501a854e3adf0579949f13fc1349ec26af368df80b5ec28b587a3f6df0ebbcc3

Analysis

max time kernel
39s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe
Size

188KB
MD5

cd5194829c73c8ce147baa0d0ab16910
SHA1

d7903b6ad846978370b32c959061b85eeba35abd
SHA256

501a854e3adf0579949f13fc1349ec26af368df80b5ec28b587a3f6df0ebbcc3
SHA512

b8b56c253243c46d45051ee182354e24c0c9ca4b10dd39b770c4bff66416a1a70cb0402e6973f4a4c0c2b236fb0725381ecadb33f10290d22b360dca8e4586d1
SSDEEP

3072:XRqpNmjp+zWwQnHjO8qtyKURQ52rMgBfJflx3vG7VVlw1pFx:XREN3zQnC8ayKUfN58Vlw1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2584	Unicorn-43530.exe
2504	Unicorn-5774.exe
2688	Unicorn-66.exe
2420	Unicorn-58945.exe
2484	Unicorn-34249.exe
2432	Unicorn-22551.exe
2380	Unicorn-24130.exe
816	Unicorn-25858.exe
584	Unicorn-47025.exe
2656	Unicorn-38664.exe
2760	Unicorn-50362.exe
1712	Unicorn-61903.exe
1496	Unicorn-16232.exe
1220	Unicorn-64747.exe
2348	Unicorn-10865.exe
1244	Unicorn-55235.exe
1392	Unicorn-52090.exe
2884	Unicorn-30923.exe
2848	Unicorn-47067.exe
436	Unicorn-30617.exe
1084	Unicorn-53777.exe
1032	Unicorn-57539.exe
1384	Unicorn-52900.exe
2480	Unicorn-57923.exe
1748	Unicorn-12443.exe
2992	Unicorn-47036.exe
3036	Unicorn-39060.exe
2060	Unicorn-22724.exe
796	Unicorn-51867.exe
696	Unicorn-63564.exe
1788	Unicorn-43698.exe
1684	Unicorn-60227.exe
1652	Unicorn-19730.exe
2556	Unicorn-39552.exe
2596	Unicorn-51442.exe
2424	Unicorn-10409.exe
2512	Unicorn-56081.exe
2204	Unicorn-43658.exe
2904	Unicorn-35298.exe
2908	Unicorn-56465.exe
1276	Unicorn-4353.exe
588	Unicorn-33688.exe
2744	Unicorn-37410.exe
2652	Unicorn-49340.exe
332	Unicorn-10684.exe
948	Unicorn-56356.exe
2312	Unicorn-51909.exe
2692	Unicorn-15707.exe
1596	Unicorn-60269.exe
844	Unicorn-44125.exe
2344	Unicorn-11260.exe
1696	Unicorn-56932.exe
2872	Unicorn-61203.exe
3060	Unicorn-29600.exe
2960	Unicorn-41529.exe
1564	Unicorn-36891.exe
3024	Unicorn-51027.exe
2464	Unicorn-47882.exe
1744	Unicorn-6849.exe
2040	Unicorn-26715.exe
2956	Unicorn-10570.exe
2964	Unicorn-56242.exe
2212	Unicorn-58427.exe
2476	Unicorn-50259.exe

Loads dropped DLL 64 IoCs

pid	Process
2104	cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe
2104	cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe
2104	cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe
2104	cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe
2584	Unicorn-43530.exe
2584	Unicorn-43530.exe
2584	Unicorn-43530.exe
2688	Unicorn-66.exe
2504	Unicorn-5774.exe
2688	Unicorn-66.exe
2504	Unicorn-5774.exe
2584	Unicorn-43530.exe
2432	Unicorn-22551.exe
2432	Unicorn-22551.exe
2504	Unicorn-5774.exe
2420	Unicorn-58945.exe
2504	Unicorn-5774.exe
2420	Unicorn-58945.exe
2688	Unicorn-66.exe
2688	Unicorn-66.exe
2484	Unicorn-34249.exe
2484	Unicorn-34249.exe
2432	Unicorn-22551.exe
2432	Unicorn-22551.exe
2380	Unicorn-24130.exe
2380	Unicorn-24130.exe
816	Unicorn-25858.exe
816	Unicorn-25858.exe
2420	Unicorn-58945.exe
2420	Unicorn-58945.exe
2656	Unicorn-38664.exe
2656	Unicorn-38664.exe
2760	Unicorn-50362.exe
2760	Unicorn-50362.exe
2484	Unicorn-34249.exe
2484	Unicorn-34249.exe
584	Unicorn-47025.exe
584	Unicorn-47025.exe
1712	Unicorn-61903.exe
1712	Unicorn-61903.exe
1496	Unicorn-16232.exe
1496	Unicorn-16232.exe
2380	Unicorn-24130.exe
2380	Unicorn-24130.exe
1220	Unicorn-64747.exe
1220	Unicorn-64747.exe
816	Unicorn-25858.exe
816	Unicorn-25858.exe
2348	Unicorn-10865.exe
2348	Unicorn-10865.exe
1392	Unicorn-52090.exe
1392	Unicorn-52090.exe
1244	Unicorn-55235.exe
1244	Unicorn-55235.exe
2848	Unicorn-47067.exe
2848	Unicorn-47067.exe
2884	Unicorn-30923.exe
2884	Unicorn-30923.exe
2760	Unicorn-50362.exe
584	Unicorn-47025.exe
2760	Unicorn-50362.exe
584	Unicorn-47025.exe
2656	Unicorn-38664.exe
2656	Unicorn-38664.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4572	568	WerFault.exe	186

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2104	cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe
2584	Unicorn-43530.exe
2688	Unicorn-66.exe
2504	Unicorn-5774.exe
2420	Unicorn-58945.exe
2432	Unicorn-22551.exe
2484	Unicorn-34249.exe
2380	Unicorn-24130.exe
816	Unicorn-25858.exe
2656	Unicorn-38664.exe
584	Unicorn-47025.exe
2760	Unicorn-50362.exe
1712	Unicorn-61903.exe
1496	Unicorn-16232.exe
1220	Unicorn-64747.exe
2348	Unicorn-10865.exe
1392	Unicorn-52090.exe
2884	Unicorn-30923.exe
2848	Unicorn-47067.exe
1244	Unicorn-55235.exe
436	Unicorn-30617.exe
1084	Unicorn-53777.exe
1032	Unicorn-57539.exe
2480	Unicorn-57923.exe
1384	Unicorn-52900.exe
1748	Unicorn-12443.exe
2992	Unicorn-47036.exe
3036	Unicorn-39060.exe
2060	Unicorn-22724.exe
796	Unicorn-51867.exe
1788	Unicorn-43698.exe
1684	Unicorn-60227.exe
696	Unicorn-63564.exe
1652	Unicorn-19730.exe
2556	Unicorn-39552.exe
2424	Unicorn-10409.exe
2596	Unicorn-51442.exe
2512	Unicorn-56081.exe
2908	Unicorn-56465.exe
1276	Unicorn-4353.exe
2204	Unicorn-43658.exe
2904	Unicorn-35298.exe
2744	Unicorn-37410.exe
2652	Unicorn-49340.exe
588	Unicorn-33688.exe
948	Unicorn-56356.exe
332	Unicorn-10684.exe
2312	Unicorn-51909.exe
1596	Unicorn-60269.exe
2692	Unicorn-15707.exe
2344	Unicorn-11260.exe
844	Unicorn-44125.exe
1696	Unicorn-56932.exe
2872	Unicorn-61203.exe
3060	Unicorn-29600.exe
2960	Unicorn-41529.exe
1564	Unicorn-36891.exe
3024	Unicorn-51027.exe
2464	Unicorn-47882.exe
2040	Unicorn-26715.exe
2956	Unicorn-10570.exe
1744	Unicorn-6849.exe
1616	Unicorn-13865.exe
2964	Unicorn-56242.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2584	2104	cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe	28
PID 2104 wrote to memory of 2584	2104	cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe	28
PID 2104 wrote to memory of 2584	2104	cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe	28
PID 2104 wrote to memory of 2584	2104	cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe	28
PID 2104 wrote to memory of 2504	2104	cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe	29
PID 2104 wrote to memory of 2504	2104	cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe	29
PID 2104 wrote to memory of 2504	2104	cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe	29
PID 2104 wrote to memory of 2504	2104	cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe	29
PID 2584 wrote to memory of 2688	2584	Unicorn-43530.exe	30
PID 2584 wrote to memory of 2688	2584	Unicorn-43530.exe	30
PID 2584 wrote to memory of 2688	2584	Unicorn-43530.exe	30
PID 2584 wrote to memory of 2688	2584	Unicorn-43530.exe	30
PID 2688 wrote to memory of 2484	2688	Unicorn-66.exe	32
PID 2688 wrote to memory of 2484	2688	Unicorn-66.exe	32
PID 2688 wrote to memory of 2484	2688	Unicorn-66.exe	32
PID 2688 wrote to memory of 2484	2688	Unicorn-66.exe	32
PID 2504 wrote to memory of 2420	2504	Unicorn-5774.exe	33
PID 2504 wrote to memory of 2420	2504	Unicorn-5774.exe	33
PID 2504 wrote to memory of 2420	2504	Unicorn-5774.exe	33
PID 2504 wrote to memory of 2420	2504	Unicorn-5774.exe	33
PID 2584 wrote to memory of 2432	2584	Unicorn-43530.exe	31
PID 2584 wrote to memory of 2432	2584	Unicorn-43530.exe	31
PID 2584 wrote to memory of 2432	2584	Unicorn-43530.exe	31
PID 2584 wrote to memory of 2432	2584	Unicorn-43530.exe	31
PID 2432 wrote to memory of 2380	2432	Unicorn-22551.exe	34
PID 2432 wrote to memory of 2380	2432	Unicorn-22551.exe	34
PID 2432 wrote to memory of 2380	2432	Unicorn-22551.exe	34
PID 2432 wrote to memory of 2380	2432	Unicorn-22551.exe	34
PID 2504 wrote to memory of 584	2504	Unicorn-5774.exe	35
PID 2504 wrote to memory of 584	2504	Unicorn-5774.exe	35
PID 2504 wrote to memory of 584	2504	Unicorn-5774.exe	35
PID 2504 wrote to memory of 584	2504	Unicorn-5774.exe	35
PID 2420 wrote to memory of 816	2420	Unicorn-58945.exe	36
PID 2420 wrote to memory of 816	2420	Unicorn-58945.exe	36
PID 2420 wrote to memory of 816	2420	Unicorn-58945.exe	36
PID 2420 wrote to memory of 816	2420	Unicorn-58945.exe	36
PID 2688 wrote to memory of 2656	2688	Unicorn-66.exe	37
PID 2688 wrote to memory of 2656	2688	Unicorn-66.exe	37
PID 2688 wrote to memory of 2656	2688	Unicorn-66.exe	37
PID 2688 wrote to memory of 2656	2688	Unicorn-66.exe	37
PID 2484 wrote to memory of 2760	2484	Unicorn-34249.exe	38
PID 2484 wrote to memory of 2760	2484	Unicorn-34249.exe	38
PID 2484 wrote to memory of 2760	2484	Unicorn-34249.exe	38
PID 2484 wrote to memory of 2760	2484	Unicorn-34249.exe	38
PID 2432 wrote to memory of 1712	2432	Unicorn-22551.exe	39
PID 2432 wrote to memory of 1712	2432	Unicorn-22551.exe	39
PID 2432 wrote to memory of 1712	2432	Unicorn-22551.exe	39
PID 2432 wrote to memory of 1712	2432	Unicorn-22551.exe	39
PID 2380 wrote to memory of 1496	2380	Unicorn-24130.exe	40
PID 2380 wrote to memory of 1496	2380	Unicorn-24130.exe	40
PID 2380 wrote to memory of 1496	2380	Unicorn-24130.exe	40
PID 2380 wrote to memory of 1496	2380	Unicorn-24130.exe	40
PID 816 wrote to memory of 1220	816	Unicorn-25858.exe	41
PID 816 wrote to memory of 1220	816	Unicorn-25858.exe	41
PID 816 wrote to memory of 1220	816	Unicorn-25858.exe	41
PID 816 wrote to memory of 1220	816	Unicorn-25858.exe	41
PID 2420 wrote to memory of 2348	2420	Unicorn-58945.exe	42
PID 2420 wrote to memory of 2348	2420	Unicorn-58945.exe	42
PID 2420 wrote to memory of 2348	2420	Unicorn-58945.exe	42
PID 2420 wrote to memory of 2348	2420	Unicorn-58945.exe	42
PID 2656 wrote to memory of 1244	2656	Unicorn-38664.exe	43
PID 2656 wrote to memory of 1244	2656	Unicorn-38664.exe	43
PID 2656 wrote to memory of 1244	2656	Unicorn-38664.exe	43
PID 2656 wrote to memory of 1244	2656	Unicorn-38664.exe	43

C:\Users\Admin\AppData\Local\Temp\cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\cd5194829c73c8ce147baa0d0ab16910_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43530.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43530.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-66.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-66.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50362.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30923.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11260.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50778.exe
        10⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        9⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
        8⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8702.exe
        9⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
        10⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56932.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26383.exe
        9⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
        10⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        11⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        9⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13341.exe
        8⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37550.exe
        9⤵
        
        PID:3088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51867.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        8⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61665.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32172.exe
        9⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
        10⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47197.exe
        7⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        8⤵
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37410.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
        8⤵
        Executes dropped EXE
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-918.exe
        9⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4255.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30585.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25231.exe
        8⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        8⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        7⤵
        
        PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34390.exe
        8⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        9⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe
        8⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        7⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34110.exe
        9⤵
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56356.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52070.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14244.exe
        8⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        7⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
        6⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
        7⤵
        
        PID:1388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22551.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10570.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        10⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        9⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56875.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39060.exe
        9⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56081.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
        7⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        8⤵
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57539.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61665.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25655.exe
        7⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        8⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44644.exe
        7⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        8⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        7⤵
        
        PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30617.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19730.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29600.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37161.exe
        8⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        9⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        8⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40685.exe
        8⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20825.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        7⤵
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61203.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        7⤵
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
        6⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        7⤵
        
        PID:2532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50259.exe
        8⤵
        Executes dropped EXE
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
        9⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        10⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
        9⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13865.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9086.exe
        8⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        7⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        8⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57923.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43658.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64120.exe
        9⤵
        
        PID:568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
        10⤵
        Program crash
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44255.exe
        8⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        6⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8017.exe
        7⤵
        
        PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26715.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54758.exe
        7⤵
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6849.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32709.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        7⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        6⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        7⤵
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        6⤵
        
        PID:784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22724.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
        7⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48582.exe
        8⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
        6⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
        7⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        8⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4675.exe
        7⤵
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
        6⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        7⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        6⤵
        
        PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43698.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60269.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2869.exe
        6⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        7⤵
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        6⤵
        
        PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14524.exe
        5⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        6⤵
        
        PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe

Filesize
188KB

MD5
d78acfa0cb329bffbb78daea69e0edaf

SHA1
857bfed4d65ee405acbb1307c351662c2cc4a212

SHA256
a2338e28ceba31464944f01469ad11ce6457cf4542ed70f584226196e5e91421

SHA512
a80282a546871ca8a19220ccfa1ab6bca65a22a68c5026db3e9d9ba42bb35c73e38b16297a4723a4ccbf59970a1c49b08c92fb1e77c9bb020285842a42a0741f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe

Filesize
188KB

MD5
6d442cc2aa3bfe376441a7121802c782

SHA1
3d4ebc0b786ce0d287fc29fa0b9feb320ac9ac05

SHA256
b9ac9ef2b5f590bf518b933e2a5e89f3eb64eabd147f3fb41d612b7d7a033e11

SHA512
34f8812fb5141cfc807e594f4e42fd08ff4c52b13d8825d521b113ef922217349287b10e4c54f0f4580632f3a6a89cc9187f007dcc807ac573b21db031e3903f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55235.exe

Filesize
188KB

MD5
89fb3b8749e3f877ebf4124ac81dc5db

SHA1
3fa79f7a18e68f1d941d562ed7d27852dd83fb99

SHA256
e248c29241ab128bab8b8dfcf637d50b8b4e0ffdbe75cf73fb2e0cd8cc29f976

SHA512
b42746d9fda23e31979791e36cd2e5cd57de51925e3e86edec0a531cbb09c194c783b4037ead5ec35c0d01a7d9155074db0a6d2469f8e37c819b19fd00a13351

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58945.exe

Filesize
188KB

MD5
1ed8e893d2d7936b0932c7e9b2d29eff

SHA1
065787b9540c43f74bcbfea7f57aba4257d0c8bf

SHA256
5ec9b755e496b914a0b9d9f25e6d5d7afb3f19eb3a92c08637037a8d2e0554f0

SHA512
d7de83ae5fe4ba54604cb83a56750ded6ffb566cddf87552ed63c451204bc23bfaf903f4250292239e0d0ca7d3966d3d2eab9566fd1c819e8fa06d1aefd6c7cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10865.exe

Filesize
188KB

MD5
59aeb9db7fd44eb9b2014b09e497d51b

SHA1
55109dc4a50f6e2559dedca2e7e831b8cc58fbb5

SHA256
5674dab6d608c910c863c45f89c12b2337d7a2aadeb1c3c7f5bbbf64fa9f3afc

SHA512
649d6c1daa9a01bef1cd6644099201ef34a146b5a2181d9ca7ed96882cb5b1711389be1be3b88b97d09cff9028b80a29483bee448b776f397d601b1f48d6f279

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22551.exe

Filesize
188KB

MD5
079792466233deb1f22c1b239bb9db3e

SHA1
6bb64a6165d859a63ae09f306cba4366f3b2ea06

SHA256
6b063208faa77933f354751c4eb843bc69520c0badf87376f7e260b8b5ce1ef4

SHA512
de530077148fe246250588c8dcbf76fe9cf492fd41d0afa1e0802bcb10a47c3d5cdc074c53ae95e53d18bc7a0eacaaf6f3d070daaf4d6f04a4c1fccb9d47f064

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24130.exe

Filesize
188KB

MD5
dbe13d5f295a85f118365a7f9b00a386

SHA1
2f4ee0f59bc411dbae81a0eed5ba817d1adfa332

SHA256
d4ea7af990be2e2897773fc03f3673a0263aec8dcd7658ebbda4216ff1304cd0

SHA512
79684ad0b0fa3adb11ddb61fff7ed1afb3840013643e73173a07b16fc8e52ae977957ad1e1872903a742169e9160a42964728abbf35c0e916413000f49cf6a3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25858.exe

Filesize
188KB

MD5
adfeb8ffd1f4241279f29ebf5415f556

SHA1
064f2bf4f84c1c011d2ea7d7df8a0fabd1c7950f

SHA256
a36af08148c5c46276c93a09ae0e670a3c58ad3e87357b5551de4205ae7ca7c0

SHA512
cabea34321aa8705dbaf34b4d910170c30cd88d46c32e8090eda516bcc7a8292a238fdf48de910292b493be5f9ac5a31bb5c7f50c3d9c64fad6bb37e3ed5e4ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30923.exe

Filesize
188KB

MD5
8f75b8e165c7795f2976f3c2b4e1a1a6

SHA1
7264a65f4a89adc33fc9a7ad68820c37ad442323

SHA256
e7ce0a2523cc7be5e92847c6e19e6ac878541ab3096e9f48a0814e5717b79b4d

SHA512
b4c965c37b06ab7f20f506aaaadfe30ee2ee6055e1a0bd3ccb7ad0178061439d2c693a9852453e19eea9e2e6df3cd0c1425a2676d199c2a6917de6a2ae265fec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe

Filesize
188KB

MD5
0a5f15d8c18d42d7395be1b7694836b1

SHA1
34d0aed5467ba4ee4cdbf973f3644e98aeb1e2f9

SHA256
102b9a19c4a1320432992f88d42bb545e79fc40a01c04b6b4eb9b47d1e53faa1

SHA512
b86d359fdb134a4394475736eaee66e64a0ac02f4f1a4cbbb279963cb5c87ae1c6bb736072fe5021c013d916342550cbc8e901fe03f6ffe46bbbdb5bc745c934

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe

Filesize
188KB

MD5
e35d18a87fcb1c9f615bf97d2a81e9a8

SHA1
97af3a6b82f49e04d7cc003e70d1b8790cdaa7e2

SHA256
93ab7567ba4d84de44683a420f5e8f09c8873ccdb2f1ab7a2417b9fae25a1502

SHA512
2c2a838dc100116a36150e003bc565784ca8353fb09515044d31616657befd511045eff535a968562567ccf40d3e4dc97de844e9409d876f544f76ee8d44f37f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43530.exe

Filesize
188KB

MD5
b7374920a685a58b8c6a091e7235ae25

SHA1
af5affd2b84a0ec14958ac86fadecd97a353b44d

SHA256
73b9a2f5c42f53ec5b36f7812e0beb21c035eef32d580893181f78f52eb8b0c6

SHA512
850c77e2ca9d24f85cdc54f0daaa42d1bf290fa96b984e0738e00a2bdfb726256c2d08d162758aa60ab44016ef66d0c6472974b3b74e33be5cad62933546c7b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47025.exe

Filesize
188KB

MD5
c164221ebf8cb3e62712eac1e20f72cb

SHA1
17d4ebdd4d019b1bf1e2b13864433a0f9b70f818

SHA256
aac19c4c5a3e68853038cdc48ba87b641ec7806f7d8c28ffd7d78c1d1cc004b8

SHA512
5e8b4f9774a6ee4af28774fb3bd9a3ea56f48feaf152b30d59c99b3306c85a0adcb397f8e7cd39b5b37b546846cedfb40fdfed65fcf5ca8d616cdd29d4822b59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe

Filesize
188KB

MD5
bab5eb396d3318f632e820b122e587c3

SHA1
bbf24a20492a61bdb01af9c6aa2c3711972ea909

SHA256
edeadc34cd40303dc02df73a010741638faca183f7d16c2cdd7da12ca158fc18

SHA512
519b5c551ecba10422974326bb5aae6625a70d9d88324688477c72982144a8bfa182d9a6346ef2dd92c4e52f182bfe1986f66bd32963e213239d314ce74b13a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50362.exe

Filesize
188KB

MD5
3dcce33b2ca187e57f3bdc3c4fa18329

SHA1
f77a412326603c8b71703e51b6d80ce499d68f50

SHA256
248c6694cbfb26c9292c45e1883847edaa16b7526e66ec6b89a55a373bc5d192

SHA512
168dbe1e2881f9588478df6ee7916270c956013722ad4706ba1620fdad036625db925705e6758430e4aca06a8f5df7100ced8a8b172b66e6f4c071bcc42925fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe

Filesize
188KB

MD5
9d2a7240c3a76f54bebe3cea95b073b0

SHA1
6754401e453ab997b190f8dbe8e89a4f52f19e8f

SHA256
8f06b3670232e30db277353c8971ec6481195d811b3a614c415ceaca31c181aa

SHA512
e7da04c201bb6dd4d1872e652c5853b3b575cbf05959ca4cce6a1750ad9443ed485b779a70b147bebcd5ada4454439d826915cb28d903c71e44ff17962e66402

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5774.exe

Filesize
188KB

MD5
a58336def69010ca0be9238a348d1aee

SHA1
a12a0fd4fd966095d22bb3f4e464a74b58d30e2a

SHA256
491abacf2c66401efdabb193b88bd98b765c618a6f153518b9463909b67aee4f

SHA512
77f0cfe9f00ad6aafb0324d769f4b198a8f0525679dab4c2183f5403ea330a6a55cafce0e2d24f20c97d2f209ea0c55e26ed098fb2d28fd907c27c2d4de8d494

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61903.exe

Filesize
188KB

MD5
f447c06b6b3a7536456966986699a1bd

SHA1
c52d5f01a3ed60636aa7ba8164aa1c7dfd5b19e4

SHA256
a3b7064acddb63413738edf730428708980580dce1e7c4d245c9ab41569bfb59

SHA512
9da3bd1711a656043d21d5267060cd162a697c01339d84fc90d80ddbb496a5b6e5c9a795c1868529e0f469f0329f0362114f5bc5fd132cdff243791150e41f56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64747.exe

Filesize
188KB

MD5
90b63590bb0d1cf280b5dad7a5cb9aec

SHA1
d926315c301ec84e6df6af56aa81fa6eb3f31609

SHA256
5e9746e58353646de6ca39a32756ad56c04c95c891817ea8eaee4e813e7a2ad0

SHA512
b46e18206a6849bad182bc3a635c1bf5bdbb93fe2385cfb76904ee6524334475a09c4f04e18eb1fb3310c48c30766dad6d17da26dd584087200a359948b7e4a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-66.exe

Filesize
188KB

MD5
f5110a77ef0ee101f072fd1cf823e95e

SHA1
10d33a340eec40f71e5fee8590e7bd55081574ae

SHA256
d3cd190c0af0d350c312b5a070705a04f7f7503d4cc288bff4b2ab5b3971f7b7

SHA512
0b26c293f7d87b5750d2292679e8eef9cc2ad46cc8be0bc4fa4c6c0fe9cb04db64f97b40ba491de42a979434610b715dd96aa446e45b22de1476402978ecdb27

Download Submit
memory/2212-899-0x00000000028A0000-0x00000000029FC000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads