e5cb8e39e5e748c107826baf1ec8a29a54f7828d6db67f36adcf28cd6b3c7ef8

Analysis

max time kernel
76s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe
Size

192KB
MD5

d599e3d7bf4af59626a60deec9e057f7
SHA1

eb60dbfe3e58eefc667270cf610698893eebd756
SHA256

e5cb8e39e5e748c107826baf1ec8a29a54f7828d6db67f36adcf28cd6b3c7ef8
SHA512

a0276d169ac392b39dec324b942297ef9c1c06fc26fc35040dd722c6dffbf5f71c39d52df0641a9b26b13e1d56de03247899f1af7925d83321cebccc665821b6
SSDEEP

3072:lSnTomK85uwQ2NjIkPFSu7+LfkQJYduzkoxbcoNFFlvbpFa:lSTowLQ2ekdSu75MjRFlvbpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1652	Unicorn-60798.exe
660	Unicorn-15848.exe
2464	Unicorn-3766.exe
2476	Unicorn-22729.exe
2388	Unicorn-27751.exe
2364	Unicorn-10668.exe
1996	Unicorn-55998.exe
1248	Unicorn-56553.exe
1700	Unicorn-14965.exe
1568	Unicorn-39470.exe
240	Unicorn-32240.exe
784	Unicorn-48188.exe
2168	Unicorn-35360.exe
2196	Unicorn-15494.exe
2104	Unicorn-27746.exe
976	Unicorn-39636.exe
2008	Unicorn-19216.exe
1408	Unicorn-20176.exe
2992	Unicorn-8478.exe
1128	Unicorn-46865.exe
1336	Unicorn-10855.exe
2696	Unicorn-35957.exe
1856	Unicorn-44680.exe
1440	Unicorn-11260.exe
1792	Unicorn-47633.exe
1764	Unicorn-41280.exe
1316	Unicorn-55993.exe
1292	Unicorn-2708.exe
1596	Unicorn-16584.exe
880	Unicorn-54493.exe
2944	Unicorn-8821.exe
1692	Unicorn-33326.exe
2952	Unicorn-50430.exe
2588	Unicorn-59153.exe
2612	Unicorn-33902.exe
2148	Unicorn-56159.exe
2808	Unicorn-7513.exe
2820	Unicorn-60435.exe
1148	Unicorn-39823.exe
1624	Unicorn-37637.exe
592	Unicorn-32807.exe
576	Unicorn-53227.exe
2460	Unicorn-28701.exe
2500	Unicorn-49506.exe
2136	Unicorn-36507.exe
1936	Unicorn-37467.exe
2164	Unicorn-53803.exe
1848	Unicorn-62910.exe
2000	Unicorn-37659.exe
2216	Unicorn-58250.exe
2788	Unicorn-48183.exe
2928	Unicorn-39460.exe
3056	Unicorn-10295.exe
2128	Unicorn-6403.exe
2388	Unicorn-39438.exe
1072	Unicorn-31462.exe
1776	Unicorn-19616.exe
2964	Unicorn-48204.exe
1380	Unicorn-28530.exe
940	Unicorn-25537.exe
2076	Unicorn-710.exe
516	Unicorn-710.exe
1548	Unicorn-1608.exe
1556	Unicorn-18307.exe

Loads dropped DLL 64 IoCs

pid	Process
1324	d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe
1324	d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe
1652	Unicorn-60798.exe
1324	d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe
1652	Unicorn-60798.exe
1324	d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe
660	Unicorn-15848.exe
660	Unicorn-15848.exe
1652	Unicorn-60798.exe
1652	Unicorn-60798.exe
2464	Unicorn-3766.exe
2464	Unicorn-3766.exe
2476	Unicorn-22729.exe
2476	Unicorn-22729.exe
660	Unicorn-15848.exe
660	Unicorn-15848.exe
2388	Unicorn-27751.exe
2388	Unicorn-27751.exe
2364	Unicorn-10668.exe
2364	Unicorn-10668.exe
2464	Unicorn-3766.exe
2464	Unicorn-3766.exe
1996	Unicorn-55998.exe
1996	Unicorn-55998.exe
2476	Unicorn-22729.exe
1700	Unicorn-14965.exe
2476	Unicorn-22729.exe
1700	Unicorn-14965.exe
2388	Unicorn-27751.exe
2388	Unicorn-27751.exe
240	Unicorn-32240.exe
240	Unicorn-32240.exe
1248	Unicorn-56553.exe
1248	Unicorn-56553.exe
1568	Unicorn-39470.exe
1568	Unicorn-39470.exe
2364	Unicorn-10668.exe
2364	Unicorn-10668.exe
784	Unicorn-48188.exe
784	Unicorn-48188.exe
1996	Unicorn-55998.exe
1996	Unicorn-55998.exe
2168	Unicorn-35360.exe
2168	Unicorn-35360.exe
1700	Unicorn-14965.exe
1700	Unicorn-14965.exe
2104	Unicorn-27746.exe
2104	Unicorn-27746.exe
976	Unicorn-39636.exe
976	Unicorn-39636.exe
240	Unicorn-32240.exe
240	Unicorn-32240.exe
2008	Unicorn-19216.exe
2008	Unicorn-19216.exe
1408	Unicorn-20176.exe
1408	Unicorn-20176.exe
1248	Unicorn-56553.exe
1248	Unicorn-56553.exe
1568	Unicorn-39470.exe
1568	Unicorn-39470.exe
2196	Unicorn-15494.exe
2196	Unicorn-15494.exe
2992	Unicorn-8478.exe
2992	Unicorn-8478.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1748	1764	WerFault.exe	53
2476	1072	WerFault.exe	86
2224	1780	WerFault.exe	172

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1324	d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe
1652	Unicorn-60798.exe
660	Unicorn-15848.exe
2464	Unicorn-3766.exe
2476	Unicorn-22729.exe
2388	Unicorn-27751.exe
2364	Unicorn-10668.exe
1996	Unicorn-55998.exe
1700	Unicorn-14965.exe
1248	Unicorn-56553.exe
1568	Unicorn-39470.exe
240	Unicorn-32240.exe
784	Unicorn-48188.exe
2168	Unicorn-35360.exe
976	Unicorn-39636.exe
2196	Unicorn-15494.exe
2104	Unicorn-27746.exe
1408	Unicorn-20176.exe
2008	Unicorn-19216.exe
2992	Unicorn-8478.exe
1128	Unicorn-46865.exe
1336	Unicorn-10855.exe
2696	Unicorn-35957.exe
1856	Unicorn-44680.exe
1440	Unicorn-11260.exe
1792	Unicorn-47633.exe
1764	Unicorn-41280.exe
1316	Unicorn-55993.exe
1292	Unicorn-2708.exe
2944	Unicorn-8821.exe
880	Unicorn-54493.exe
1596	Unicorn-16584.exe
1692	Unicorn-33326.exe
2952	Unicorn-50430.exe
2588	Unicorn-59153.exe
2612	Unicorn-33902.exe
2148	Unicorn-56159.exe
2808	Unicorn-7513.exe
2820	Unicorn-60435.exe
1148	Unicorn-39823.exe
1624	Unicorn-37637.exe
576	Unicorn-53227.exe
2136	Unicorn-36507.exe
2500	Unicorn-49506.exe
592	Unicorn-32807.exe
2460	Unicorn-28701.exe
1936	Unicorn-37467.exe
1848	Unicorn-62910.exe
2000	Unicorn-37659.exe
2164	Unicorn-53803.exe
2216	Unicorn-58250.exe
2964	Unicorn-48204.exe
2788	Unicorn-48183.exe
2128	Unicorn-6403.exe
2928	Unicorn-39460.exe
2388	Unicorn-39438.exe
1776	Unicorn-19616.exe
940	Unicorn-25537.exe
1072	Unicorn-31462.exe
3056	Unicorn-10295.exe
1380	Unicorn-28530.exe
2076	Unicorn-710.exe
516	Unicorn-710.exe
1548	Unicorn-1608.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1652	1324	d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe	28
PID 1324 wrote to memory of 1652	1324	d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe	28
PID 1324 wrote to memory of 1652	1324	d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe	28
PID 1324 wrote to memory of 1652	1324	d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe	28
PID 1652 wrote to memory of 660	1652	Unicorn-60798.exe	29
PID 1652 wrote to memory of 660	1652	Unicorn-60798.exe	29
PID 1652 wrote to memory of 660	1652	Unicorn-60798.exe	29
PID 1652 wrote to memory of 660	1652	Unicorn-60798.exe	29
PID 1324 wrote to memory of 2464	1324	d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe	30
PID 1324 wrote to memory of 2464	1324	d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe	30
PID 1324 wrote to memory of 2464	1324	d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe	30
PID 1324 wrote to memory of 2464	1324	d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe	30
PID 660 wrote to memory of 2476	660	Unicorn-15848.exe	31
PID 660 wrote to memory of 2476	660	Unicorn-15848.exe	31
PID 660 wrote to memory of 2476	660	Unicorn-15848.exe	31
PID 660 wrote to memory of 2476	660	Unicorn-15848.exe	31
PID 1652 wrote to memory of 2388	1652	Unicorn-60798.exe	32
PID 1652 wrote to memory of 2388	1652	Unicorn-60798.exe	32
PID 1652 wrote to memory of 2388	1652	Unicorn-60798.exe	32
PID 1652 wrote to memory of 2388	1652	Unicorn-60798.exe	32
PID 2464 wrote to memory of 2364	2464	Unicorn-3766.exe	33
PID 2464 wrote to memory of 2364	2464	Unicorn-3766.exe	33
PID 2464 wrote to memory of 2364	2464	Unicorn-3766.exe	33
PID 2464 wrote to memory of 2364	2464	Unicorn-3766.exe	33
PID 2476 wrote to memory of 1996	2476	Unicorn-22729.exe	34
PID 2476 wrote to memory of 1996	2476	Unicorn-22729.exe	34
PID 2476 wrote to memory of 1996	2476	Unicorn-22729.exe	34
PID 2476 wrote to memory of 1996	2476	Unicorn-22729.exe	34
PID 660 wrote to memory of 1248	660	Unicorn-15848.exe	35
PID 660 wrote to memory of 1248	660	Unicorn-15848.exe	35
PID 660 wrote to memory of 1248	660	Unicorn-15848.exe	35
PID 660 wrote to memory of 1248	660	Unicorn-15848.exe	35
PID 2388 wrote to memory of 1700	2388	Unicorn-27751.exe	36
PID 2388 wrote to memory of 1700	2388	Unicorn-27751.exe	36
PID 2388 wrote to memory of 1700	2388	Unicorn-27751.exe	36
PID 2388 wrote to memory of 1700	2388	Unicorn-27751.exe	36
PID 2364 wrote to memory of 1568	2364	Unicorn-10668.exe	37
PID 2364 wrote to memory of 1568	2364	Unicorn-10668.exe	37
PID 2364 wrote to memory of 1568	2364	Unicorn-10668.exe	37
PID 2364 wrote to memory of 1568	2364	Unicorn-10668.exe	37
PID 2464 wrote to memory of 240	2464	Unicorn-3766.exe	38
PID 2464 wrote to memory of 240	2464	Unicorn-3766.exe	38
PID 2464 wrote to memory of 240	2464	Unicorn-3766.exe	38
PID 2464 wrote to memory of 240	2464	Unicorn-3766.exe	38
PID 1996 wrote to memory of 784	1996	Unicorn-55998.exe	39
PID 1996 wrote to memory of 784	1996	Unicorn-55998.exe	39
PID 1996 wrote to memory of 784	1996	Unicorn-55998.exe	39
PID 1996 wrote to memory of 784	1996	Unicorn-55998.exe	39
PID 2476 wrote to memory of 2196	2476	Unicorn-22729.exe	40
PID 2476 wrote to memory of 2196	2476	Unicorn-22729.exe	40
PID 2476 wrote to memory of 2196	2476	Unicorn-22729.exe	40
PID 2476 wrote to memory of 2196	2476	Unicorn-22729.exe	40
PID 1700 wrote to memory of 2168	1700	Unicorn-14965.exe	41
PID 1700 wrote to memory of 2168	1700	Unicorn-14965.exe	41
PID 1700 wrote to memory of 2168	1700	Unicorn-14965.exe	41
PID 1700 wrote to memory of 2168	1700	Unicorn-14965.exe	41
PID 2388 wrote to memory of 2104	2388	Unicorn-27751.exe	42
PID 2388 wrote to memory of 2104	2388	Unicorn-27751.exe	42
PID 2388 wrote to memory of 2104	2388	Unicorn-27751.exe	42
PID 2388 wrote to memory of 2104	2388	Unicorn-27751.exe	42
PID 240 wrote to memory of 976	240	Unicorn-32240.exe	43
PID 240 wrote to memory of 976	240	Unicorn-32240.exe	43
PID 240 wrote to memory of 976	240	Unicorn-32240.exe	43
PID 240 wrote to memory of 976	240	Unicorn-32240.exe	43

C:\Users\Admin\AppData\Local\Temp\d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d599e3d7bf4af59626a60deec9e057f7_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15848.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46865.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50430.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
        10⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33926.exe
        11⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        9⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
        10⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        11⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59153.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        10⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
        11⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
        9⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62130.exe
        11⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
        11⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56235.exe
        9⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50454.exe
        10⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
        11⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59177.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        10⤵
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10855.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6403.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        9⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
        10⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe
        11⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41401.exe
        12⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        13⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
        9⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33617.exe
        10⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        11⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        12⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 240
        8⤵
        Program crash
        
        PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15494.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29294.exe
        8⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24523.exe
        9⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29510.exe
        10⤵
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        7⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12236.exe
        8⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        9⤵
        
        PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19216.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55993.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53227.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1608.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33752.exe
        9⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
        10⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27866.exe
        11⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18307.exe
        7⤵
        Executes dropped EXE
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22958.exe
        9⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48827.exe
        10⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
        11⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        12⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        10⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
        11⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        12⤵
        
        PID:3716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52454.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38220.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        9⤵
        
        PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53803.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42823.exe
        7⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        8⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        9⤵
        
        PID:3904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48204.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        9⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        10⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        9⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29611.exe
        10⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50537.exe
        11⤵
        
        PID:1780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 208
        12⤵
        Program crash
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20763.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59735.exe
        10⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17782.exe
        11⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28530.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        9⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16603.exe
        10⤵
        
        PID:3820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7513.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        9⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36474.exe
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        11⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3141.exe
        12⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62877.exe
        9⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        10⤵
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44680.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59089.exe
        8⤵
        
        PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11260.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32807.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47493.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        10⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
        9⤵
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28701.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
        7⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5420.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32306.exe
        9⤵
        
        PID:3732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3766.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3766.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2708.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        9⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50664.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
        11⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15562.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57322.exe
        9⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30034.exe
        10⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        11⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
        10⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-321.exe
        7⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19279.exe
        8⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26142.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        10⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48783.exe
        9⤵
        
        PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54493.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27063.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        8⤵
        
        PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33326.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        7⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe
        8⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        9⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50112.exe
        10⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48183.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25182.exe
        6⤵
        
        PID:1460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47275.exe
        8⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
        9⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33075.exe
        10⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
        11⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60466.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61385.exe
        8⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
        9⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
        10⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        11⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2231.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        8⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37637.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        6⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30379.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20932.exe
        8⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35675.exe
        9⤵
        
        PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41280.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41280.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 224
        5⤵
        Program crash
        
        PID:1748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe

Filesize
192KB

MD5
972ccf7d16a4dae4e92058923dff8a47

SHA1
c72a56ac5239071aea7f0db417aeb720fff5f0b9

SHA256
3d2dda69db7e63363265428ece2752f07655778b31598eeb2cdd5daf09d44797

SHA512
28ad1c85a64c937317c2fdc5dd3213e720071eac7a3a9a3449085ff7127f67f42473a1fbf89847fb99032a2334988b4a0f7254196bb065ac146a50686e6b5410

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe

Filesize
192KB

MD5
5a3341ae16315ed46e46a89a2c2d4de4

SHA1
19ec5b4b554527f3c26e5e0304768ee573693004

SHA256
98bff05eb21562a7b901b9f9acbb540e842f07e40ce1a23eaaa792e6af0a6880

SHA512
267cd5510af1a10fcfaa9ef2f03165c8a722c89e381528bc779447dcdf66f9a8717dfae3644231c2b6e81bf3b8d75d8b2b092f6f1427bde4b3bbfead124d1b40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1982.exe

Filesize
192KB

MD5
b6b80fd73b8f245000bf789448bb339c

SHA1
5ef5e0635c0cf58832919acf34cdedbdc7ca83f2

SHA256
b64e57a17508daac83e1a70b184d97920fc040628fb33a9c36b9210436a3547e

SHA512
a7543d2aeb7184d226b07e1200f3808ecb8e9fb186b1d7f0d1b0a95059a0e25917978357706e9cd5d013a42fa5d17c91d8934ac32d27c222e8b3761b105c2813

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe

Filesize
192KB

MD5
dc0c76eaf3106f32e370131a52643091

SHA1
0dc725bd32fda6ef1bb1fa95b94279bda03e3183

SHA256
22e20df405a9bb4011cde417b0d8cefd7121b2e955b33844dfe9c2400d3fee3f

SHA512
2e6ed19038974e5352f09f864be27ab66b6a21b8d3fb06f7c385e4396f7f8db026fa415f8b04ac68068eb5924b809d2d34751a81c6aa72e791aaf5c50c221816

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39636.exe

Filesize
192KB

MD5
e476c7f7026abdf9be79391ddadde69a

SHA1
55b17893f66180a81e05522dbadd01db22ab0ef3

SHA256
815ea1de59858c14ce365c47b969e4c7c7a9342eb0b1ca3e64580786393f286b

SHA512
6be2b530bcc0ded527dffbd30f035439029c015b8a1632a2dc995c7cfcecf0ee5ec84f0d6134606af71b6ed6c991d16f16de971e7872c5061e6ae84c7c2b2b36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55075.exe

Filesize
192KB

MD5
fd0c2f528db1c3a428e1644c4f044590

SHA1
4d87b646abaf30d6681961437a7544bdea0e065a

SHA256
484d20ad9f72fbd3842a78883dd5df9df023838d760561fa23d15a69e8b9568e

SHA512
09c900115c43abf6385c2f3bd284ab6eabe636283d1492151a0d313e951893550dbe0482f4815efa47531c17441cbd617bf8d11819bb1a3855565a6dc201adde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6403.exe

Filesize
192KB

MD5
1032472bfb0021550cde32bc3d9d9234

SHA1
72ffe2513c2411493aaf86ec386f05da77a58cc4

SHA256
443e5a6d4a09aead344a58dcae81f603e7179b5bd933961009d5a6104b102705

SHA512
d640ecd1a2f4c96e7ce230572700bbd6abc1f53c71e2b9932bc641226e79bfa0b1355b6d8b65d19bee5c2692e3cd6aa78466e59a4696be3ad3135a8d1f458bff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15494.exe

Filesize
192KB

MD5
ffa4cf8d3db85a49bb1667b98942d02b

SHA1
f319a852453563c51e751f20c75ae84df393786f

SHA256
ed1be8697e34d97b8c16ddcd6198981293a15b16fb9fa2b467eb09e88553a262

SHA512
e4d570bfe7c569ab155d5df07ab6c85a0772f7680c24643c51cf69cd8b5bab8af8686142778b17c442a3d5233669c925be9c613cec96a0adb6f16a63ceaf5395

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15848.exe

Filesize
192KB

MD5
c8b9a726ca3ff849c66b66546a9c3139

SHA1
8f807f28cc6df8b2a2b5e929c0b792f6e79780d4

SHA256
d99072d85130d0ed90c8c889d8aea2d5350630754448d512e6dd5bb7acd6c9d6

SHA512
322131abe78d408007caac2e6e40555dd7e44c08eeaff1a30b890e3f64c770bd0521cc3520f2ea663fe0301a2f679eac03e56e850f81736fc07c995e1306bd01

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19216.exe

Filesize
192KB

MD5
f3c231cbf199bbf2e51ec27485405ced

SHA1
02320b478a58fd710235e6e8fd14cdbcae3b9aa0

SHA256
59046dd4617c7a57459eac27809807fd6657677fb2e6f214a43eccdbeb9cdb32

SHA512
384f76d4b5a1c566fc0c1abc8da20f16372933998cba0496d89890baf1691254730112c64084c414d45874265d9face02128205d48afa9d1bc7cc4cb5e8f42b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20176.exe

Filesize
192KB

MD5
a39cdb3489650a21a60ebb531ecc25f5

SHA1
71c4da0eba1e8fb332a38816fdce0ec5ad0b2d3f

SHA256
92099a0ea322afd8f368a0f8e23030e412e75102b2d2904b8095d1c6a016e843

SHA512
71dd80331c15dc25bb262fea23bf02b3bff0398a56ca64d74c6debaffc1bbe411b364ee7d8ad9979eb1f18b02afd6750d383748ce6f14b179261d70040d32f59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22729.exe

Filesize
192KB

MD5
6b5e236d09b2397d9a7ebb5b8a283bea

SHA1
0cf986c91ec2d8d5ee0e8f01e52cd92a4ce8e4e2

SHA256
d2f3386619c307ada979e639edd3846e2042577f0c67f04e5239de2e12c14d48

SHA512
603334d1401e40ed913ba635d2062a4e282d53ed1e6389946bf483fc5945d005626cdd06c5a7b2a68909134cd3e5b4986ddc1f69257d6b246752fc6ee61aae4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe

Filesize
192KB

MD5
e3b02c0c936ea7cf8d87828157936e89

SHA1
a061659d610ab4def68ac1abb596ae59d7916a01

SHA256
79b95a30f4c718f0568c1ac776df943a4404af1da554b3ee04dac0b9c77777d8

SHA512
30b17e66f3f90903a360ea518668419e733d966aaa604d52429883419fe562262a38d9e10efde52874bc83e3c24f5a0ae8dd60817a8242ff44a3be5135c3e706

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27751.exe

Filesize
192KB

MD5
47b63463a266de5ffb0f0727a8b782a9

SHA1
e1bd32a161d10ee3971cfe6b6babd56753813e8a

SHA256
5511928d2b47a3d836c36e37e89cd21827b796126117cc3bb9e10f85dfa833c8

SHA512
69065c9218aeb0a25d9941a6f13c11d3ea7674554d94c1e0bc5c07694dac69f42fbd6784e43dfdd5b3ae6b2dd3848f55b43a9c3c951b0b643b70a99a98c08447

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe

Filesize
192KB

MD5
ccf8cd8bf9ea7169521613a6bdc94d48

SHA1
328731098f0c6ea0f80a5eb7e9d93bc57e061eea

SHA256
26fa013409704a5d9eb1e23d2bd986f51b6ddc0be5bbdb7e47f0b1b0f7844a04

SHA512
349b0779f94c1465cac6e809e44a3e2d525182b7883e427fb2b961cbe25775e6c0b5055c8378c687bc8e3a0ecbedccfb9c435324567a6ba119c1775b8638add6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe

Filesize
192KB

MD5
47b72370fedb48d6af3339c727ecaa98

SHA1
5440ddf5357a5bc59cbb9266ea136be8ad5b6d4b

SHA256
3e284817f84c19d780355810101fab63eaecebd0836697059131697281f48342

SHA512
8ee5b98ce5e80149bf0e4829e6740194d1813555e03ebd95aa6e110c052e420f79f2ff107aa077ccab95eb87d57b5b3a0eefd9837c697fe80f66176046b91abe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3766.exe

Filesize
192KB

MD5
d57f3b5f69d2c4b0c53e788d7aa6c04c

SHA1
ceac75ea46a3975ee65eef2a6fac7103f1424a6b

SHA256
c6fd341513126a1f6ab6555807fa9adb542e698b04529c735fe82289d82d45f5

SHA512
33d186fdb9bc3473ec309aa5be99ca1852e940d74292f4b89697c74890d8310dad725a70b927e49a19eeb5942367e8970d8873579194c3a67644e3d5d316eaa5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48188.exe

Filesize
192KB

MD5
07aa6fced7e4acd1da68e9c23208f87c

SHA1
8d190445b1d79767dd91acd5a1890684177ed425

SHA256
66e832975393bba253055b8ecf10c988b2cdef160f49c2441b7a6e9e7b620f0c

SHA512
c8c6a51897a09f011dc954642672569fcde6fc321c58eb0167e7189cb76e483f60479123199ee4e421357c7707f20ff728130ea2202f8ac8c9387212ccbbe8ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe

Filesize
192KB

MD5
2f03b301dac742b4bf19e9cf66347f09

SHA1
2ade6524d16ddef7023b387671daf55710045370

SHA256
248ff74e29f5f3a9e5bdecd182bd0c7ae9596445ae6da342ca28da42998c97dc

SHA512
de068670d6dcbde67292ac8b0bf577a663ba23895c40b08e612056ff96663edce0c1c696ba27e711a4be330c6a09193decac407983323c434ab3a04373493cdf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56553.exe

Filesize
192KB

MD5
9c5bd324050b4d5530838d11b863b35d

SHA1
a8cd72e8779c00f5b30cf68337d1a63641fe8ed4

SHA256
e0ab4414603c367e3445ea412be8fd3bd9b7bfc00104e868f7e90705ad85696c

SHA512
907fd4c27f4fbef9985ca87d3d7f888bf3534be236e8cb12f386a59cae08ee65a71763ba7ccbe9f8dfb885263054ea0de2f8d2a0df101a236dca5bb6ff2108ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60798.exe

Filesize
192KB

MD5
c27cdf096e6c1afacbcb3480e9da8c31

SHA1
0f1cff6140002cefabbb46f7c32f338e409b19bd

SHA256
4e35d4dba4a7402a19178c1ee848ae8014a1de9a33787d81e451a440caef0ccb

SHA512
7b811a3ded05397c33c326221728a83a385c8cfae9622f0d7770b4e956390c0519ac54c06f95870f4b5b44bf7bcf8b31bceb41667f96228e9bb9fc5ebf6ef32d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads