aa1fb2548af9fd3076be316062c9aae61b2323a936109840e5c3a55a9ffd5daa

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04-04-2024 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe
Size

188KB
MD5

c042f12a6186f831b7d8c27f2d2bb040
SHA1

8b69d7eda987a6c38ef961356c280e7147ce8494
SHA256

aa1fb2548af9fd3076be316062c9aae61b2323a936109840e5c3a55a9ffd5daa
SHA512

8c156c3f1373e025d7a0e2197410e8629f78e0908545d95cad2d67255602c0ae8782912a49dd2ad995bb0a1403f24c11229585612535204d7524f54abfdb6b8b
SSDEEP

3072:4BTYomjtlswp1Hje8Bf3TUReDUiMGBfIClxQ7crjdlv1pFZ:4Bcog5p1y8l3TUsN2Qdlv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2748	Unicorn-57410.exe
2524	Unicorn-53409.exe
2544	Unicorn-33543.exe
2776	Unicorn-44255.exe
2640	Unicorn-59200.exe
2408	Unicorn-52423.exe
1980	Unicorn-11473.exe
2512	Unicorn-57145.exe
2828	Unicorn-19642.exe
1824	Unicorn-23726.exe
2156	Unicorn-47607.exe
1492	Unicorn-8759.exe
1116	Unicorn-28625.exe
2112	Unicorn-65381.exe
1512	Unicorn-3928.exe
1792	Unicorn-46907.exe
3012	Unicorn-55075.exe
2864	Unicorn-57768.exe
2088	Unicorn-57768.exe
2148	Unicorn-62449.exe
1376	Unicorn-11665.exe
2288	Unicorn-31531.exe
884	Unicorn-60887.exe
2972	Unicorn-23939.exe
108	Unicorn-1380.exe
1104	Unicorn-40275.exe
2892	Unicorn-24493.exe
1952	Unicorn-17717.exe
1964	Unicorn-52527.exe
1620	Unicorn-28577.exe
2236	Unicorn-44914.exe
2636	Unicorn-31806.exe
2932	Unicorn-24192.exe
2456	Unicorn-44634.exe
2924	Unicorn-52802.exe
2176	Unicorn-59579.exe
2392	Unicorn-42496.exe
2500	Unicorn-18546.exe
2612	Unicorn-24022.exe
1748	Unicorn-43050.exe
2620	Unicorn-42304.exe
1872	Unicorn-8816.exe
1052	Unicorn-26544.exe
2616	Unicorn-26544.exe
1064	Unicorn-34712.exe
784	Unicorn-10762.exe
1504	Unicorn-23014.exe
1680	Unicorn-51048.exe
1756	Unicorn-20322.exe
1604	Unicorn-30628.exe
636	Unicorn-39350.exe
2108	Unicorn-61546.exe
1860	Unicorn-37596.exe
440	Unicorn-93.exe
2408	Unicorn-9906.exe
1060	Unicorn-51494.exe
1028	Unicorn-56969.exe
296	Unicorn-32273.exe
2356	Unicorn-17883.exe
2832	Unicorn-32827.exe
364	Unicorn-13798.exe
1796	Unicorn-6185.exe
2796	Unicorn-34219.exe
2860	Unicorn-30135.exe

Loads dropped DLL 64 IoCs

pid	Process
1132	c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe
1132	c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe
2748	Unicorn-57410.exe
1132	c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe
2748	Unicorn-57410.exe
1132	c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe
2524	Unicorn-53409.exe
2748	Unicorn-57410.exe
2524	Unicorn-53409.exe
2748	Unicorn-57410.exe
2544	Unicorn-33543.exe
2544	Unicorn-33543.exe
2776	Unicorn-44255.exe
2776	Unicorn-44255.exe
2524	Unicorn-53409.exe
2524	Unicorn-53409.exe
2640	Unicorn-59200.exe
2640	Unicorn-59200.exe
2408	Unicorn-52423.exe
2408	Unicorn-52423.exe
2544	Unicorn-33543.exe
2544	Unicorn-33543.exe
2640	Unicorn-59200.exe
2828	Unicorn-19642.exe
2828	Unicorn-19642.exe
2640	Unicorn-59200.exe
2512	Unicorn-57145.exe
2512	Unicorn-57145.exe
1824	Unicorn-23726.exe
1980	Unicorn-11473.exe
1980	Unicorn-11473.exe
1824	Unicorn-23726.exe
2776	Unicorn-44255.exe
2156	Unicorn-47607.exe
2156	Unicorn-47607.exe
2776	Unicorn-44255.exe
2408	Unicorn-52423.exe
2408	Unicorn-52423.exe
1492	Unicorn-8759.exe
1492	Unicorn-8759.exe
2828	Unicorn-19642.exe
1116	Unicorn-28625.exe
2828	Unicorn-19642.exe
1116	Unicorn-28625.exe
2088	Unicorn-57768.exe
2088	Unicorn-57768.exe
2864	Unicorn-57768.exe
2864	Unicorn-57768.exe
2112	Unicorn-65381.exe
2112	Unicorn-65381.exe
1792	Unicorn-46907.exe
1792	Unicorn-46907.exe
1824	Unicorn-23726.exe
1512	Unicorn-3928.exe
1824	Unicorn-23726.exe
1512	Unicorn-3928.exe
3012	Unicorn-55075.exe
3012	Unicorn-55075.exe
2156	Unicorn-47607.exe
2156	Unicorn-47607.exe
1980	Unicorn-11473.exe
1980	Unicorn-11473.exe
2148	Unicorn-62449.exe
2148	Unicorn-62449.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
1948	2832	WerFault.exe	87
536	1236	WerFault.exe	130
1952	2008	WerFault.exe	132
3052	2464	WerFault.exe	131
2452	2580	WerFault.exe	168
2176	2784	WerFault.exe	133
268	2752	WerFault.exe	176

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1132	c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe
2748	Unicorn-57410.exe
2524	Unicorn-53409.exe
2544	Unicorn-33543.exe
2776	Unicorn-44255.exe
2640	Unicorn-59200.exe
2408	Unicorn-52423.exe
2828	Unicorn-19642.exe
2512	Unicorn-57145.exe
1980	Unicorn-11473.exe
1824	Unicorn-23726.exe
2156	Unicorn-47607.exe
1492	Unicorn-8759.exe
1116	Unicorn-28625.exe
2112	Unicorn-65381.exe
1512	Unicorn-3928.exe
1792	Unicorn-46907.exe
2088	Unicorn-57768.exe
2864	Unicorn-57768.exe
3012	Unicorn-55075.exe
2148	Unicorn-62449.exe
1376	Unicorn-11665.exe
2288	Unicorn-31531.exe
884	Unicorn-60887.exe
2972	Unicorn-23939.exe
1104	Unicorn-40275.exe
2892	Unicorn-24493.exe
1952	Unicorn-17717.exe
1964	Unicorn-52527.exe
1620	Unicorn-28577.exe
108	Unicorn-1380.exe
2236	Unicorn-44914.exe
2636	Unicorn-31806.exe
2932	Unicorn-24192.exe
2456	Unicorn-44634.exe
2924	Unicorn-52802.exe
2176	Unicorn-59579.exe
2500	Unicorn-18546.exe
2392	Unicorn-42496.exe
1748	Unicorn-43050.exe
2612	Unicorn-24022.exe
2620	Unicorn-42304.exe
1872	Unicorn-8816.exe
2616	Unicorn-26544.exe
1052	Unicorn-26544.exe
784	Unicorn-10762.exe
1504	Unicorn-23014.exe
636	Unicorn-39350.exe
1064	Unicorn-34712.exe
1680	Unicorn-51048.exe
1604	Unicorn-30628.exe
1756	Unicorn-20322.exe
2108	Unicorn-61546.exe
1860	Unicorn-37596.exe
440	Unicorn-93.exe
2408	Unicorn-9906.exe
1060	Unicorn-51494.exe
1028	Unicorn-56969.exe
296	Unicorn-32273.exe
2832	Unicorn-32827.exe
2356	Unicorn-17883.exe
1796	Unicorn-6185.exe
364	Unicorn-13798.exe
2796	Unicorn-34219.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 2748	1132	c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe	28
PID 1132 wrote to memory of 2748	1132	c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe	28
PID 1132 wrote to memory of 2748	1132	c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe	28
PID 1132 wrote to memory of 2748	1132	c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe	28
PID 2748 wrote to memory of 2524	2748	Unicorn-57410.exe	29
PID 2748 wrote to memory of 2524	2748	Unicorn-57410.exe	29
PID 2748 wrote to memory of 2524	2748	Unicorn-57410.exe	29
PID 2748 wrote to memory of 2524	2748	Unicorn-57410.exe	29
PID 1132 wrote to memory of 2544	1132	c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe	30
PID 1132 wrote to memory of 2544	1132	c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe	30
PID 1132 wrote to memory of 2544	1132	c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe	30
PID 1132 wrote to memory of 2544	1132	c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe	30
PID 2524 wrote to memory of 2776	2524	Unicorn-53409.exe	31
PID 2524 wrote to memory of 2776	2524	Unicorn-53409.exe	31
PID 2524 wrote to memory of 2776	2524	Unicorn-53409.exe	31
PID 2524 wrote to memory of 2776	2524	Unicorn-53409.exe	31
PID 2748 wrote to memory of 2640	2748	Unicorn-57410.exe	32
PID 2748 wrote to memory of 2640	2748	Unicorn-57410.exe	32
PID 2748 wrote to memory of 2640	2748	Unicorn-57410.exe	32
PID 2748 wrote to memory of 2640	2748	Unicorn-57410.exe	32
PID 2544 wrote to memory of 2408	2544	Unicorn-33543.exe	33
PID 2544 wrote to memory of 2408	2544	Unicorn-33543.exe	33
PID 2544 wrote to memory of 2408	2544	Unicorn-33543.exe	33
PID 2544 wrote to memory of 2408	2544	Unicorn-33543.exe	33
PID 2776 wrote to memory of 1980	2776	Unicorn-44255.exe	34
PID 2776 wrote to memory of 1980	2776	Unicorn-44255.exe	34
PID 2776 wrote to memory of 1980	2776	Unicorn-44255.exe	34
PID 2776 wrote to memory of 1980	2776	Unicorn-44255.exe	34
PID 2524 wrote to memory of 2512	2524	Unicorn-53409.exe	35
PID 2524 wrote to memory of 2512	2524	Unicorn-53409.exe	35
PID 2524 wrote to memory of 2512	2524	Unicorn-53409.exe	35
PID 2524 wrote to memory of 2512	2524	Unicorn-53409.exe	35
PID 2640 wrote to memory of 2828	2640	Unicorn-59200.exe	36
PID 2640 wrote to memory of 2828	2640	Unicorn-59200.exe	36
PID 2640 wrote to memory of 2828	2640	Unicorn-59200.exe	36
PID 2640 wrote to memory of 2828	2640	Unicorn-59200.exe	36
PID 2408 wrote to memory of 1824	2408	Unicorn-52423.exe	37
PID 2408 wrote to memory of 1824	2408	Unicorn-52423.exe	37
PID 2408 wrote to memory of 1824	2408	Unicorn-52423.exe	37
PID 2408 wrote to memory of 1824	2408	Unicorn-52423.exe	37
PID 2544 wrote to memory of 2156	2544	Unicorn-33543.exe	38
PID 2544 wrote to memory of 2156	2544	Unicorn-33543.exe	38
PID 2544 wrote to memory of 2156	2544	Unicorn-33543.exe	38
PID 2544 wrote to memory of 2156	2544	Unicorn-33543.exe	38
PID 2828 wrote to memory of 1116	2828	Unicorn-19642.exe	40
PID 2828 wrote to memory of 1116	2828	Unicorn-19642.exe	40
PID 2828 wrote to memory of 1116	2828	Unicorn-19642.exe	40
PID 2828 wrote to memory of 1116	2828	Unicorn-19642.exe	40
PID 2640 wrote to memory of 1492	2640	Unicorn-59200.exe	39
PID 2640 wrote to memory of 1492	2640	Unicorn-59200.exe	39
PID 2640 wrote to memory of 1492	2640	Unicorn-59200.exe	39
PID 2640 wrote to memory of 1492	2640	Unicorn-59200.exe	39
PID 2512 wrote to memory of 2112	2512	Unicorn-57145.exe	41
PID 2512 wrote to memory of 2112	2512	Unicorn-57145.exe	41
PID 2512 wrote to memory of 2112	2512	Unicorn-57145.exe	41
PID 2512 wrote to memory of 2112	2512	Unicorn-57145.exe	41
PID 1980 wrote to memory of 1792	1980	Unicorn-11473.exe	43
PID 1980 wrote to memory of 1792	1980	Unicorn-11473.exe	43
PID 1980 wrote to memory of 1792	1980	Unicorn-11473.exe	43
PID 1980 wrote to memory of 1792	1980	Unicorn-11473.exe	43
PID 1824 wrote to memory of 1512	1824	Unicorn-23726.exe	42
PID 1824 wrote to memory of 1512	1824	Unicorn-23726.exe	42
PID 1824 wrote to memory of 1512	1824	Unicorn-23726.exe	42
PID 1824 wrote to memory of 1512	1824	Unicorn-23726.exe	42

C:\Users\Admin\AppData\Local\Temp\c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c042f12a6186f831b7d8c27f2d2bb040_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59491.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        10⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38778.exe
        11⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17201.exe
        12⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 360
        12⤵
        Program crash
        
        PID:2452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 360
        11⤵
        Program crash
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
        9⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
        10⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8899.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38529.exe
        9⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
        10⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        11⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
        12⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24681.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        9⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
        10⤵
        
        PID:1608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 360
        10⤵
        Program crash
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45306.exe
        8⤵
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51048.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33233.exe
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
        7⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        9⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26283.exe
        10⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
        11⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23939.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24022.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34219.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        9⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
        10⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
        11⤵
        
        PID:2460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 360
        11⤵
        Program crash
        
        PID:268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 360
        10⤵
        Program crash
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45306.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16028.exe
        9⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45080.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21674.exe
        9⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22141.exe
        10⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
        11⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39957.exe
        12⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        13⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2275.exe
        9⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43050.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
        7⤵
        Executes dropped EXE
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
        9⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
        10⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39277.exe
        11⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        12⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29646.exe
        13⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57558.exe
        7⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11751.exe
        8⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
        9⤵
        
        PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1380.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20322.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35179.exe
        8⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17673.exe
        9⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55566.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16247.exe
        11⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55908.exe
        8⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57737.exe
        7⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
        8⤵
        
        PID:2264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17883.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
        9⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
        8⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47932.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
        10⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32873.exe
        11⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55390.exe
        12⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32827.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        8⤵
        Program crash
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59579.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
        9⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
        10⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        8⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11665.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9906.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51899.exe
        8⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        9⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
        7⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
        8⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35371.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42323.exe
        9⤵
        
        PID:240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62449.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33926.exe
        9⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11040.exe
        10⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45520.exe
        11⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32225.exe
        7⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37596.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52091.exe
        7⤵
        
        PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24192.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
        7⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
        8⤵
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
        6⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47927.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        8⤵
        
        PID:3020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30628.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14758.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1445.exe
        9⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36613.exe
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
        9⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16247.exe
        10⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
        11⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
        12⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe
        7⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23014.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
        7⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
        8⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38879.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
        9⤵
        
        PID:620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 360
        9⤵
        Program crash
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
        6⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42369.exe
        8⤵
        
        PID:1056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60887.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61580.exe
        8⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60376.exe
        9⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39576.exe
        7⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        8⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6185.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65171.exe
        7⤵
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32273.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
        7⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50316.exe
        6⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
        7⤵
        
        PID:2876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52527.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34712.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32041.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe
        9⤵
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37871.exe
        6⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10762.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37317.exe
        6⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22769.exe
        7⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
        6⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42286.exe
        7⤵
        
        PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44914.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26544.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25065.exe
        6⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
        7⤵
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57366.exe
        6⤵
        
        PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        5⤵
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
        6⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30226.exe
        7⤵
        
        PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11473.exe

Filesize
188KB

MD5
d7b6a2cdd16684a3a1dff9a4e23adfe0

SHA1
a43bad293025c83b63c2fe93fe9cb89898e3a74f

SHA256
9d4081da9c52e8efde9469a5ea72c35b0ba88f704b22cb06385a93901bd5b170

SHA512
affdbfee25466203309698c4c6e9533de184e58618e0d8fab18e8ef3a9bbf6c3f97588c8dba061090d92cf5bb3737ae2af06033968f54af37a36c927167755f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe

Filesize
188KB

MD5
33ba2e23f9b0adf06f8632e6236eaab7

SHA1
b15e55ca38be37883f654e27992f105bcb6ff2fc

SHA256
4e7cc9c602b37f7111ee85b319c59f31f9ac87b159893e75fa503eeb9ea1f6f0

SHA512
91eea7ac80ace55500e7f496110f15f8ac7c4b190772757387f99983a0d337dfc7f6ce457d78bd52432ab7d12c037e00d9478ba9922589a4fd90410434e93061

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46907.exe

Filesize
188KB

MD5
2c47aa4a86c10af97bb43df8e8fd0016

SHA1
cf5399a242b288a7183319ca81f3191f636478ab

SHA256
727326eef652e6e9d4915f0040c29e94613737f9450eca29a02ed5f594a99f96

SHA512
014f12afed3533d505622ce52eadcb0c4eb4860cad31f005a4eafd861548c9b51d242dbb6349716b89b1a76fa82aa042a693c8193dff3ba30e132285f3d5dc41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe

Filesize
188KB

MD5
56da528710fae2e41a3b1a263d17ede7

SHA1
0ae95d8b56591359a97e4e90163a293b2f953705

SHA256
14913b34f4113d7ed4f5c813cde6eca3436197ca48e68509e357ee4bb290d19c

SHA512
f833ea647ccf206f1d91ef40df6fe42b01e349e2686e909a22c27a2e6bc1b77dfc923c747ec749afc1900db624b5324fd6f16e3e49f907451c905a053ded9de7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe

Filesize
188KB

MD5
ae9e95b5ed1d20298a99ed299d820710

SHA1
68564c913ee46cdd8ad458484ac25f66d232defe

SHA256
56bb3c196b70f8420cf4aa68dba371220f153e06ac6a79d18463cf429735247b

SHA512
d0b7189332d6daa74d2bc617540adef5e0d5387b4cccfeb1f0b80b0a032a431d8333edaeac6abc9d181680662cd2c0e1da1d326ad4e5e73bc9e43a9e4330bc17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65381.exe

Filesize
188KB

MD5
b65863b6a1e43a06a3f838b197ff648e

SHA1
44cba2de5f584a5d48a1092707c8d3b0099e0507

SHA256
b9077d40ca726aa783f97dbcf1eacdd875b77cc9e152612dfef91ce38f0e42c4

SHA512
39b72310e58d5fe0ae130aad38c65a4be7dc36db3dc91cf28bb3804dcc641462641ae26dd198acdc34985276699cfe9963b0c10ba17b8ed81a4dbc36a8a3ce11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6749.exe

Filesize
188KB

MD5
b12a1dc735375ff3eeda97dea3bcc9be

SHA1
651721b1208d07feeae977bd01170f5be195b566

SHA256
c4b259560c8330602b161a60b441cc45bc34d76aacccc2d2aafda030dda81148

SHA512
32765c2aa1fe130278db8629c1aee6b6a6693d4dbde0c490bfafe61a80d56d1ea22c1d822df93c9800240c0a8a55feb8cf5522afa237771825f3b6dee2bfccb7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19642.exe

Filesize
188KB

MD5
3436e2063310ff46106dd6bfe2f70453

SHA1
b794a2b65bee3faa904adee74d8d83c4fdd2cafe

SHA256
654a5d50f5ebede5a7f9e418e05c7d4ad34247fe4f5eda45337931886487d8b4

SHA512
3fa640e60247f8181075b85adee36c5c9498530640ce8fc43dd2e8b703c5a8db8e02f342636924de2a4125377343e79764f0a20b1322e21e7828ed78cb08c01d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28625.exe

Filesize
188KB

MD5
abbf4a429b611c7f6d531f12f8336391

SHA1
b6f3d777e0d6f70776b9736a0a73f97c82b8d21b

SHA256
c1008b87c8d358fb6ef790fdb2953e0a079befa84202ddd0767713db04f81964

SHA512
95d959085ebfcca458bee2dbaee6215731ac28f32af35170607d3dd81361b431b7587e68a455f1f7306413eb0fa5070289336840f9c87e5f3312d464c7424a13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe

Filesize
188KB

MD5
e00c1846f279664712324ff7ee14035a

SHA1
277b5e5b27d1233be222fc00d66119f6f8b9663a

SHA256
658c38b9b11449e6a7306696a21b026135055203cae77c1b043d23f7047b1d7f

SHA512
b7f736cbd9459ab492d9c150e2a8edd6bd185a697b235af17596fc7f0adc1efe33f75cfd5d408bcec92f3ee756225b24ccfd45c15ec54ad6f077610c67201aae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3928.exe

Filesize
188KB

MD5
708284b8896f14f51168b9269e1f7ff2

SHA1
c1c31f0267ea8746b5b3f414b0e5140aaf2ba20f

SHA256
e78548aef3fe8fb39613756c476efff3d0b4c4aa37b0d4c281da293550994bf5

SHA512
3a447254de75473c96e9194da6153ddae5481a283dd43f3539075183cb62ef1e982fda958e3bb3f3a08f00e04aef003786082b31317a227576538c5603809b0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe

Filesize
188KB

MD5
6b45236d904d941eb0c94d016de9d46c

SHA1
f7ed315da8cc0a9e77aed3ebfbdd5d1b98ddce44

SHA256
e0c3b510ae2de87600a9018455da582ef4d4c2bda108278ee62d1b6e22d8d735

SHA512
ba6a01551d420a5f5ad6a46c177b97d4ea46d15357fa04d2f7303477ebc97ca0ccbf8b6db611131661708405ff48c7973da6fbc67f903bdfb649d6c9f782e0a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52423.exe

Filesize
188KB

MD5
0a8f04d74238e44246927e25746b2f15

SHA1
839fce6e85ce65640f3e796dd752d2db9bdf0273

SHA256
14b214d15d2f630c4af56de166635bf85ef7b24938bba12c60ec6275360cea12

SHA512
fb8ced86db41b4197d916383acf4b555a3f1aa6e83612bf7af43bc433707c080e1d1190cdc2b49898639db0a4b577c5ca1a2c78b73819b9d1338526a38cccc79

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe

Filesize
188KB

MD5
28759090774c172dee19561a0ec68711

SHA1
bfb6d642a2393a74e640969fcc3406a46ac62b3e

SHA256
9aac62da3268c4f12b01fac3f6840c65b9993e2f24ab3ab5fc357dc1cdf88c84

SHA512
1a6e7188e9b04b4e59f1690b51add4ff53fcdf7fd5097646d5cabe21c91aa616b43ad4608a56432f94beed30d2cede2eb9651e5d49e3f009446a7ff6c1edb270

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe

Filesize
188KB

MD5
306434d5a8abecac6ade5e84e08a58d4

SHA1
2c46716444b21495dd03f437aded0bb2f2ea41b1

SHA256
5a573a113400066e3f1ef7b42bd6bce16cee102cf3c7abf8defc58a129bee82e

SHA512
190cde68a31aa900f613bbce528cac119a513683082f68654cedfc78c65e5c4f609b57d65361dd107e56e9ad29c4a0d0c0b1a3127d6f5eab05901d61cb422f7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57410.exe

Filesize
188KB

MD5
3c6e14bcf3623e798e8c701094350862

SHA1
98ccd0e49930883e79d978e9c9ccfb7fc12aa45b

SHA256
f6f9353393ba368414251fc0000fc42b64cac39e380185d824491e347b99cdb8

SHA512
51c2da78c27aa038497dc3977064aeaf6c4b9a26615c4b85ab5798f57e4c241f979a264179a9204bbd5bc3f16d8d1c1509ef19c3190af133e49d0f94369d453c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57768.exe

Filesize
188KB

MD5
8b740b74b2049d448674bf52a0d38b1b

SHA1
961bab245b7496c10959ca991f37a07b0523976d

SHA256
63c1d1ef787b00c4b81d718e9de76cca0e9ff31ebbfb05bbf268f669b7274521

SHA512
063e5cb81d43d23ebceb7e83b3044d91dda112458bbd7c81e278705287e4b921dcc201c4ef4fb9d7e64578e071be842a955e9b16b7c8904a190552a444e4dc99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe

Filesize
188KB

MD5
a94eb5ca7769a681fa426a8f8a88af33

SHA1
b44e8c5f975445cc5ba353a5432707b3b9dbeeea

SHA256
324b5fe178c9eb089e92cc4d92c04892ceeaa3f59a4d9df0890021e34c91635d

SHA512
239c4a4cd7e394ee3a1cb2a137a4228369b3636718f6b521776fa810f261e1be6741ff1b8644900a896515db751981006c198da065984ee295f9b86a3cbb3261

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe

Filesize
188KB

MD5
077c345213821dcb54820dfda77819bd

SHA1
caf0ed8d6d47599df414a53fe74c68c13fc2a018

SHA256
d3a163e82c3c6f14b2169eabd907f17beed630441c616616deb0bb224abc16ac

SHA512
d79edc635f9aa15a837f310e1afb7489902d6c0d34011eed24b6a902f9d330c7aae89ea9a6abd28b66b543c7b2906da391b6918a6ea15f6e96c30b83c194645c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads