38714ae0bde0d7d85c69de042d1b62b91053dbf8733c00e748dec5414ddf78fe

Analysis

max time kernel
48s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
04/04/2024, 18:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe
Size

192KB
MD5

bfff0b4ef5263541283a6a947dcbdccb
SHA1

1bc746cff432ff9a536c38990636ce7ac9054934
SHA256

38714ae0bde0d7d85c69de042d1b62b91053dbf8733c00e748dec5414ddf78fe
SHA512

e953b7697550063c7dc90e99190d3bbf6820f229ac3e2ab7b3cbf46a1b89ee680eb7d20bc17038e47b93047c98e0c8d444c936a0790c808298adcdf08eced315
SSDEEP

3072:yvmZoPOyk9wQMOjG8Q9+sJOzih+eMjefzDtxJJExZNlHtpFm:yv0okeQMd8g+sJAL0xeNlHtpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2900	Unicorn-34563.exe
2628	Unicorn-18310.exe
2536	Unicorn-41422.exe
2876	Unicorn-39882.exe
2460	Unicorn-29253.exe
2484	Unicorn-35798.exe
1656	Unicorn-27677.exe
1388	Unicorn-46706.exe
2316	Unicorn-35845.exe
2304	Unicorn-54874.exe
280	Unicorn-31761.exe
108	Unicorn-19592.exe
888	Unicorn-30452.exe
3000	Unicorn-23676.exe
2008	Unicorn-31844.exe
2396	Unicorn-24230.exe
1004	Unicorn-48180.exe
588	Unicorn-52264.exe
3048	Unicorn-41334.exe
2596	Unicorn-24828.exe
3064	Unicorn-60193.exe
1480	Unicorn-4983.exe
1304	Unicorn-43878.exe
2752	Unicorn-52046.exe
2796	Unicorn-44433.exe
1964	Unicorn-55061.exe
2992	Unicorn-50977.exe
1692	Unicorn-5860.exe
2888	Unicorn-51532.exe
2700	Unicorn-62160.exe
2344	Unicorn-7484.exe
2552	Unicorn-51553.exe
2164	Unicorn-43940.exe
328	Unicorn-37163.exe
2728	Unicorn-62435.exe
2584	Unicorn-20011.exe
2476	Unicorn-35793.exe
2836	Unicorn-54822.exe
1744	Unicorn-25487.exe
1572	Unicorn-62243.exe
1476	Unicorn-47853.exe
2360	Unicorn-32071.exe
1440	Unicorn-51937.exe
2332	Unicorn-33463.exe
1776	Unicorn-33463.exe
548	Unicorn-52492.exe
1820	Unicorn-58735.exe
2292	Unicorn-38869.exe
1236	Unicorn-63374.exe
1268	Unicorn-55206.exe
2064	Unicorn-18532.exe
532	Unicorn-32267.exe
1124	Unicorn-18532.exe
572	Unicorn-32267.exe
2148	Unicorn-18532.exe
2012	Unicorn-58818.exe
476	Unicorn-38398.exe
656	Unicorn-38398.exe
1908	Unicorn-38398.exe
704	Unicorn-38398.exe
2720	Unicorn-38398.exe
388	Unicorn-38398.exe
3068	Unicorn-28092.exe
2908	Unicorn-38398.exe

Loads dropped DLL 64 IoCs

pid	Process
2748	bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe
2748	bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe
2900	Unicorn-34563.exe
2900	Unicorn-34563.exe
2748	bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe
2748	bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe
2628	Unicorn-18310.exe
2900	Unicorn-34563.exe
2628	Unicorn-18310.exe
2900	Unicorn-34563.exe
2536	Unicorn-41422.exe
2536	Unicorn-41422.exe
2876	Unicorn-39882.exe
2876	Unicorn-39882.exe
2628	Unicorn-18310.exe
2628	Unicorn-18310.exe
2460	Unicorn-29253.exe
2460	Unicorn-29253.exe
2536	Unicorn-41422.exe
2536	Unicorn-41422.exe
2484	Unicorn-35798.exe
2484	Unicorn-35798.exe
1656	Unicorn-27677.exe
1656	Unicorn-27677.exe
2876	Unicorn-39882.exe
2876	Unicorn-39882.exe
1388	Unicorn-46706.exe
1388	Unicorn-46706.exe
2316	Unicorn-35845.exe
2316	Unicorn-35845.exe
2460	Unicorn-29253.exe
2460	Unicorn-29253.exe
2304	Unicorn-54874.exe
2304	Unicorn-54874.exe
280	Unicorn-31761.exe
280	Unicorn-31761.exe
2484	Unicorn-35798.exe
2484	Unicorn-35798.exe
108	Unicorn-19592.exe
108	Unicorn-19592.exe
1656	Unicorn-27677.exe
1656	Unicorn-27677.exe
888	Unicorn-30452.exe
888	Unicorn-30452.exe
1004	Unicorn-48180.exe
1004	Unicorn-48180.exe
2396	Unicorn-24230.exe
280	Unicorn-31761.exe
2396	Unicorn-24230.exe
280	Unicorn-31761.exe
2008	Unicorn-31844.exe
2008	Unicorn-31844.exe
588	Unicorn-52264.exe
588	Unicorn-52264.exe
2304	Unicorn-54874.exe
3000	Unicorn-23676.exe
3000	Unicorn-23676.exe
2304	Unicorn-54874.exe
3048	Unicorn-41334.exe
3048	Unicorn-41334.exe
1388	Unicorn-46706.exe
1388	Unicorn-46706.exe
2596	Unicorn-24828.exe
2596	Unicorn-24828.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2140	1572	WerFault.exe	67
2620	2360	WerFault.exe	69
2724	3060	WerFault.exe	110

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2748	bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe
2900	Unicorn-34563.exe
2628	Unicorn-18310.exe
2536	Unicorn-41422.exe
2876	Unicorn-39882.exe
2460	Unicorn-29253.exe
2484	Unicorn-35798.exe
1656	Unicorn-27677.exe
1388	Unicorn-46706.exe
2316	Unicorn-35845.exe
2304	Unicorn-54874.exe
280	Unicorn-31761.exe
108	Unicorn-19592.exe
888	Unicorn-30452.exe
3000	Unicorn-23676.exe
2008	Unicorn-31844.exe
2396	Unicorn-24230.exe
1004	Unicorn-48180.exe
588	Unicorn-52264.exe
3048	Unicorn-41334.exe
2596	Unicorn-24828.exe
3064	Unicorn-60193.exe
1480	Unicorn-4983.exe
1304	Unicorn-43878.exe
2796	Unicorn-44433.exe
2752	Unicorn-52046.exe
2992	Unicorn-50977.exe
2700	Unicorn-62160.exe
2888	Unicorn-51532.exe
1964	Unicorn-55061.exe
1692	Unicorn-5860.exe
2344	Unicorn-7484.exe
2552	Unicorn-51553.exe
2164	Unicorn-43940.exe
328	Unicorn-37163.exe
2728	Unicorn-62435.exe
2584	Unicorn-20011.exe
2836	Unicorn-54822.exe
2476	Unicorn-35793.exe
1744	Unicorn-25487.exe
1572	Unicorn-62243.exe
1476	Unicorn-47853.exe
1440	Unicorn-51937.exe
2360	Unicorn-32071.exe
548	Unicorn-52492.exe
2332	Unicorn-33463.exe
1776	Unicorn-33463.exe
2292	Unicorn-38869.exe
1268	Unicorn-55206.exe
1820	Unicorn-58735.exe
1236	Unicorn-63374.exe
572	Unicorn-32267.exe
2064	Unicorn-18532.exe
1124	Unicorn-18532.exe
2196	Unicorn-49643.exe
532	Unicorn-32267.exe
2148	Unicorn-18532.exe
1908	Unicorn-38398.exe
2908	Unicorn-38398.exe
656	Unicorn-38398.exe
2012	Unicorn-58818.exe
476	Unicorn-38398.exe
1720	Unicorn-24562.exe
704	Unicorn-38398.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2900	2748	bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe	28
PID 2748 wrote to memory of 2900	2748	bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe	28
PID 2748 wrote to memory of 2900	2748	bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe	28
PID 2748 wrote to memory of 2900	2748	bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe	28
PID 2900 wrote to memory of 2628	2900	Unicorn-34563.exe	29
PID 2900 wrote to memory of 2628	2900	Unicorn-34563.exe	29
PID 2900 wrote to memory of 2628	2900	Unicorn-34563.exe	29
PID 2900 wrote to memory of 2628	2900	Unicorn-34563.exe	29
PID 2748 wrote to memory of 2536	2748	bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe	30
PID 2748 wrote to memory of 2536	2748	bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe	30
PID 2748 wrote to memory of 2536	2748	bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe	30
PID 2748 wrote to memory of 2536	2748	bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe	30
PID 2628 wrote to memory of 2876	2628	Unicorn-18310.exe	31
PID 2628 wrote to memory of 2876	2628	Unicorn-18310.exe	31
PID 2628 wrote to memory of 2876	2628	Unicorn-18310.exe	31
PID 2628 wrote to memory of 2876	2628	Unicorn-18310.exe	31
PID 2900 wrote to memory of 2460	2900	Unicorn-34563.exe	32
PID 2900 wrote to memory of 2460	2900	Unicorn-34563.exe	32
PID 2900 wrote to memory of 2460	2900	Unicorn-34563.exe	32
PID 2900 wrote to memory of 2460	2900	Unicorn-34563.exe	32
PID 2536 wrote to memory of 2484	2536	Unicorn-41422.exe	33
PID 2536 wrote to memory of 2484	2536	Unicorn-41422.exe	33
PID 2536 wrote to memory of 2484	2536	Unicorn-41422.exe	33
PID 2536 wrote to memory of 2484	2536	Unicorn-41422.exe	33
PID 2876 wrote to memory of 1656	2876	Unicorn-39882.exe	34
PID 2876 wrote to memory of 1656	2876	Unicorn-39882.exe	34
PID 2876 wrote to memory of 1656	2876	Unicorn-39882.exe	34
PID 2876 wrote to memory of 1656	2876	Unicorn-39882.exe	34
PID 2628 wrote to memory of 1388	2628	Unicorn-18310.exe	35
PID 2628 wrote to memory of 1388	2628	Unicorn-18310.exe	35
PID 2628 wrote to memory of 1388	2628	Unicorn-18310.exe	35
PID 2628 wrote to memory of 1388	2628	Unicorn-18310.exe	35
PID 2460 wrote to memory of 2316	2460	Unicorn-29253.exe	36
PID 2460 wrote to memory of 2316	2460	Unicorn-29253.exe	36
PID 2460 wrote to memory of 2316	2460	Unicorn-29253.exe	36
PID 2460 wrote to memory of 2316	2460	Unicorn-29253.exe	36
PID 2536 wrote to memory of 2304	2536	Unicorn-41422.exe	37
PID 2536 wrote to memory of 2304	2536	Unicorn-41422.exe	37
PID 2536 wrote to memory of 2304	2536	Unicorn-41422.exe	37
PID 2536 wrote to memory of 2304	2536	Unicorn-41422.exe	37
PID 2484 wrote to memory of 280	2484	Unicorn-35798.exe	38
PID 2484 wrote to memory of 280	2484	Unicorn-35798.exe	38
PID 2484 wrote to memory of 280	2484	Unicorn-35798.exe	38
PID 2484 wrote to memory of 280	2484	Unicorn-35798.exe	38
PID 1656 wrote to memory of 108	1656	Unicorn-27677.exe	39
PID 1656 wrote to memory of 108	1656	Unicorn-27677.exe	39
PID 1656 wrote to memory of 108	1656	Unicorn-27677.exe	39
PID 1656 wrote to memory of 108	1656	Unicorn-27677.exe	39
PID 2876 wrote to memory of 888	2876	Unicorn-39882.exe	40
PID 2876 wrote to memory of 888	2876	Unicorn-39882.exe	40
PID 2876 wrote to memory of 888	2876	Unicorn-39882.exe	40
PID 2876 wrote to memory of 888	2876	Unicorn-39882.exe	40
PID 1388 wrote to memory of 3000	1388	Unicorn-46706.exe	41
PID 1388 wrote to memory of 3000	1388	Unicorn-46706.exe	41
PID 1388 wrote to memory of 3000	1388	Unicorn-46706.exe	41
PID 1388 wrote to memory of 3000	1388	Unicorn-46706.exe	41
PID 2316 wrote to memory of 2008	2316	Unicorn-35845.exe	42
PID 2316 wrote to memory of 2008	2316	Unicorn-35845.exe	42
PID 2316 wrote to memory of 2008	2316	Unicorn-35845.exe	42
PID 2316 wrote to memory of 2008	2316	Unicorn-35845.exe	42
PID 2460 wrote to memory of 2396	2460	Unicorn-29253.exe	43
PID 2460 wrote to memory of 2396	2460	Unicorn-29253.exe	43
PID 2460 wrote to memory of 2396	2460	Unicorn-29253.exe	43
PID 2460 wrote to memory of 2396	2460	Unicorn-29253.exe	43

C:\Users\Admin\AppData\Local\Temp\bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\bfff0b4ef5263541283a6a947dcbdccb_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34563.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34563.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18310.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39882.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51553.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65035.exe
        11⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26695.exe
        10⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        11⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
        9⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43940.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        8⤵
        Executes dropped EXE
        
        PID:388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60193.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41626.exe
        9⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
        10⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        11⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        12⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
        13⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        8⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44340.exe
        9⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31272.exe
        8⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        9⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
        10⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4983.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62435.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
        9⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65403.exe
        7⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12326.exe
        8⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        7⤵
        Executes dropped EXE
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
        9⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17122.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41299.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        9⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
        8⤵
        
        PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46706.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47853.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10816.exe
        9⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        10⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7749.exe
        11⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62321.exe
        10⤵
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32071.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        7⤵
        Program crash
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7484.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33463.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1257.exe
        7⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
        8⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
        9⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
        8⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        9⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
        10⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49643.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        7⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 188
        8⤵
        Program crash
        
        PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35845.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55061.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33463.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38869.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        7⤵
        
        PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28092.exe
        7⤵
        Executes dropped EXE
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44423.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        9⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
        10⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45253.exe
        8⤵
        
        PID:996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24562.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe
        7⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        8⤵
        
        PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52492.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        7⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22912.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17179.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59405.exe
        9⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21212.exe
        10⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
        11⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
        12⤵
        
        PID:2148
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35793.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        9⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        10⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        11⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27906.exe
        12⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2309.exe
        13⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32834.exe
        9⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65118.exe
        10⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        11⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        9⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        10⤵
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54822.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53411.exe
        8⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38035.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39161.exe
        8⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44433.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51657.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
        7⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37001.exe
        8⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        9⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16778.exe
        6⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4869.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
        8⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11511.exe
        8⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24557.exe
        7⤵
        
        PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58735.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36644.exe
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56125.exe
        8⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37198.exe
        6⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
        7⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2814.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4198.exe
        10⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55544.exe
        8⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35585.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25505.exe
        10⤵
        
        PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3971.exe
        6⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32834.exe
        7⤵
        
        PID:1536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
        6⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
        7⤵
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63374.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        7⤵
        
        PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51532.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 200
        6⤵
        Program crash
        
        PID:2140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-35845.exe

Filesize
192KB

MD5
a00c113ae25775310e818d0f784f204c

SHA1
dc226969911bb9d87c79a1055cdeb0b890a2a7f0

SHA256
11925bdf9edde023a563eb2957c18dabbcac34fd1117cde95d744655f4c962c1

SHA512
38dfab2a74b0cee41d625add6058521e56e8829d3b4b7b6a351fc736b9ca4ea20166842aefcf490844def5bbb9d3c3277d16c3528a9af65db4c806c033179434

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe

Filesize
192KB

MD5
9b08c4e001ca7532550ab5c0b4fb0930

SHA1
1fbd6e48e955f1ee683e3eb6391baaa4f6efc345

SHA256
0e8ac0ba64097659a1c66b87d553f6bd90eb739079b6948be746c95ab43fa2f3

SHA512
2b23557126cb1859ed15270143fcb97f38a807124258e0fdd219b0d54a2f6e2efe5b90acd24381466c1cc8dadc6c85583befa4f250d3fedcc9acd346d247f1b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe

Filesize
192KB

MD5
4826c32d34ee10fee1288245a618d72d

SHA1
febacf15f546b234a6ce644cf4892b7805d6f06e

SHA256
39a4e4f01f817314d76480e37dfba77e26c3501b7ef9f924883bc90729f7d508

SHA512
b863ab8415963b31c5792cf897f722e5d9e249451feb60e9ae20f72301c6b6f31341e1d646fd78fbc7c3f5c2bcefd3f84b4bc735d66a009029ab98b1a899d8fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe

Filesize
192KB

MD5
85bc2fe5dcba9f4a20272e226ad72fef

SHA1
728b323aac97de3b5f3d4d6789ded56accc14f3a

SHA256
f8796c27733a2df7c1f9d84b6ab6e906e08f2f54fa16ad0ddefb2a92b8ea8b74

SHA512
8994ecf3d38938cad7217e7fc6c6475cc8f0bd1485dd1ba32160a9ec2ec42e346e1251746f0909e03c60e2b480a3f51e397b76811e65072977f340d5882191b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18310.exe

Filesize
192KB

MD5
6de5cfa340b35859cb1f765ce52e4c12

SHA1
9c4fc927645c4c4ad9cc78a95d3197ef2774b614

SHA256
36d513b65df77d262b4b199b5a0d8e0f2d59bf38879a2e41aa4685a42e2d9684

SHA512
d7f8d8856324e49a329032ccf3e23d86d1c0c1a3aa2696e922ba6ecf6231d667e99fad99dc10beb2b66031e6f8781e986444b56ac645e33223e7620d6ac8f59d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19592.exe

Filesize
192KB

MD5
8a4ae4bd9c6f12e41c350c4d760cefc1

SHA1
57fe327758688bf207a733a9fafed153b11be179

SHA256
94fb37721112a5df4b591e4b10f70f55c8de21640f6a04d353fe6501e0190253

SHA512
08c89f8f9e9a1d804a739688406f5ace5c3429816454fb77e4058ea4ad5ff1e5c420e2bd3a65b4dcab9f3f6ac53decf46577a75b2e40057454b46a5d74ba4f4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe

Filesize
192KB

MD5
0a660d40e1c6019e0ff36f4759bb6f0b

SHA1
305691e15b6d7280de8e5b822e1716f9a44a564e

SHA256
bdd18dc09edbed5238793681ccb69d36ac467710ba0865e527d7fc7b02b6a70c

SHA512
6984b2c8d7dc6160323ced4218f8442a945efb02998610207e01043c3ebf8e62ce9fad594e002dfac67ee3da202bceaeadb76b793ed90bcae151c9fd5fe92d7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe

Filesize
192KB

MD5
07e7777d92b30f09233d11fea98d1f26

SHA1
b8cca92be831afb98cc9d12a1f48d2c55e2f4145

SHA256
2e5aa48f6847479f9c7b6f22f9d0aeeb227346768c0849ca530c519f094c7571

SHA512
5d55394cbfb64ce55863528abc409ba0ba71499374cd44743f1d2d3a37968092cb8f2a13347b60a75a87af9c0d26a2a11395270934e494b99cbb154bb128ac6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe

Filesize
192KB

MD5
a3a1c78eb64c50ece6910d6911c80242

SHA1
e60178fc1a9b6278dac2629b1cad314e5f68a6d8

SHA256
49cecd4ad1c98060665c652a317a3d700aa2639f039ef22758022d50c0bd6497

SHA512
a6b4676842dda5fc41d675bf5554b47f2eae367468fe67d0a6d7bd92aa42871f99ca24301f219059f78a3ce590649cdc13790d61797bbf5b15fcebe851a23ef3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29253.exe

Filesize
192KB

MD5
2a3bf207896eb8b3e66a829c775a7db7

SHA1
f5d38c3ee9e4edb5f8ecbe987cc3bf219f1d8c26

SHA256
74d3d8bc3575207a762b2a1e0ceab343d8147c2b1be5b095bc7c0a4db6e0e444

SHA512
7b94533de9f4ec0fd25ad9ccc95b41692d7d102208119b802e32c6747dd6a4662ac3f1aecae226ff70704f97cfcd1009e69b7b7636dd8cce5b744a6b0d7dc30d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe

Filesize
192KB

MD5
9e6d4f05f0c75330134dd11a7a7b48f2

SHA1
3ac79e26dda62de290096321bf372f35dc7b20a6

SHA256
a16542b5788bb4a1180c7daedcbb9de1d844cd91a8ae3e892c5202f3a4eef79b

SHA512
26f242879cc3b129585464aeff27b046f70e25c2de318dcdca9ac8c5ff8f6bde3dd347708f99dacc02d0cc02a879ee1388bc9f5bfb4aacecf3bef4a32368f5ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe

Filesize
192KB

MD5
bacbdbf0339c1b1cc6b71d97a3b40249

SHA1
3c52b231a553084913f7b945d1350c4fd2a186b0

SHA256
0df3e8e93b11a8147073983667be7d59a38c699ac09daf1bc6654ec5c249e902

SHA512
279e46f5107feedf2987da52f8f218b908eb379fcbc606c94770f76f365112f779ce6b21827ddb9aa424bac24c527a8f568f6f31d554b4fc3175a08e0ba8cba9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe

Filesize
192KB

MD5
e149f4689aa5439dc4119654836022b9

SHA1
b0306f54e2ff41304229806554a2b95db297457a

SHA256
68086e9ec72e58d177ec22609b5121386a21b3e7cfaa7292fc9a484c81cf2e04

SHA512
a84cd2ed6b1378c30d9f225360fcac3e7d90017938650103ef7ce093572e44a1285609a314bb74ecad7318fc1ffa37d07283eeb0c2a817fd99b8150bdcd437f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34563.exe

Filesize
192KB

MD5
892d442accb54e2c08544e0289a2e41f

SHA1
5b634eee7f792983a2bd2162c20b24968c4a44b7

SHA256
b2b5e47de3126e88c33b9d245d94acea19b8a980774fc7252772aff921e127d7

SHA512
89c205cdbf90c30a0dd3942cc447b556ef08f1b175d170309c14dc7197e309fdb21c40d12609e0d9fdad2856e583b510f73b73de3dbfde6814304752f9df9614

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35798.exe

Filesize
192KB

MD5
c1627b51e28eebd2927866871198676a

SHA1
ef0bd17eb0dcacb376233aad6eec4a5d5f809921

SHA256
8db89c12ec7366f288d1a144cf44bc1d0966d2e303f2e702077bf82250abbf85

SHA512
5d9ee7e1de052ca33511bb0f1f4aae2a0346b02ee294e2a9a626d9917329086bae2b166a1120a6b6cba0d7920f65460d0cd028f67949aeb5a3ff122ace5fe417

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39882.exe

Filesize
192KB

MD5
6fa3bd2344d44c6a4587c6b39b251db9

SHA1
6d7e38c0eaa1bc62f0aea25c53064bd310627313

SHA256
b02b3cef67e970efc0f676b7b31c6d587b036b1fa24adc14724adc40c9863686

SHA512
faa2a35e6c17f17b6dce8768c88b81ffcedf6dc80ee365eda65f823a30a1f211c7e9e1f3365a3d8a27320b4c72c6bee17c4a2660f5c83bd009f2b3af0554ab0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41422.exe

Filesize
192KB

MD5
e1fefb9d2c52cb8fdd8446987fcd40e6

SHA1
e0a5bc03c1d2f8e4820531b0693f21627f3e9059

SHA256
eb8356f372b4b846e0a956ab194db86fd9bcfbf348e82f1262c63493224f0840

SHA512
7f857de844e1581af172440091c323aff0742902f59573f2aa18503946a7ed8f23e60fc607ca7c0afadfca05d86eb52269ed4102c898f6007f3ac69522be1344

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46706.exe

Filesize
192KB

MD5
d1383ecf5632541717f0e3579c49024e

SHA1
66f7d43d5002cbc44a2e41e10562befbd3483f92

SHA256
8f1a6ac3eca6d9d5a500c541e91a88630c45deb73ebd3b0bcc774c71d92bf3a1

SHA512
236ab5ab180b9a8a5be7220dd6f79e73f4cf359026d7571ac680cad4621466bed2f1e148fe50aa565fbd41746338fc8efc282319c00adb15d801a38b9fa8425b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe

Filesize
192KB

MD5
7d79a8310c9bd66a9d5a197828b6fb0d

SHA1
0dea55a084ea946e147d65eac9b6bc9652a6246f

SHA256
6a9c114159de5bf915c1007a54bb4559691a3d7469eb8d296cde880732ed4634

SHA512
0078de1d141eaf18b7779dbb11d8734293fdb678f22319f0a109484f61ab2fecfaa956d69e2a440195772e9d1dcb842d6733e210a5e4da1c8c6a8350c7199cff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe

Filesize
192KB

MD5
a02c11ebc51aef88d83feee2104820b0

SHA1
5f0d857953d0451f0549203f3cfb9ab85562bd20

SHA256
4c5ee69f180b2cc6241d5a722bc1ee00d612563e8f9e8d892f195d026f41202d

SHA512
953ab13c96c804a8e3e3e409e6a8e43054883689e06b29783221f84a1f7ae682f6139ed0f4d3f4ae6eabbcab21da8eaea9bd6a1aa14cd71935134b3f661b522f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads