1910e731f08d22436045ed0970019860c309f6c095d8f4bfc4a5efac3a1904eb

Analysis

max time kernel
82s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/04/2024, 16:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe
Size

192KB
MD5

bcac37284f7934f649ab48fd0d29e730
SHA1

27613db656c54c647de413a47517525b22b03562
SHA256

1910e731f08d22436045ed0970019860c309f6c095d8f4bfc4a5efac3a1904eb
SHA512

69815396c61c81658143ee4f2da45b2b2562f601e51ead66fe8f6ea6219bb7f45d2b5225e4c4a08a2170efc95e683e678a56fe8b113559f0152a6f22cc65d859
SSDEEP

3072:yih7oPaykUwQnOjj8GMFsWOQFhgwMOKfqDtYJzEpf5lHtpFl:yiBoYBQn48DFsWwAIX25lHtpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2540	Unicorn-57872.exe
2664	Unicorn-19035.exe
2680	Unicorn-15505.exe
2460	Unicorn-64569.exe
2484	Unicorn-19453.exe
2464	Unicorn-65124.exe
2920	Unicorn-27979.exe
2752	Unicorn-14636.exe
1944	Unicorn-63282.exe
2736	Unicorn-15897.exe
2512	Unicorn-35763.exe
1728	Unicorn-10319.exe
1656	Unicorn-56183.exe
2084	Unicorn-30932.exe
2868	Unicorn-15555.exe
1716	Unicorn-52504.exe
2300	Unicorn-32638.exe
1060	Unicorn-11663.exe
2124	Unicorn-57335.exe
2904	Unicorn-5524.exe
1164	Unicorn-10355.exe
2948	Unicorn-35265.exe
2244	Unicorn-23013.exe
1572	Unicorn-15015.exe
2296	Unicorn-57138.exe
1500	Unicorn-4600.exe
2368	Unicorn-36718.exe
2240	Unicorn-33594.exe
1748	Unicorn-50122.exe
1608	Unicorn-1668.exe
2616	Unicorn-729.exe
2544	Unicorn-63697.exe
2644	Unicorn-54974.exe
1220	Unicorn-30470.exe
2424	Unicorn-44538.exe
1424	Unicorn-31517.exe
2140	Unicorn-26879.exe
2816	Unicorn-43407.exe
1984	Unicorn-31887.exe
800	Unicorn-28549.exe
1624	Unicorn-24679.exe
2400	Unicorn-8342.exe
756	Unicorn-5005.exe
1124	Unicorn-32463.exe
2248	Unicorn-7958.exe
2712	Unicorn-53630.exe
956	Unicorn-58228.exe
1140	Unicorn-63059.exe
1156	Unicorn-63272.exe
3020	Unicorn-43598.exe
1064	Unicorn-34492.exe
2856	Unicorn-63827.exe
2044	Unicorn-55872.exe
1564	Unicorn-23392.exe
1268	Unicorn-23392.exe
3008	Unicorn-23562.exe
1580	Unicorn-60511.exe
2952	Unicorn-48472.exe
2220	Unicorn-42119.exe
1820	Unicorn-16869.exe
1700	Unicorn-1108.exe
2612	Unicorn-13168.exe
2600	Unicorn-23043.exe
2432	Unicorn-20782.exe

Loads dropped DLL 64 IoCs

pid	Process
2504	bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe
2504	bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe
2540	Unicorn-57872.exe
2540	Unicorn-57872.exe
2504	bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe
2504	bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe
2664	Unicorn-19035.exe
2664	Unicorn-19035.exe
2680	Unicorn-15505.exe
2680	Unicorn-15505.exe
2540	Unicorn-57872.exe
2540	Unicorn-57872.exe
2460	Unicorn-64569.exe
2460	Unicorn-64569.exe
2664	Unicorn-19035.exe
2664	Unicorn-19035.exe
2484	Unicorn-19453.exe
2484	Unicorn-19453.exe
2680	Unicorn-15505.exe
2464	Unicorn-65124.exe
2680	Unicorn-15505.exe
2464	Unicorn-65124.exe
2920	Unicorn-27979.exe
2920	Unicorn-27979.exe
2460	Unicorn-64569.exe
2460	Unicorn-64569.exe
2752	Unicorn-14636.exe
2752	Unicorn-14636.exe
1944	Unicorn-63282.exe
1944	Unicorn-63282.exe
2512	Unicorn-35763.exe
2484	Unicorn-19453.exe
2512	Unicorn-35763.exe
2484	Unicorn-19453.exe
2736	Unicorn-15897.exe
2736	Unicorn-15897.exe
2464	Unicorn-65124.exe
2464	Unicorn-65124.exe
1728	Unicorn-10319.exe
1728	Unicorn-10319.exe
2920	Unicorn-27979.exe
2920	Unicorn-27979.exe
1656	Unicorn-56183.exe
1656	Unicorn-56183.exe
2084	Unicorn-30932.exe
2084	Unicorn-30932.exe
2752	Unicorn-14636.exe
2752	Unicorn-14636.exe
2868	Unicorn-15555.exe
2868	Unicorn-15555.exe
1944	Unicorn-63282.exe
1944	Unicorn-63282.exe
2300	Unicorn-32638.exe
2300	Unicorn-32638.exe
2124	Unicorn-57335.exe
2124	Unicorn-57335.exe
1060	Unicorn-11663.exe
1060	Unicorn-11663.exe
2736	Unicorn-15897.exe
2736	Unicorn-15897.exe
2904	Unicorn-5524.exe
2904	Unicorn-5524.exe
1728	Unicorn-10319.exe
1728	Unicorn-10319.exe

Program crash 23 IoCs

pid	pid_target	Process	procid_target
696	1424	WerFault.exe	66
284	2300	WerFault.exe	46
2360	756	WerFault.exe	72
1968	3008	WerFault.exe	86
2516	2368	WerFault.exe	56
1280	1700	WerFault.exe	92
3056	2400	WerFault.exe	71
1608	1932	WerFault.exe	108
844	1772	WerFault.exe	126
1100	1468	WerFault.exe	161
2220	2768	WerFault.exe	154
2684	2976	WerFault.exe	159
2628	2972	WerFault.exe	156
2328	2868	WerFault.exe	158
3044	2064	WerFault.exe	153
1872	2748	WerFault.exe	152
1452	1220	WerFault.exe	176
576	2776	WerFault.exe	170
1472	1640	WerFault.exe	151
1352	2468	WerFault.exe	178
2184	2820	WerFault.exe	160
900	2532	WerFault.exe	157
3836	1888	WerFault.exe	162

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2504	bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe
2540	Unicorn-57872.exe
2664	Unicorn-19035.exe
2680	Unicorn-15505.exe
2460	Unicorn-64569.exe
2484	Unicorn-19453.exe
2464	Unicorn-65124.exe
2920	Unicorn-27979.exe
2752	Unicorn-14636.exe
1944	Unicorn-63282.exe
2736	Unicorn-15897.exe
2512	Unicorn-35763.exe
1728	Unicorn-10319.exe
1656	Unicorn-56183.exe
2084	Unicorn-30932.exe
2868	Unicorn-15555.exe
2300	Unicorn-32638.exe
1716	Unicorn-52504.exe
1060	Unicorn-11663.exe
2124	Unicorn-57335.exe
2904	Unicorn-5524.exe
1164	Unicorn-10355.exe
2948	Unicorn-35265.exe
2244	Unicorn-23013.exe
1572	Unicorn-15015.exe
2296	Unicorn-57138.exe
1500	Unicorn-4600.exe
2368	Unicorn-36718.exe
1748	Unicorn-50122.exe
2240	Unicorn-33594.exe
1608	Unicorn-1668.exe
2616	Unicorn-729.exe
2544	Unicorn-63697.exe
2644	Unicorn-54974.exe
1424	Unicorn-31517.exe
1220	Unicorn-30470.exe
2424	Unicorn-44538.exe
2140	Unicorn-26879.exe
2816	Unicorn-43407.exe
1624	Unicorn-24679.exe
2400	Unicorn-8342.exe
800	Unicorn-28549.exe
756	Unicorn-5005.exe
1984	Unicorn-31887.exe
1124	Unicorn-32463.exe
1156	Unicorn-63272.exe
2248	Unicorn-7958.exe
1140	Unicorn-63059.exe
3020	Unicorn-43598.exe
956	Unicorn-58228.exe
2712	Unicorn-53630.exe
1064	Unicorn-34492.exe
2044	Unicorn-55872.exe
2856	Unicorn-63827.exe
1564	Unicorn-23392.exe
1268	Unicorn-23392.exe
3008	Unicorn-23562.exe
1580	Unicorn-60511.exe
2952	Unicorn-48472.exe
2220	Unicorn-42119.exe
1820	Unicorn-16869.exe
1700	Unicorn-1108.exe
2600	Unicorn-23043.exe
2612	Unicorn-13168.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2540	2504	bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe	28
PID 2504 wrote to memory of 2540	2504	bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe	28
PID 2504 wrote to memory of 2540	2504	bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe	28
PID 2504 wrote to memory of 2540	2504	bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe	28
PID 2540 wrote to memory of 2664	2540	Unicorn-57872.exe	29
PID 2540 wrote to memory of 2664	2540	Unicorn-57872.exe	29
PID 2540 wrote to memory of 2664	2540	Unicorn-57872.exe	29
PID 2540 wrote to memory of 2664	2540	Unicorn-57872.exe	29
PID 2504 wrote to memory of 2680	2504	bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe	30
PID 2504 wrote to memory of 2680	2504	bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe	30
PID 2504 wrote to memory of 2680	2504	bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe	30
PID 2504 wrote to memory of 2680	2504	bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe	30
PID 2664 wrote to memory of 2460	2664	Unicorn-19035.exe	31
PID 2664 wrote to memory of 2460	2664	Unicorn-19035.exe	31
PID 2664 wrote to memory of 2460	2664	Unicorn-19035.exe	31
PID 2664 wrote to memory of 2460	2664	Unicorn-19035.exe	31
PID 2680 wrote to memory of 2484	2680	Unicorn-15505.exe	32
PID 2680 wrote to memory of 2484	2680	Unicorn-15505.exe	32
PID 2680 wrote to memory of 2484	2680	Unicorn-15505.exe	32
PID 2680 wrote to memory of 2484	2680	Unicorn-15505.exe	32
PID 2540 wrote to memory of 2464	2540	Unicorn-57872.exe	33
PID 2540 wrote to memory of 2464	2540	Unicorn-57872.exe	33
PID 2540 wrote to memory of 2464	2540	Unicorn-57872.exe	33
PID 2540 wrote to memory of 2464	2540	Unicorn-57872.exe	33
PID 2460 wrote to memory of 2920	2460	Unicorn-64569.exe	36
PID 2460 wrote to memory of 2920	2460	Unicorn-64569.exe	36
PID 2460 wrote to memory of 2920	2460	Unicorn-64569.exe	36
PID 2460 wrote to memory of 2920	2460	Unicorn-64569.exe	36
PID 2664 wrote to memory of 2752	2664	Unicorn-19035.exe	37
PID 2664 wrote to memory of 2752	2664	Unicorn-19035.exe	37
PID 2664 wrote to memory of 2752	2664	Unicorn-19035.exe	37
PID 2664 wrote to memory of 2752	2664	Unicorn-19035.exe	37
PID 2484 wrote to memory of 1944	2484	Unicorn-19453.exe	38
PID 2484 wrote to memory of 1944	2484	Unicorn-19453.exe	38
PID 2484 wrote to memory of 1944	2484	Unicorn-19453.exe	38
PID 2484 wrote to memory of 1944	2484	Unicorn-19453.exe	38
PID 2680 wrote to memory of 2736	2680	Unicorn-15505.exe	39
PID 2680 wrote to memory of 2736	2680	Unicorn-15505.exe	39
PID 2680 wrote to memory of 2736	2680	Unicorn-15505.exe	39
PID 2680 wrote to memory of 2736	2680	Unicorn-15505.exe	39
PID 2464 wrote to memory of 2512	2464	Unicorn-65124.exe	40
PID 2464 wrote to memory of 2512	2464	Unicorn-65124.exe	40
PID 2464 wrote to memory of 2512	2464	Unicorn-65124.exe	40
PID 2464 wrote to memory of 2512	2464	Unicorn-65124.exe	40
PID 2920 wrote to memory of 1728	2920	Unicorn-27979.exe	41
PID 2920 wrote to memory of 1728	2920	Unicorn-27979.exe	41
PID 2920 wrote to memory of 1728	2920	Unicorn-27979.exe	41
PID 2920 wrote to memory of 1728	2920	Unicorn-27979.exe	41
PID 2460 wrote to memory of 1656	2460	Unicorn-64569.exe	42
PID 2460 wrote to memory of 1656	2460	Unicorn-64569.exe	42
PID 2460 wrote to memory of 1656	2460	Unicorn-64569.exe	42
PID 2460 wrote to memory of 1656	2460	Unicorn-64569.exe	42
PID 2752 wrote to memory of 2084	2752	Unicorn-14636.exe	43
PID 2752 wrote to memory of 2084	2752	Unicorn-14636.exe	43
PID 2752 wrote to memory of 2084	2752	Unicorn-14636.exe	43
PID 2752 wrote to memory of 2084	2752	Unicorn-14636.exe	43
PID 1944 wrote to memory of 2868	1944	Unicorn-63282.exe	44
PID 1944 wrote to memory of 2868	1944	Unicorn-63282.exe	44
PID 1944 wrote to memory of 2868	1944	Unicorn-63282.exe	44
PID 1944 wrote to memory of 2868	1944	Unicorn-63282.exe	44
PID 2512 wrote to memory of 1716	2512	Unicorn-35763.exe	45
PID 2512 wrote to memory of 1716	2512	Unicorn-35763.exe	45
PID 2512 wrote to memory of 1716	2512	Unicorn-35763.exe	45
PID 2512 wrote to memory of 1716	2512	Unicorn-35763.exe	45

C:\Users\Admin\AppData\Local\Temp\bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bcac37284f7934f649ab48fd0d29e730_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10319.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-729.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63272.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37118.exe
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        11⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        12⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55909.exe
        13⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44959.exe
        9⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        10⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44542.exe
        11⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63697.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
        9⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
        10⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        11⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
        9⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
        10⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        11⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56298.exe
        12⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9313.exe
        13⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        14⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
        10⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        11⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45338.exe
        12⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 372
        12⤵
        Program crash
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        8⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42946.exe
        10⤵
        
        PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35265.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
        9⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5758.exe
        10⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        11⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        12⤵
        
        PID:1896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 380
        12⤵
        Program crash
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23562.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 220
        8⤵
        Program crash
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        8⤵
        
        PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14636.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26879.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27471.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20045.exe
        10⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        11⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56298.exe
        12⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
        13⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
        14⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        13⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60511.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12260.exe
        8⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        9⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31981.exe
        10⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 380
        10⤵
        Program crash
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 220
        7⤵
        Program crash
        
        PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48472.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55348.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        10⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65203.exe
        11⤵
        
        PID:2688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 380
        11⤵
        Program crash
        
        PID:900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42119.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
        7⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8171.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65203.exe
        9⤵
        
        PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35763.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33594.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32463.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        7⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56298.exe
        9⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        10⤵
        
        PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53630.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        6⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9847.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        9⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27129.exe
        10⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
        11⤵
        
        PID:1156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 380
        11⤵
        Program crash
        
        PID:576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 372
        10⤵
        Program crash
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11347.exe
        9⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
        6⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
        7⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        8⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 380
        9⤵
        Program crash
        
        PID:3836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        8⤵
        Executes dropped EXE
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
        10⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48544.exe
        11⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
        7⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
        10⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
        11⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 372
        10⤵
        Program crash
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4600.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10231.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61456.exe
        9⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60761.exe
        10⤵
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23043.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58851.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        9⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12686.exe
        10⤵
        
        PID:1964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 380
        10⤵
        Program crash
        
        PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36718.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43802.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
        9⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 384
        9⤵
        Program crash
        
        PID:1472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 376
        8⤵
        Program crash
        
        PID:844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 376
        7⤵
        Program crash
        
        PID:3056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 376
        6⤵
        Program crash
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5005.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1108.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
        8⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58135.exe
        9⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        10⤵
        
        PID:704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 380
        8⤵
        Program crash
        
        PID:1608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 376
        7⤵
        Program crash
        
        PID:1280
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 376
        6⤵
        Program crash
        
        PID:2360
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 376
        5⤵
        Program crash
        
        PID:284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43999.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4284.exe
        8⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
        9⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44596.exe
        10⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        11⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9115.exe
        7⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49396.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        9⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
        10⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        11⤵
        
        PID:112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 372
        11⤵
        Program crash
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
        10⤵
        
        PID:3028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 372
        10⤵
        Program crash
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63059.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
        6⤵
        
        PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1668.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47372.exe
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48462.exe
        7⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
        9⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62427.exe
        10⤵
        
        PID:2244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 380
        10⤵
        Program crash
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
        9⤵
        
        PID:1720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 380
        9⤵
        Program crash
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36188.exe
        6⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        7⤵
        
        PID:2948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14636.exe

Filesize
192KB

MD5
29388826d1dc11a211e397061a553135

SHA1
9a295edac784cc0e622e5cc5a0e874ddd672bbca

SHA256
97306ac8b90742cb2c3b24fcc4f871a99c7fd382d220295e6101dce713871322

SHA512
8e8202201577d5d37e3ead20f93759dcae706ce4411640cf7e6a9724c80df11ce07ad3938c71914505b7e32634474523a99148bf3ae50c8e3d7314f603b22e2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe

Filesize
192KB

MD5
d28de9513b3326507416425196070c65

SHA1
a1e8672d344cf12de7f809c26c722a45fe4092b2

SHA256
f742530ba0c22b627f72292d3beb16d68e1619838a615dca4f6b2712d3884c21

SHA512
f19b863754596a5eb492b2f67948111cfc2c79e255dc8ba5ecd41b6de54308193cdda0135417be25f27db28817237e40b729fbb3adfb09c474b1858fd8b277ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe

Filesize
192KB

MD5
ac5ba8ddb4d99d0e2e8be193e84845c4

SHA1
94b93795608cbce4ae66a11f7b4615fa9d7f1611

SHA256
3e5e200f365c0ff370ae10570e6378d149f7b03124e549b546bfb6871b9f6a85

SHA512
fc80fa45448a82af5fb3a500f086cf79ae8e14fdbc2e6859c8a5d117c125609cfda5209823cd525460f45a051213a63ad787f8573d382afe7b58c71e71fa9eb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5758.exe

Filesize
192KB

MD5
2df43e9fbf36f61acd9c92ceb303b205

SHA1
937aff60c7cdc9ecf80c9604c09c3fc74eadac2f

SHA256
537f55b5f2e88548f4f6e3ff2ba6e862c511025fbd913be150954513b62a2e08

SHA512
c4ff0831115303a5c056e4fa1131df7ee8d7f6855caa2f175a2a261da9e715819ac20bf512a83d3a471dde7e1c84d90b885b6e99be17e1cfc3d031a8de148f98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe

Filesize
192KB

MD5
5081b542213c9e3734c366ba048606f9

SHA1
93aeb56158aa14583a75c71e7e019360bbe6ef62

SHA256
fe79fe5278e097512232167a063282e23a07990d8394c59511c22ecc2a1e4ace

SHA512
4b3e993d1ada640aa78c787bf1c231efaa25ce28f8beaf684b0283a7ea7f68582d0de605af168535cc66be1cca8143ec498c206c7efa7aa81d3a5317f8728191

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10319.exe

Filesize
192KB

MD5
4e0954639ac53f9fe6bf5fdbcc4e0352

SHA1
f8970416b8a28168ca6ec10f7cb5a44f7e617a23

SHA256
2588b6289d69d9efbe7cd5255e2528b8eaebb874f3403642bffc90649f8393dc

SHA512
c85c0bedaf4260e006eb1edab3fbb33f78333ea4e932d1021cf52ea379aa4c502bd38976096341276fae23a583ea68677c4afc757dbd96ddc9bd05ba38d65038

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11663.exe

Filesize
192KB

MD5
b61da665b406d86a79299ce61eab18fc

SHA1
819b1e553b6990d32ec274255c9d45f632b72108

SHA256
068d89c38986f14f3e51a258e9f37f693e4dc4ba7f111c7153cc71eea741cff5

SHA512
101f7fd459d05160481ac2d4e0d6d52dacf7b89944bde9cda7ef0822ae398ce749e6ce4f0ffb093b5b96588deddba31fe939b6a77ab1679ac0a6c5c26ef184c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe

Filesize
192KB

MD5
27a75107f6f26d1450faecf4246b6c13

SHA1
04f3fe3744959c2e41b4072bedfdf1d35f88bf7d

SHA256
7a315cc34f4108757cab153b2392e98bc26a86e8142d668342b2136b981ad01e

SHA512
c76e55cf316bb8e1dfb004ae5dfc30d21f70ac4e5f3de461a607804715619600735b5ad75cd2b63c3390f9793db9118c94975216f9fb72d5309ce42f0fa2a14e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe

Filesize
192KB

MD5
cfd91649a2ed5a27c3f89fdb2e72dc84

SHA1
151ccfaf2d317c82e5d341395a775a6e2dda442c

SHA256
4a2dfe66d364c99fb602b4abb3b4be234702cc165f89ad0dd5cd8152ab541b99

SHA512
acfa6e63c299f799a452cab46f53027a2951a79c0d6b055cbcebd803c4a717572fd0b244bed19384acbea25d73cee46f9320360f0c07fb15be8a9110d481bcc3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe

Filesize
192KB

MD5
bd13a133248d05f5cc6d14bfe6204b44

SHA1
03a47644afadecdb74d1aad0c9e835f0229a4e29

SHA256
6196845aaf743f87ab6238299a91c1a62366c43507c88abf455d060227b19e8d

SHA512
12c29fc1b6062d49e70d5acd6fed16f7d76c3bc39c4be1d31834582a83e0865fc77c44ca3a54b51762456b7b245d213aa94c6b2336800461e2c5128fbd933f03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe

Filesize
192KB

MD5
eb814e99ea15f20ea512f6850804ad2d

SHA1
c7f61631c98289070278a7c8eba2761ff92b8807

SHA256
3740889e75d2a88b00cc2a390cb4e16dcd4deb94f0d43503b5af61c7727c53bd

SHA512
7255cebbc9e268a821b917f4251cecbeb1a185f6bf8566282e20d298e5a3626b7d48e4eac31a9a08379d02ad8175235235781a9dbac0dd00f9a56b8c7d5d62f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe

Filesize
192KB

MD5
fa4c6976166ed77c17949740c08f3f38

SHA1
9b86279374c1f5dcfef5f6a9069b158b0e24b86f

SHA256
09729beab7b7ca894bc4c219e289a5d5ae086e674a84664ed30d01d62830a41c

SHA512
d74f13202a5fa6668c16a461fda1b5c7b89195e0f00d170f344cb9208af892b00472a0286b4471ee2bfd329533db9831daa31b3767a14c78427aa53a266347a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe

Filesize
192KB

MD5
69fcaa78321f237c32ada8d1df6ec575

SHA1
b93be90c9bb1b3fbd2f705432240a7474fb604dd

SHA256
9505e79c181def9babc1b855e1fef9f6e44409b99c388b657c61e77e81a6549b

SHA512
25eb86cae667c74f956e4e05ae40b513f3c6ddfd4f596c7c36dd75d1727d050b743262700afab0e92d51b84090251317b8fb0816b06fb2b8a6847e79a1e7bcf2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30932.exe

Filesize
192KB

MD5
02fd37698bc40a1305c54560aacfbaf8

SHA1
de9e7197c3c3023f4d687e79c2dd5991d94f9e39

SHA256
a7b09a4a62ef3d8a9061862855eb3ba8097a6d1571cc1de03fd69e888e525330

SHA512
a3a2acc56382054cd1991c13e7a90656fec572c63e6f606e353c24a1e62fe6fe7f7a8e24cd526b2f63d4ea18f083ae601fb01d54f0b455f7164701062d436d93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe

Filesize
192KB

MD5
d355c5ffc8567870d54d2255b03a2e71

SHA1
62cfc542c66cc122a8f8c4a5b759e25823910cca

SHA256
1a2c8b9a720e58c7a36fc08ece3d9a8cdf1827820047cfedd1755f63302a6f10

SHA512
bba3e5edebe03a2d6ffb8c92e9d6a55c7f398b494cc4ec88908020eab4cb573abb2b3c54e6566c9d995715f99f8da4270afdd5742181196c61fb7a7192c9567e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35763.exe

Filesize
192KB

MD5
04ae7f35d3d4239e7953c4a0a440fb8d

SHA1
47e246aeebb3dfc649f9f042ec27e8a32819c7df

SHA256
d3487c492398339ca506936dfee679bdc4bd6041fe362fe2d1495461dbc3a2d6

SHA512
7b8cd04c6ee7a6435be1294dfc36bd4c976369cc468c86ede2fc2783b954d3bc38e9dcfa7eee0d253a3a1e67c8fb505bcb247824af11b7f8625e8a12a8accf20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe

Filesize
192KB

MD5
d5134176a4ea7558ba7e53fc8101c279

SHA1
e4bb6ab8899297c6657540defc0ceae394f0d46d

SHA256
09a328a1b5f08abf0ec5cbad43184dc1c0eda7563dea7f11642173b69b3a1c09

SHA512
6a6b8c3dbb63bddeaf21c015598ce01421493d45e390d234151c5f5ae2bc79e5674b7a6102b8a6b59b60148bbb9df7febd9cfdd37080756937bffab054a84609

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe

Filesize
192KB

MD5
e60a1005e604829ee9417838de087084

SHA1
17475245ada290594754471964c08074fd409081

SHA256
cadd271e825fceca5708aa8c7bdae41e39c037b37203619dae0718dd3a1bebfc

SHA512
58a7fb685668172dec55aca1177900a89dd7d7e2211d05b6ab13d418478322e17ed3e85ba9b684b789f1eff7f8698315e904c5c01ba585c6af08b2025d26b489

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57872.exe

Filesize
192KB

MD5
3a66db11bac272ece8e4beff2c18bc2e

SHA1
5f2a2596c6f4966037a86d8bb7dcc1dea49bcb40

SHA256
a822648b192150a01ccf808009d833c3c56ed8f060adadf5931e24c8dc714535

SHA512
92174f0e4e0a53725146e89d81cfc6b906f3f526c575b2ea882adc5610338d3b5ff909115ad7782cc078dd69497df44d9f41e1a4cac65ee93cc71f9ed8588e91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe

Filesize
192KB

MD5
ad30e0b841745bdb7e1595f3c7271fdb

SHA1
eaa77e41cc740e0387e21ed6daa9d4d7491b43c2

SHA256
a58abe95be583d5541dbc3989b20f10c2a33531c20dc7e039d0a194d059f551d

SHA512
e88d051166554f6fff87e1c8f88a5be58f1ee60052c1c226dd2b39542bcdd961fa0b07f44b1b0aac9aaadcef608e00b689144550b63355371de7947bead38a37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64569.exe

Filesize
192KB

MD5
678d5e0a593c16b599a9ffbe18e6c9c0

SHA1
28b2b66d183cca3dd979fea2f058a42f526a9226

SHA256
f1466649c3c0eda730b22df5b0f693e7a64171dcf68901af1202476e049566a4

SHA512
31f6cbad314898c19d9a49e30a9e4d47741b056d451e4eb3e328a983a89f2ddede52fc136d476d487aeaf5bf578a2ace335b7f7639cea7f69e55e72f3a18afa6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe

Filesize
192KB

MD5
6439f9a4210d354a2f1d25ea5c5f5b50

SHA1
e805db2b1adf119b7ce31ee78af9b9ac10030d47

SHA256
9bc6ee9abfe29812596cf9a6cf8e3c6fa62d337581cfcc6ac722785f0649f73e

SHA512
1a0f8dcaa37f7b0463de471e09fea918d4ebd10aef10a5b433532d5946c3dac2d693002013192d16ad8558557fe9a5cf6ee91967ef3bb01bf0b4aedfa94bed28

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads