fde1af007987425787d14dc5ac04ecd53efc3eca31bf9c6a9ba91e5c83755cc8

Analysis

max time kernel
54s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 11:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

040490b41711cf867cea323c429fca11_JaffaCakes118.exe
Size

192KB
MD5

040490b41711cf867cea323c429fca11
SHA1

5b2bc84e18e269a546cd46be1216381195033830
SHA256

fde1af007987425787d14dc5ac04ecd53efc3eca31bf9c6a9ba91e5c83755cc8
SHA512

f801bdce8b8a88def9642122d387ebc381eaf2147c3371ede35a6930090fbe6450dd2323892924fe25045cb798fbbf9f104c0d5e74e5e905c82e45d023cd41f0
SSDEEP

3072:oiS0oRk3ZHAWrYWhPTnnu8zgi8l65/fI91E1aa+//6lPvZ6F:oiRoAgWrpPbnu8zgZ96lPvZ6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2856	Unicorn-16439.exe
2512	Unicorn-50024.exe
2852	Unicorn-8436.exe
2452	Unicorn-64072.exe
2472	Unicorn-59988.exe
3032	Unicorn-23786.exe
744	Unicorn-517.exe
2792	Unicorn-19122.exe
2800	Unicorn-4409.exe
1960	Unicorn-6869.exe
1464	Unicorn-20357.exe
1656	Unicorn-61197.exe
2756	Unicorn-24249.exe
1988	Unicorn-107.exe
1120	Unicorn-61560.exe
608	Unicorn-30374.exe
1052	Unicorn-50240.exe
3000	Unicorn-45772.exe
1740	Unicorn-60115.exe
1032	Unicorn-34864.exe
1324	Unicorn-22420.exe
1308	Unicorn-10167.exe
972	Unicorn-6638.exe
2148	Unicorn-63727.exe
1572	Unicorn-43115.exe
2044	Unicorn-15081.exe
1892	Unicorn-64879.exe
2120	Unicorn-31692.exe
3008	Unicorn-26862.exe
2504	Unicorn-47090.exe
2612	Unicorn-1973.exe
2600	Unicorn-1973.exe
832	Unicorn-39284.exe
2596	Unicorn-43368.exe
2668	Unicorn-50982.exe
2432	Unicorn-31116.exe
808	Unicorn-63893.exe
588	Unicorn-35859.exe
308	Unicorn-18777.exe
2572	Unicorn-52004.exe
2828	Unicorn-10416.exe
1400	Unicorn-27.exe
2136	Unicorn-53312.exe
1532	Unicorn-15809.exe
572	Unicorn-28061.exe
856	Unicorn-36591.exe
2356	Unicorn-60541.exe
1984	Unicorn-33105.exe
1924	Unicorn-58164.exe
2580	Unicorn-16577.exe
2360	Unicorn-12492.exe
3032	Unicorn-8408.exe
2196	Unicorn-8408.exe
2900	Unicorn-61501.exe
2184	Unicorn-37551.exe
3020	Unicorn-45720.exe
1608	Unicorn-48564.exe
744	Unicorn-32228.exe
2848	Unicorn-46571.exe
1680	Unicorn-41740.exe
880	Unicorn-17790.exe
3056	Unicorn-21128.exe
1720	Unicorn-58631.exe
2500	Unicorn-53800.exe

Loads dropped DLL 64 IoCs

pid	Process
2488	040490b41711cf867cea323c429fca11_JaffaCakes118.exe
2488	040490b41711cf867cea323c429fca11_JaffaCakes118.exe
2856	Unicorn-16439.exe
2488	040490b41711cf867cea323c429fca11_JaffaCakes118.exe
2488	040490b41711cf867cea323c429fca11_JaffaCakes118.exe
2856	Unicorn-16439.exe
2512	Unicorn-50024.exe
2512	Unicorn-50024.exe
2852	Unicorn-8436.exe
2852	Unicorn-8436.exe
2856	Unicorn-16439.exe
2856	Unicorn-16439.exe
2512	Unicorn-50024.exe
2512	Unicorn-50024.exe
2472	Unicorn-59988.exe
2472	Unicorn-59988.exe
2852	Unicorn-8436.exe
2852	Unicorn-8436.exe
3032	Unicorn-23786.exe
3032	Unicorn-23786.exe
744	Unicorn-517.exe
744	Unicorn-517.exe
2800	Unicorn-4409.exe
2800	Unicorn-4409.exe
2792	Unicorn-19122.exe
2472	Unicorn-59988.exe
2472	Unicorn-59988.exe
2792	Unicorn-19122.exe
3032	Unicorn-23786.exe
3032	Unicorn-23786.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
1464	Unicorn-20357.exe
744	Unicorn-517.exe
744	Unicorn-517.exe
1464	Unicorn-20357.exe
1656	Unicorn-61197.exe
1656	Unicorn-61197.exe
2800	Unicorn-4409.exe
2800	Unicorn-4409.exe
2792	Unicorn-19122.exe
2756	Unicorn-24249.exe
1988	Unicorn-107.exe
1120	Unicorn-61560.exe
1120	Unicorn-61560.exe
2756	Unicorn-24249.exe
2792	Unicorn-19122.exe
1988	Unicorn-107.exe
608	Unicorn-30374.exe
608	Unicorn-30374.exe
1052	Unicorn-50240.exe
1052	Unicorn-50240.exe
1464	Unicorn-20357.exe
1464	Unicorn-20357.exe
3000	Unicorn-45772.exe
1656	Unicorn-61197.exe
3000	Unicorn-45772.exe
1656	Unicorn-61197.exe
1740	Unicorn-60115.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2344	1960	WerFault.exe	37
2888	1032	WerFault.exe	122
1624	2032	WerFault.exe	111
2528	2900	WerFault.exe	84
3752	2816	WerFault.exe	156
3476	1308	WerFault.exe	123

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2488	040490b41711cf867cea323c429fca11_JaffaCakes118.exe
2856	Unicorn-16439.exe
2512	Unicorn-50024.exe
2852	Unicorn-8436.exe
2472	Unicorn-59988.exe
3032	Unicorn-23786.exe
744	Unicorn-517.exe
2800	Unicorn-4409.exe
2792	Unicorn-19122.exe
1960	Unicorn-6869.exe
1464	Unicorn-20357.exe
1656	Unicorn-61197.exe
2756	Unicorn-24249.exe
1988	Unicorn-107.exe
1120	Unicorn-61560.exe
608	Unicorn-30374.exe
1052	Unicorn-50240.exe
3000	Unicorn-45772.exe
1740	Unicorn-60115.exe
1324	Unicorn-22420.exe
1032	Unicorn-34864.exe
1308	Unicorn-10167.exe
972	Unicorn-6638.exe
2148	Unicorn-63727.exe
2044	Unicorn-15081.exe
1572	Unicorn-43115.exe
1892	Unicorn-64879.exe
2120	Unicorn-31692.exe
3008	Unicorn-26862.exe
2504	Unicorn-47090.exe
2600	Unicorn-1973.exe
832	Unicorn-39284.exe
2612	Unicorn-1973.exe
2668	Unicorn-50982.exe
2596	Unicorn-43368.exe
2432	Unicorn-31116.exe
808	Unicorn-63893.exe
588	Unicorn-35859.exe
308	Unicorn-18777.exe
2572	Unicorn-52004.exe
2828	Unicorn-10416.exe
572	Unicorn-28061.exe
2136	Unicorn-53312.exe
856	Unicorn-36591.exe
1400	Unicorn-27.exe
1532	Unicorn-15809.exe
2356	Unicorn-60541.exe
1984	Unicorn-33105.exe
2360	Unicorn-12492.exe
2580	Unicorn-16577.exe
1924	Unicorn-58164.exe
3032	Unicorn-8408.exe
2196	Unicorn-8408.exe
2900	Unicorn-61501.exe
2184	Unicorn-37551.exe
3020	Unicorn-45720.exe
1608	Unicorn-48564.exe
744	Unicorn-32228.exe
2848	Unicorn-46571.exe
880	Unicorn-17790.exe
1680	Unicorn-41740.exe
3056	Unicorn-21128.exe
1720	Unicorn-58631.exe
2500	Unicorn-53800.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2856	2488	040490b41711cf867cea323c429fca11_JaffaCakes118.exe	28
PID 2488 wrote to memory of 2856	2488	040490b41711cf867cea323c429fca11_JaffaCakes118.exe	28
PID 2488 wrote to memory of 2856	2488	040490b41711cf867cea323c429fca11_JaffaCakes118.exe	28
PID 2488 wrote to memory of 2856	2488	040490b41711cf867cea323c429fca11_JaffaCakes118.exe	28
PID 2488 wrote to memory of 2512	2488	040490b41711cf867cea323c429fca11_JaffaCakes118.exe	30
PID 2488 wrote to memory of 2512	2488	040490b41711cf867cea323c429fca11_JaffaCakes118.exe	30
PID 2488 wrote to memory of 2512	2488	040490b41711cf867cea323c429fca11_JaffaCakes118.exe	30
PID 2488 wrote to memory of 2512	2488	040490b41711cf867cea323c429fca11_JaffaCakes118.exe	30
PID 2856 wrote to memory of 2852	2856	Unicorn-16439.exe	29
PID 2856 wrote to memory of 2852	2856	Unicorn-16439.exe	29
PID 2856 wrote to memory of 2852	2856	Unicorn-16439.exe	29
PID 2856 wrote to memory of 2852	2856	Unicorn-16439.exe	29
PID 2512 wrote to memory of 2452	2512	Unicorn-50024.exe	31
PID 2512 wrote to memory of 2452	2512	Unicorn-50024.exe	31
PID 2512 wrote to memory of 2452	2512	Unicorn-50024.exe	31
PID 2512 wrote to memory of 2452	2512	Unicorn-50024.exe	31
PID 2852 wrote to memory of 2472	2852	Unicorn-8436.exe	32
PID 2852 wrote to memory of 2472	2852	Unicorn-8436.exe	32
PID 2852 wrote to memory of 2472	2852	Unicorn-8436.exe	32
PID 2852 wrote to memory of 2472	2852	Unicorn-8436.exe	32
PID 2856 wrote to memory of 3032	2856	Unicorn-16439.exe	33
PID 2856 wrote to memory of 3032	2856	Unicorn-16439.exe	33
PID 2856 wrote to memory of 3032	2856	Unicorn-16439.exe	33
PID 2856 wrote to memory of 3032	2856	Unicorn-16439.exe	33
PID 2512 wrote to memory of 744	2512	Unicorn-50024.exe	34
PID 2512 wrote to memory of 744	2512	Unicorn-50024.exe	34
PID 2512 wrote to memory of 744	2512	Unicorn-50024.exe	34
PID 2512 wrote to memory of 744	2512	Unicorn-50024.exe	34
PID 2472 wrote to memory of 2792	2472	Unicorn-59988.exe	35
PID 2472 wrote to memory of 2792	2472	Unicorn-59988.exe	35
PID 2472 wrote to memory of 2792	2472	Unicorn-59988.exe	35
PID 2472 wrote to memory of 2792	2472	Unicorn-59988.exe	35
PID 2852 wrote to memory of 2800	2852	Unicorn-8436.exe	36
PID 2852 wrote to memory of 2800	2852	Unicorn-8436.exe	36
PID 2852 wrote to memory of 2800	2852	Unicorn-8436.exe	36
PID 2852 wrote to memory of 2800	2852	Unicorn-8436.exe	36
PID 3032 wrote to memory of 1960	3032	Unicorn-23786.exe	37
PID 3032 wrote to memory of 1960	3032	Unicorn-23786.exe	37
PID 3032 wrote to memory of 1960	3032	Unicorn-23786.exe	37
PID 3032 wrote to memory of 1960	3032	Unicorn-23786.exe	37
PID 744 wrote to memory of 1464	744	Unicorn-517.exe	38
PID 744 wrote to memory of 1464	744	Unicorn-517.exe	38
PID 744 wrote to memory of 1464	744	Unicorn-517.exe	38
PID 744 wrote to memory of 1464	744	Unicorn-517.exe	38
PID 2800 wrote to memory of 1656	2800	Unicorn-4409.exe	39
PID 2800 wrote to memory of 1656	2800	Unicorn-4409.exe	39
PID 2800 wrote to memory of 1656	2800	Unicorn-4409.exe	39
PID 2800 wrote to memory of 1656	2800	Unicorn-4409.exe	39
PID 2472 wrote to memory of 1988	2472	Unicorn-59988.exe	41
PID 2472 wrote to memory of 1988	2472	Unicorn-59988.exe	41
PID 2472 wrote to memory of 1988	2472	Unicorn-59988.exe	41
PID 2472 wrote to memory of 1988	2472	Unicorn-59988.exe	41
PID 2792 wrote to memory of 2756	2792	Unicorn-19122.exe	40
PID 2792 wrote to memory of 2756	2792	Unicorn-19122.exe	40
PID 2792 wrote to memory of 2756	2792	Unicorn-19122.exe	40
PID 2792 wrote to memory of 2756	2792	Unicorn-19122.exe	40
PID 3032 wrote to memory of 1120	3032	Unicorn-23786.exe	43
PID 3032 wrote to memory of 1120	3032	Unicorn-23786.exe	43
PID 3032 wrote to memory of 1120	3032	Unicorn-23786.exe	43
PID 3032 wrote to memory of 1120	3032	Unicorn-23786.exe	43
PID 1960 wrote to memory of 2344	1960	Unicorn-6869.exe	42
PID 1960 wrote to memory of 2344	1960	Unicorn-6869.exe	42
PID 1960 wrote to memory of 2344	1960	Unicorn-6869.exe	42
PID 1960 wrote to memory of 2344	1960	Unicorn-6869.exe	42

C:\Users\Admin\AppData\Local\Temp\040490b41711cf867cea323c429fca11_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\040490b41711cf867cea323c429fca11_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59988.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
        11⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        12⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23732.exe
        10⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        11⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8745.exe
        9⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6649.exe
        10⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18269.exe
        11⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58164.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43368.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        9⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        10⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe
        9⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        10⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34553.exe
        9⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
        10⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47090.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50458.exe
        10⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        11⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
        12⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22424.exe
        9⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
        10⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        8⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
        9⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        10⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36591.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14640.exe
        8⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        9⤵
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-107.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22420.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50982.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61501.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        10⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        11⤵
        
        PID:848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 380
        11⤵
        Program crash
        
        PID:3752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 376
        10⤵
        Program crash
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42581.exe
        10⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 376
        9⤵
        Program crash
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14516.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        10⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37551.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50567.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38938.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
        10⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28584.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
        9⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31116.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62819.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64018.exe
        9⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
        10⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40068.exe
        8⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16716.exe
        9⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30701.exe
        7⤵
        
        PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61197.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64879.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28061.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe
        9⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22254.exe
        10⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe
        11⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2388.exe
        9⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        10⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13130.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        10⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8766.exe
        8⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        9⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
        10⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31692.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43420.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
        9⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53406.exe
        9⤵
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53312.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50676.exe
        7⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21995.exe
        9⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        10⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
        9⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35060.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        8⤵
        
        PID:3768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1960
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10167.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        8⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45046.exe
        10⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        7⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59057.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe
        9⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23946.exe
        8⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        9⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
        7⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59218.exe
        8⤵
        
        PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        8⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19805.exe
        9⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
        7⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
        8⤵
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34702.exe
        6⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
        7⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62726.exe
        8⤵
        
        PID:1888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64072.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64072.exe
    3⤵
    - Executes dropped EXE
    PID:2452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43115.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
        9⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32794.exe
        10⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
        11⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5128.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9908.exe
        9⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62134.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60946.exe
        9⤵
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53800.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        8⤵
        
        PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18777.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41740.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18279.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
        9⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48512.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22917.exe
        7⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
        8⤵
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17790.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
        7⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9249.exe
        8⤵
        
        PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63727.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1942.exe
        8⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 220
        9⤵
        Program crash
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31277.exe
        7⤵
        
        PID:1032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 200
        8⤵
        Program crash
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46571.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21102.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31429.exe
        8⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16716.exe
        9⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
        7⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
        8⤵
        
        PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35859.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18471.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54127.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        8⤵
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
        6⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49514.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
        8⤵
        
        PID:3432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe

Filesize
192KB

MD5
4ed57414cdb168684fe7f0c8b250ef6f

SHA1
fa3c7149ec9e3892ddebf1b976ba154451a1a6cd

SHA256
3bdd8c1e957f8ccf2d0489f398250c0e7c869aadd2f3c6d507d2a51440df3d90

SHA512
7ad17a9be695b56d39d438aebe79f8e3e02b851dcb6afceeb1260671ae36bcc54912cf9ed50d8869e13f0463f1c432f0c3e7b9ecca02e38d9bc1b58b7180ae01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10416.exe

Filesize
192KB

MD5
3f8cb9d77702c324c51800e50355aeab

SHA1
54831b7b1881580aae218a06b282a1f4cb66dbdb

SHA256
f26f1fd5bd52d045b5dd93e5211c198f94c934b9b929c3a7d722e1e99e779a4d

SHA512
de256f757e310a51151bfa3eb9b87a568354d43a47c0d1adaa901ed5a5010f50f3eb186442e20464a274c115a76327b170ff2356863028f155a8c4dac12b0695

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe

Filesize
192KB

MD5
43b6a63ad59c7dcca61925935403f180

SHA1
7efe0cd8bc5a8cacf7694a7f613f475233225d4b

SHA256
417a75f23320f7ba21ccd8b1072e4a5bc577d5cb20a82450af191c2af9bc2c2b

SHA512
8c01a3af5595d289911f6504c5f9587b5fadcca063c936ea369cbb669f567fa9f31c721fa684b335617c701d28b867302cfa172e4815550d33f9b6f6514dd03d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40068.exe

Filesize
192KB

MD5
c3bfcc1355dd27074bcbac0017b9b5cf

SHA1
61c6f44f63f6f699c581c598eb602a880974f78f

SHA256
4d4ea5105c7905414690482936ebcf2f6aef872c2425e60d86ea1916c2be2a46

SHA512
fe1203bdbed6dac78d715bdbcec27a86a227bfda8cbae6f6850d87e9e986f25b27cb652fb5b3a5af05d1ae93efb1d26669bfe9c77f337d21fc9d101d04aac3b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe

Filesize
192KB

MD5
3bb92450f5f62897aca9d6dc286db9fb

SHA1
a3bf63bf75753614185233d9668193199b417da5

SHA256
e73c01a6ef5b12d31b7e1e6146134a772f010200f980c9a69613d75613a36234

SHA512
102ea95002a487cb47b5acaabc2e456cb8d402d9a80ce5ff220e5280ef2b5464269078e0e8d08308ae02812153fa242d8c0685763df46fc3d5ec2091d77a595c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59988.exe

Filesize
192KB

MD5
42f39bb700fae16d4053a4daef067ce6

SHA1
0ebda488c26433b6059a4af011c2b126f8cbe8bc

SHA256
9a4bed99b5d414319254201bd42d83898cc4740aff0d077dc0df1002ff96ea18

SHA512
24f528c0e0d8de8d26623a4d14c06b2819ce1681cfedb21c540ede19250be62edd36d0dbdd8fd186e8bda0bd5e173958242c336d9e7d90f9124f4ae884a79277

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe

Filesize
192KB

MD5
f24bcc7d84167f92fc96e7d02cc8bd56

SHA1
93fa588abac31f9502ba55a12334bd720b5c855a

SHA256
b725fd32de5c1d196a6bead4d14e2f32064e6b4bd3b621b040109f9a3940f6f2

SHA512
4b61195d6f1ed6e708d6b7839608b37fcd5e425dd636be218d0f579447b0d8a0dffeac9eff35a7c2b2585a8fbf871c9a2f35430d581a88bf550701e7f6a2a901

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-107.exe

Filesize
192KB

MD5
89623560d93b8f5ca1964bcce69e2e8a

SHA1
39e59837f522ac6958c485d1043d6a7606225abc

SHA256
4c3a5eb90284950aa3db2c7efb79c040283bbdb1103ed46eb88cdd9903cc7bbf

SHA512
3f65fd56e40385fb0259fde522bea60cc9cd977a4fd2df3d8b27c91edda9fed66a5de91e8a8b3770f4721cb3783a16587891fa8f53d0ad70c14d81925c550fc7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe

Filesize
192KB

MD5
edbc8a78ba021fc1b779e91ef7343ca5

SHA1
5cb38c83705e36a881f6f661349c8c2e9099ba38

SHA256
1b7250bb65478d3a8c8218b29c89faaa8c8a7c6888c799fc9b4aa42724f3e344

SHA512
14c1431784a2dc84f12b071331cace7b57ddb5e1b800e0b854c552ce8f896970fc6af6cde6902fa666aea75d3e89ae3cc37609fa06d0bf49065d574a808c304d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19122.exe

Filesize
192KB

MD5
4ecd895a1ba29076140e8e5494f9b614

SHA1
6d43815cc3fc622d3881c52fd62307108a05ba65

SHA256
6c13ca7b451dc0542d30200488e54099e02a543d0fadb647d8fd23820c0d3098

SHA512
355293cdafdbcb15f1e879aa1b1389f0c0d38b497c5ddbf28b62f514841e32b33eea175c0e94a88fca0b9dfbca68e792deb8451c89d95e7ce82b05479905c8a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe

Filesize
192KB

MD5
4f99954874b53d8e0a4039bc29930d42

SHA1
ce044a49377342f84ec2880a8b2c9bc718638ade

SHA256
20116355a8936cfdc9c00446d791c2e0e133f0180e66a951b2f3552ea3bb95a2

SHA512
6fbd07e4110cedbf8f06533845a19f7f727628c1277023f9de7fae8770e10b8db5fc4e52e41d9549c704fbc1095473aa59065eef70a250a782cd68e498c293bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23786.exe

Filesize
192KB

MD5
20e15001675a162fe760ef0d4217facb

SHA1
ae1682c006a64711b354e3d04b4807c55dc18146

SHA256
ee463979a356ea7e5507294d20647536f325976c3714e2e4c39c86432decdb15

SHA512
2ce21b4b80c1ea91df42d6eec60f44ca9ca202e32095c88ed7346db9686df27f14e73a1f450588abf55474d891d5c56c40721c47005ef1d475dedb8db5c2a02e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe

Filesize
192KB

MD5
7d4da4bd262a45e5d75f794b5afe14a1

SHA1
52872799cf60f16807827758b4f73c26a22bf66d

SHA256
28bb7c310ed8062920bede65bbedd7fa2baf0f48131e0361f0406fd12f1c85ea

SHA512
aa4a01cc4a280b408008484bdc5362cbccf3ebc0b95f16dba6be5a2c6997c7170346acf08d73e90f837b2764f52d209bc9f2d4eca7de830bbcfe4a139bf9b27d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30374.exe

Filesize
192KB

MD5
6af7feb7b51bcedb58a2d860b11029a6

SHA1
858a5ae6a4b0b8d265009ed2da0b31de6f6cd5ae

SHA256
d053e9c208f6e7c44e497fd7fbe860b4761c3d92201d8feffdeeaafeb20156ab

SHA512
25d8fd07e50f2d4413b146e8c136e7e87285cc43f849c5a33b5b96c7118a9a7c1049abbf4cb325d7f1348a36884dc7be60cbbcd771b9f7956f554b7ff54b9eeb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4409.exe

Filesize
192KB

MD5
09a9cee25f380d9441c50e059f21f2b6

SHA1
7849de9216106c8688973dccdb608876f8c38dfb

SHA256
5c2beb4d263e695166e2e2fac01c366802ff5c6559509f5adfded63df85a9145

SHA512
b550f6c3c14ca8f1a16a15462ee28061020d525b239a356b4ce529c1e6118dd2988720e98ac1f6668f0d1c8c4a5b986c900d44f10dcb05fef33a812ab7cfc478

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe

Filesize
192KB

MD5
d3adf00d20f5108f66cb6f460c753388

SHA1
f18845a068ddac1c3655fde003e7d2a792e15753

SHA256
22caa63fed2bbf881741303bf1e936c608e55e0b3d4ec7cda1273d39a30e970b

SHA512
0b213e73ed565f3b99b3a9a54eafeed024be5551dd24909a5ad1044a05c44a0af5d6ba3e7f66f527f7772c82a48fe882db175dd7df6fa765f363e62aa3c051ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe

Filesize
192KB

MD5
ed16effdbd0d45f4efab77dbaf22ff7f

SHA1
4c61dc69ca0bae2fdf2dff3b7258fa21aa925e82

SHA256
c02d20bb6f22b1896ce7ad7013d066cc56d71725288f8f9bbe388a1cbf9bebbd

SHA512
0837fbe34c1ed6d3d8cebf2e071c81559cd7a400a5dabbb49043104df54a8d9c593dbc985c4d36a17e77f8e187bf521e245deadaa7ee4c6d79b6e32c6b9e8c21

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-517.exe

Filesize
192KB

MD5
e4822e1f3e3e2c3ddda7cc86d8e2f325

SHA1
59c2ff4c022518fdb40de8527db01cb3ec067763

SHA256
b3121b8af44e8488d8382bac4df7b670ad7bfceee73241bc7482e7d2ba458fee

SHA512
d33aaf88f2f0002aa834a1006cc35e5fd49b58577b1af9d586fe8bc1d3b40abf6b29833f592c10a59d75760634a39d474d15df6b6edc172d658a7a09dda230c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61197.exe

Filesize
192KB

MD5
ee45dbf99e2086912178ec60d35f62f4

SHA1
036111060ea10e8e0dfb752743307d7bed1bea09

SHA256
974e2e6bab1c90f5f525641df45063d6520490966493a9b07c858e6ae3656aab

SHA512
7fc9a134e8b87b04f4f06dfd348f786d1c51861dc8f7d0e5d8e613550c015f4c03ebe0f5d14ca4c2b7077becfd207be76dc5487493eb7f84e91f3a022bdff4e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64072.exe

Filesize
192KB

MD5
b92ae8141aab4616296917d77cc602ee

SHA1
bc5a16ca4e04a6907def9bd4b6cf32da42ed5e37

SHA256
b81747cee44c18aef26ab363da8744aa4733e478f97f5e146810337044de7025

SHA512
f67469bd0c5e89c81810cb96f9054bd0b56cf61bd7d4388cd919b5e60e44412ccd30ae39782753943bf8db2ebfd85260b2c2e38bcae8935d6b548c7e859bcad8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6869.exe

Filesize
192KB

MD5
3c2b9b75c94171a680a683a54e8016c1

SHA1
5096a437a7d65b66ef212279ddbd73dfb95a8511

SHA256
36d127b5e8f859d40b4b7dd1906f7715b948928e5f7b182f6e3eae3dcdbd87f4

SHA512
09f40aa5a0a9e66bc4ca8af2401acafd465d9a0c11b49a183ba799b58494d65cc5502a537071790d26e3ba9f6683d37537017f7a687746840d22c68d041d32f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8436.exe

Filesize
192KB

MD5
c738374c42dc03955692e54ab759dd08

SHA1
f4c0ae603ba8db738e7bb63c89003c9700b4fa73

SHA256
bd464c1327c575872c4b1373a82e5a698da2e85a04f57297d2783a9620213fba

SHA512
95ba3b4563222297deae616e6c19994b15c51fe7b8ad19334f33d214aae9748110c968c05dcf99fa42e60e70dbe0bc57e0d8d31d2ff9a8513a4a3902c661518d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads