45202c86f8d33064c96b82c2e185e21a8

SHA256
35a52122060dc0767e0155bb167ad1969c4ab382026b20be5a8a312804706a2e

SHA512
409c59e4bd526628c9c5f7f45a574a54a66e714db55bdd13c8ef2f03458d02c948148b70eacc2b42af6685b9f42d4d54e794471f877a0660abc944b87a685bc3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56857.exe

Filesize
184KB

MD5
c1e13f587f6af9920828fbae6c50057b

SHA1
25ac6732cdd164c0049d85cc9f195c4e6dcccf20

SHA256
f9d017829e391f9d0157ffbe999912afb691ae3332374b3e5e1bcb0b6b3d3303

SHA512
e9d518c6d363b852d282e7babe49b905ab8e756d67576558a7de9077040cd415e06f09665b020605253be0a5871dfbe8acb5009d2d79637e14d3809789f97c6c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe

Filesize
184KB

MD5
14455da5e6e2e790d07b9c39e998e720

SHA1
ed00f957689b4cbba5a87d76f8410a92b5b68fa2

SHA256
ebc2ba84e71786307adab7396ea40de42ce58576b6acafc8a2728f2562935ab6

SHA512
f696e669b743db12d6da5e7c5f2c917784ff79d913b8d4b42a62fe0c4350fae1aec2d02c7b813ded76c092d0087b463340cc190ed350d683964666822145cfb6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe

Filesize
184KB

MD5
fd601f3eafa8f4c391d59a68df0cdf4b

SHA1
35021cee901ecad81539fa82e32bf6cdbf04263e

SHA256
6afa56c96a7381b90cddc414134c0e40e425de7f458eca4915c7800e4b841615

SHA512
09f64f7f1a124dfd84187c9db312dfe8ec1d92d584544bc6e0d5c6f1c3bcfbcbe3326e736d11bb913e07c4f1f531eb98504e2d45639d731efea9e624495ecfe2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads