02c29404c1c7f76be7b891d1fd39ab6ab328ce398db421fbf18755acf8483782

Analysis

max time kernel
147s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-04-2024 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe
Size

192KB
MD5

d7b12b7215c2a49eb31b3a65e37f2309
SHA1

feaac810dd410cc1753095a2635b201a4d132abb
SHA256

02c29404c1c7f76be7b891d1fd39ab6ab328ce398db421fbf18755acf8483782
SHA512

373ba72b33a1cfded15902b6b660b01895448b32e5bffd936d7ee2830edaa8e8bfb3a812ec4c6c0fda9b8c96fc4c7798740c897a77d3ceec0675801988225741
SSDEEP

3072:IDyDoJLb0Z6Nkn0xo/ZwXJEb1nMMILINvnxHvkOOxlv1p1t:IDWoqENkeoRwXJRcjmxlv1p1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2116	Unicorn-62048.exe
2104	Unicorn-49962.exe
2536	Unicorn-21352.exe
2584	Unicorn-57035.exe
2928	Unicorn-44783.exe
2460	Unicorn-57590.exe
2120	Unicorn-32552.exe
2764	Unicorn-61524.exe
2736	Unicorn-45743.exe
2696	Unicorn-37574.exe
1948	Unicorn-28660.exe
2700	Unicorn-16766.exe
272	Unicorn-33656.exe
2712	Unicorn-28634.exe
1268	Unicorn-12297.exe
1260	Unicorn-8213.exe
1992	Unicorn-25104.exe
2280	Unicorn-37762.exe
2096	Unicorn-63013.exe
2112	Unicorn-24091.exe
1764	Unicorn-28345.exe
1360	Unicorn-27599.exe
1368	Unicorn-28943.exe
1320	Unicorn-53618.exe
304	Unicorn-57147.exe
3028	Unicorn-28367.exe
1724	Unicorn-8501.exe
1656	Unicorn-13291.exe
556	Unicorn-58963.exe
1512	Unicorn-45964.exe
1904	Unicorn-57339.exe
1600	Unicorn-59923.exe
300	Unicorn-10551.exe
3068	Unicorn-35610.exe
2564	Unicorn-6659.exe
2412	Unicorn-39886.exe
2680	Unicorn-47500.exe
2424	Unicorn-24641.exe
2828	Unicorn-57868.exe
2528	Unicorn-53229.exe
2668	Unicorn-1288.exe
608	Unicorn-41745.exe
1504	Unicorn-46384.exe
2340	Unicorn-46384.exe
308	Unicorn-29685.exe
296	Unicorn-54189.exe
848	Unicorn-51620.exe
2088	Unicorn-5948.exe
2536	Unicorn-18585.exe
864	Unicorn-31391.exe
1624	Unicorn-42513.exe
1492	Unicorn-43665.exe
2100	Unicorn-3509.exe
2068	Unicorn-17432.exe
808	Unicorn-33384.exe
2320	Unicorn-8709.exe
1800	Unicorn-41552.exe
1576	Unicorn-61418.exe
2428	Unicorn-34536.exe
284	Unicorn-60323.exe
2976	Unicorn-52518.exe
1940	Unicorn-6846.exe
2344	Unicorn-61838.exe
1684	Unicorn-7998.exe

Loads dropped DLL 64 IoCs

pid	Process
3052	d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe
3052	d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe
2116	Unicorn-62048.exe
3052	d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe
2116	Unicorn-62048.exe
3052	d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe
2536	Unicorn-21352.exe
2536	Unicorn-21352.exe
2104	Unicorn-49962.exe
2104	Unicorn-49962.exe
2116	Unicorn-62048.exe
2116	Unicorn-62048.exe
2584	Unicorn-57035.exe
2584	Unicorn-57035.exe
2928	Unicorn-44783.exe
2928	Unicorn-44783.exe
2536	Unicorn-21352.exe
2536	Unicorn-21352.exe
2104	Unicorn-49962.exe
2104	Unicorn-49962.exe
2460	Unicorn-57590.exe
2460	Unicorn-57590.exe
2120	Unicorn-32552.exe
2120	Unicorn-32552.exe
2584	Unicorn-57035.exe
2584	Unicorn-57035.exe
2696	Unicorn-37574.exe
2696	Unicorn-37574.exe
2736	Unicorn-45743.exe
2736	Unicorn-45743.exe
2764	Unicorn-61524.exe
2764	Unicorn-61524.exe
2928	Unicorn-44783.exe
1948	Unicorn-28660.exe
1948	Unicorn-28660.exe
2928	Unicorn-44783.exe
2460	Unicorn-57590.exe
2460	Unicorn-57590.exe
2700	Unicorn-16766.exe
2700	Unicorn-16766.exe
2120	Unicorn-32552.exe
2120	Unicorn-32552.exe
272	Unicorn-33656.exe
272	Unicorn-33656.exe
1268	Unicorn-12297.exe
1268	Unicorn-12297.exe
2764	Unicorn-61524.exe
2764	Unicorn-61524.exe
2712	Unicorn-28634.exe
2712	Unicorn-28634.exe
2696	Unicorn-37574.exe
2696	Unicorn-37574.exe
2280	Unicorn-37762.exe
2280	Unicorn-37762.exe
1992	Unicorn-25104.exe
1948	Unicorn-28660.exe
1992	Unicorn-25104.exe
1948	Unicorn-28660.exe
1260	Unicorn-8213.exe
1260	Unicorn-8213.exe
2096	Unicorn-63013.exe
2096	Unicorn-63013.exe
2736	Unicorn-45743.exe
2736	Unicorn-45743.exe

Program crash 21 IoCs

pid	pid_target	Process	procid_target
2420	2764	WerFault.exe	35
2216	1320	WerFault.exe	51
2768	1268	WerFault.exe	43
1520	1368	WerFault.exe	50
1484	808	WerFault.exe	84
1472	2424	WerFault.exe	66
1908	2528	WerFault.exe	68
608	2320	WerFault.exe	83
1632	1940	WerFault.exe	90
1208	344	WerFault.exe	123
2484	2828	WerFault.exe	67
1728	2344	WerFault.exe	92
700	1668	WerFault.exe	124
2408	3052	WerFault.exe	100
2868	1800	WerFault.exe	85
1636	2016	WerFault.exe	112
928	1988	WerFault.exe	148
2960	1932	WerFault.exe	130
2968	2012	WerFault.exe	120
2796	1516	WerFault.exe	129
3180	2060	WerFault.exe	190

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3052	d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe
2116	Unicorn-62048.exe
2104	Unicorn-49962.exe
2536	Unicorn-21352.exe
2584	Unicorn-57035.exe
2928	Unicorn-44783.exe
2460	Unicorn-57590.exe
2120	Unicorn-32552.exe
2764	Unicorn-61524.exe
2696	Unicorn-37574.exe
2736	Unicorn-45743.exe
1948	Unicorn-28660.exe
2700	Unicorn-16766.exe
272	Unicorn-33656.exe
1268	Unicorn-12297.exe
2712	Unicorn-28634.exe
2280	Unicorn-37762.exe
2096	Unicorn-63013.exe
1260	Unicorn-8213.exe
1992	Unicorn-25104.exe
2112	Unicorn-24091.exe
1360	Unicorn-27599.exe
1764	Unicorn-28345.exe
1368	Unicorn-28943.exe
1320	Unicorn-53618.exe
304	Unicorn-57147.exe
1724	Unicorn-8501.exe
1904	Unicorn-57339.exe
1656	Unicorn-13291.exe
3028	Unicorn-28367.exe
556	Unicorn-58963.exe
1600	Unicorn-59923.exe
3068	Unicorn-35610.exe
300	Unicorn-10551.exe
2424	Unicorn-24641.exe
2564	Unicorn-6659.exe
2680	Unicorn-47500.exe
2528	Unicorn-53229.exe
2412	Unicorn-39886.exe
2828	Unicorn-57868.exe
2668	Unicorn-1288.exe
2088	Unicorn-5948.exe
296	Unicorn-54189.exe
608	Unicorn-41745.exe
2340	Unicorn-46384.exe
308	Unicorn-29685.exe
1504	Unicorn-46384.exe
848	Unicorn-51620.exe
864	Unicorn-31391.exe
2536	Unicorn-18585.exe
1492	Unicorn-43665.exe
1624	Unicorn-42513.exe
808	Unicorn-33384.exe
2100	Unicorn-3509.exe
2068	Unicorn-17432.exe
2320	Unicorn-8709.exe
1576	Unicorn-61418.exe
1800	Unicorn-41552.exe
2428	Unicorn-34536.exe
1940	Unicorn-6846.exe
2976	Unicorn-52518.exe
284	Unicorn-60323.exe
2344	Unicorn-61838.exe
1944	Unicorn-7998.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 2116	3052	d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe	28
PID 3052 wrote to memory of 2116	3052	d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe	28
PID 3052 wrote to memory of 2116	3052	d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe	28
PID 3052 wrote to memory of 2116	3052	d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe	28
PID 2116 wrote to memory of 2104	2116	Unicorn-62048.exe	29
PID 2116 wrote to memory of 2104	2116	Unicorn-62048.exe	29
PID 2116 wrote to memory of 2104	2116	Unicorn-62048.exe	29
PID 2116 wrote to memory of 2104	2116	Unicorn-62048.exe	29
PID 3052 wrote to memory of 2536	3052	d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe	30
PID 3052 wrote to memory of 2536	3052	d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe	30
PID 3052 wrote to memory of 2536	3052	d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe	30
PID 3052 wrote to memory of 2536	3052	d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe	30
PID 2536 wrote to memory of 2584	2536	Unicorn-21352.exe	31
PID 2536 wrote to memory of 2584	2536	Unicorn-21352.exe	31
PID 2536 wrote to memory of 2584	2536	Unicorn-21352.exe	31
PID 2536 wrote to memory of 2584	2536	Unicorn-21352.exe	31
PID 2104 wrote to memory of 2928	2104	Unicorn-49962.exe	32
PID 2104 wrote to memory of 2928	2104	Unicorn-49962.exe	32
PID 2104 wrote to memory of 2928	2104	Unicorn-49962.exe	32
PID 2104 wrote to memory of 2928	2104	Unicorn-49962.exe	32
PID 2116 wrote to memory of 2460	2116	Unicorn-62048.exe	33
PID 2116 wrote to memory of 2460	2116	Unicorn-62048.exe	33
PID 2116 wrote to memory of 2460	2116	Unicorn-62048.exe	33
PID 2116 wrote to memory of 2460	2116	Unicorn-62048.exe	33
PID 2584 wrote to memory of 2120	2584	Unicorn-57035.exe	34
PID 2584 wrote to memory of 2120	2584	Unicorn-57035.exe	34
PID 2584 wrote to memory of 2120	2584	Unicorn-57035.exe	34
PID 2584 wrote to memory of 2120	2584	Unicorn-57035.exe	34
PID 2928 wrote to memory of 2764	2928	Unicorn-44783.exe	35
PID 2928 wrote to memory of 2764	2928	Unicorn-44783.exe	35
PID 2928 wrote to memory of 2764	2928	Unicorn-44783.exe	35
PID 2928 wrote to memory of 2764	2928	Unicorn-44783.exe	35
PID 2536 wrote to memory of 2736	2536	Unicorn-21352.exe	36
PID 2536 wrote to memory of 2736	2536	Unicorn-21352.exe	36
PID 2536 wrote to memory of 2736	2536	Unicorn-21352.exe	36
PID 2536 wrote to memory of 2736	2536	Unicorn-21352.exe	36
PID 2104 wrote to memory of 2696	2104	Unicorn-49962.exe	37
PID 2104 wrote to memory of 2696	2104	Unicorn-49962.exe	37
PID 2104 wrote to memory of 2696	2104	Unicorn-49962.exe	37
PID 2104 wrote to memory of 2696	2104	Unicorn-49962.exe	37
PID 2460 wrote to memory of 1948	2460	Unicorn-57590.exe	38
PID 2460 wrote to memory of 1948	2460	Unicorn-57590.exe	38
PID 2460 wrote to memory of 1948	2460	Unicorn-57590.exe	38
PID 2460 wrote to memory of 1948	2460	Unicorn-57590.exe	38
PID 2120 wrote to memory of 2700	2120	Unicorn-32552.exe	39
PID 2120 wrote to memory of 2700	2120	Unicorn-32552.exe	39
PID 2120 wrote to memory of 2700	2120	Unicorn-32552.exe	39
PID 2120 wrote to memory of 2700	2120	Unicorn-32552.exe	39
PID 2584 wrote to memory of 272	2584	Unicorn-57035.exe	40
PID 2584 wrote to memory of 272	2584	Unicorn-57035.exe	40
PID 2584 wrote to memory of 272	2584	Unicorn-57035.exe	40
PID 2584 wrote to memory of 272	2584	Unicorn-57035.exe	40
PID 2696 wrote to memory of 2712	2696	Unicorn-37574.exe	41
PID 2696 wrote to memory of 2712	2696	Unicorn-37574.exe	41
PID 2696 wrote to memory of 2712	2696	Unicorn-37574.exe	41
PID 2696 wrote to memory of 2712	2696	Unicorn-37574.exe	41
PID 2736 wrote to memory of 1260	2736	Unicorn-45743.exe	42
PID 2736 wrote to memory of 1260	2736	Unicorn-45743.exe	42
PID 2736 wrote to memory of 1260	2736	Unicorn-45743.exe	42
PID 2736 wrote to memory of 1260	2736	Unicorn-45743.exe	42
PID 2764 wrote to memory of 1268	2764	Unicorn-61524.exe	43
PID 2764 wrote to memory of 1268	2764	Unicorn-61524.exe	43
PID 2764 wrote to memory of 1268	2764	Unicorn-61524.exe	43
PID 2764 wrote to memory of 1268	2764	Unicorn-61524.exe	43

C:\Users\Admin\AppData\Local\Temp\d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d7b12b7215c2a49eb31b3a65e37f2309_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49962.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44783.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28943.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24641.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61838.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39051.exe
        10⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61168.exe
        11⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57458.exe
        12⤵
        
        PID:2580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 376
        11⤵
        Program crash
        
        PID:2968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 376
        10⤵
        Program crash
        
        PID:1728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 380
        9⤵
        Program crash
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41552.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25320.exe
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18481.exe
        10⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 376
        9⤵
        Program crash
        
        PID:2868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 372
        8⤵
        Program crash
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8023.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44967.exe
        9⤵
        
        PID:964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 376
        9⤵
        Program crash
        
        PID:2960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 368
        8⤵
        Program crash
        
        PID:2484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 380
        7⤵
        Program crash
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53229.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8709.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        9⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20525.exe
        11⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27920.exe
        12⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
        13⤵
        
        PID:2976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 368
        12⤵
        Program crash
        
        PID:928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 376
        11⤵
        Program crash
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58713.exe
        10⤵
        
        PID:288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 368
        10⤵
        Program crash
        
        PID:1636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 380
        9⤵
        Program crash
        
        PID:608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 384
        8⤵
        Program crash
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        9⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        10⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
        11⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 380
        11⤵
        Program crash
        
        PID:3180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 368
        10⤵
        Program crash
        
        PID:2796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 368
        9⤵
        Program crash
        
        PID:2408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 380
        8⤵
        Program crash
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 376
        7⤵
        Program crash
        
        PID:2216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 368
        6⤵
        Program crash
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25104.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
        9⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18481.exe
        10⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31391.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20251.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        9⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-613.exe
        10⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43540.exe
        11⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8641.exe
        12⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
        11⤵
        
        PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28634.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6846.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 244
        9⤵
        Program crash
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52518.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52611.exe
        9⤵
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46384.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
        7⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        8⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30214.exe
        9⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5948.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
        7⤵
        Executes dropped EXE
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
        8⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14541.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59881.exe
        10⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46493.exe
        11⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6114.exe
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36996.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
        8⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
        9⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
        10⤵
        
        PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54189.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12880.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4515.exe
        10⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32056.exe
        11⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
        12⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51620.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36420.exe
        7⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        8⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63202.exe
        8⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64349.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        9⤵
        
        PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1288.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20225.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62787.exe
        8⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19373.exe
        9⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37.exe
        10⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
        11⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        12⤵
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46384.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25980.exe
        6⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
        8⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27017.exe
        9⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        7⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5823.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28159.exe
        9⤵
        
        PID:2532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32552.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3509.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7504.exe
        10⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61744.exe
        11⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3851.exe
        12⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65044.exe
        9⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16244.exe
        10⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2123.exe
        11⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37614.exe
        12⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17432.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20225.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
        9⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35610.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7998.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
        9⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28252.exe
        10⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
        11⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10198.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53140.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15164.exe
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        8⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
        9⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47500.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61418.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10955.exe
        7⤵
        
        PID:344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
        8⤵
        Program crash
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16995.exe
        7⤵
        
        PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27599.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60323.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53503.exe
        8⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        9⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        10⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53176.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8978.exe
        9⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32409.exe
        10⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46742.exe
        11⤵
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe
        6⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7504.exe
        7⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28678.exe
        8⤵
        
        PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45964.exe
        5⤵
        Executes dropped EXE
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3794.exe
        6⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60281.exe
        7⤵
        
        PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59923.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        6⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36804.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21786.exe
        8⤵
        
        PID:2892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe

Filesize
192KB

MD5
50fecfbbb8a0be6184bb7e23d6b634a8

SHA1
6a7add246e39a91e1c331c28f57ace6d819db152

SHA256
25e1c6d3a49cc2e807dccfe44f1d988956c94086c45bcad26ff83a8edd26988e

SHA512
ecf41008f6c02ecc257b559a5a9e30dc0e527f58aa6ddb51b55a198726a08c510e2632bec5d0b509a763470e87da83646e49f88ac8bf27c264ea1b0804be78ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe

Filesize
192KB

MD5
28286084f44324766bcfb28095c590eb

SHA1
51c4743a6663c1b8f96ff6fb94e464b0a4da243d

SHA256
07bdd1c15cab548f305f634f1f329c08cccba55421351eeee572a228b779d49c

SHA512
4aed854aa727bb74b7302f6497a727c22e318e6195c42c3c1a6225d8bc1e1cac5ed294dd9375d00dff2f2d125c5386b576952f64689250188b7e7f8333acb0f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe

Filesize
192KB

MD5
f609bde0db699d2efa037fa418cf6f4f

SHA1
a95a923be6c7bb3ed8ec06d994f2d6ce4eff6bf7

SHA256
f6e3f8f77935289089410ed36f11895fd1268794de91688d504f039b449f961f

SHA512
095e68adae9819ede2b731996a84ad67a0ef750f9cbf5f7b3b3deabd1d5da801929353b085f3d43ad84ce361c25c3467c72c368f49b0b41ca29a9fae690caa68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe

Filesize
192KB

MD5
b92c5e0a7589f66c34db87562b45b13c

SHA1
ce2c0f8c52a8e159e371c2c408c63b461bf6d5e3

SHA256
00b9cd15918ec81cbf4c76f31c44345481a1708047e42941ee1b2e962c8af7cb

SHA512
3758b47245e50cb2c7bae49015c29e53d2a04cec982b8a806139437c8f34b7824d71aa1aac9a8d6f935a1f71c47b6f9b3c84a6220c5bc34364dd4bb0b45e3c80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe

Filesize
192KB

MD5
d9d5bef12588bdc305f2853a824d4e3f

SHA1
232126bf791cb44b2651ca42d9808dd31ab3927e

SHA256
060410ecd6163a32e771667639eddd7cff547b735271a7dda5a2d5ce5bb8aac8

SHA512
509609448ad84b330fc400437a34bbb750853bd2ee6691e1db93f703ecc84e91b0379c7367b5c5062d8e5bc0ce256e42f49f4c8c74e06708049848199d50397d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe

Filesize
192KB

MD5
e452bc415d1bf95cbde7602795eb0a1b

SHA1
086b7225dc70009457467a5655958eda097da031

SHA256
6a535b3e20eede8fed7eb7c35a104aff0a7a996b478fb155c5cc59f059683556

SHA512
47112a26b60d64bd5a62f6284b87da86e6c183f5262c8ba30ab10817acd4f3989ac1d90150c91acee7bdcb9e0f61c942fdf413bbd70b3cde94247e81710788d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21352.exe

Filesize
192KB

MD5
3363bfffa0eb3627ae2a32e38af697cb

SHA1
8d13630c6be2d33990a4627fc422bb29fec32ab1

SHA256
b8c96f6bb5b667165024e2229eafe4cd53771f4583776c0640bff202e1edc14e

SHA512
7cefad1ea9fea46d0e1fdac515a661b72daf55e6438a88069d5761585b8321f9cbaf13a185a144ce086c12f38b09bb83f6bd642a82792c94d85370fab0b2d6b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25104.exe

Filesize
192KB

MD5
84b22875ec6f6bb8cbedbc3588de264b

SHA1
7c642388257b97816f32fba59c2a539c00194f28

SHA256
d2197d5f320dafa41ec49aa8c9f0964370ccfc60c94185e9b503bdd4026097ad

SHA512
e5d1071922be04d0daa7d295eb123dc809c00fc8e124361995375aac56ce013f23b461b044e8cbc5341861a3b62090a9e4897fc7896151c791c17a7fbded0480

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28634.exe

Filesize
192KB

MD5
9444d9aacc8a094c04915459f7ce8de6

SHA1
eb7297a3630d9dccb2dfa6999e00fbbc7b610ec8

SHA256
834892ff73ee162955f3f508d3460aeb6b395bfaf1ce51aa793d8c8a71ad2cab

SHA512
b5308c2586b84611caf6e41f80a524304df9fafd4b7e7606ef2ad087881709665c2cef09c314a32fa886faf6e7377076cff9785fb7ac7053818a02ed50bb4106

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe

Filesize
192KB

MD5
0d5f727a2232a4bfbf6203213548bd33

SHA1
32ffd706b00aa85c88294be713f1dbe5928af651

SHA256
a8ab72a2f09da8e88bd22dcccc04c976d803586fce6b7c4552ce47ff50bc0d08

SHA512
ca8bee15a54c564cc940e9c9af5dddc19841d32086458aa133233da9852eb06ae808802bb1646717ad5a7df48dd2ce2fa0cef1f327f9ddc5398ced383b41b87a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32552.exe

Filesize
192KB

MD5
9a1443f878bffca36aeea2c1aab590d9

SHA1
5acc298a94edeb8f815d4fe5b79226b69301c23e

SHA256
be70b994d792c2f477f467706b453a8ccf834853dda064df83f33eb0d631ccda

SHA512
3826525992e96bbd4de0fab087d3737111c935bad15fd7e54914dfcf47731f65066218498cd1b2977ac63c89ca7b44681a56e9473c214a69fbc63f49c91d086f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe

Filesize
192KB

MD5
1bbeefa32727c3f01f865fbd01f928e4

SHA1
f8a236eae52d914b016217656034ff9ac145447e

SHA256
9fba5c8557da7ef60797c3b072861113975efbb9a2c70cb8a9a05d0530675015

SHA512
866bcb3d0d8c76faf77294c1562a8a81c761039e6552773acab407d96a01562a0b73d402d1511e4b6c45c60a0837e537799c7694853c6ded129dfe4a8e64c679

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37762.exe

Filesize
192KB

MD5
deed99b8f042716b80c56854a4ca1c9e

SHA1
18d48cc0d39516b195b8c288f5229bf5b3be9614

SHA256
06dd3b1f3d0a3f0b8286ebf7c884ba0dc8c1263588143e81187b6f7ab18959db

SHA512
88006465310d41b12a88140d55a95a9e18a524cc520f270e0171a1610f2ef0ae9e0853ff257448a773b55e8934938aa972626d8c2667184d9b197ca2078fa805

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44783.exe

Filesize
192KB

MD5
9a896d23cb7f571ea417f830ac75258d

SHA1
6fbe343b4ab5cdc1d45064d81f46be749923ffd0

SHA256
6675c59efa794ce54a7236c089e5ab66b34e88497bce65cb2a15667ec8e9a5dc

SHA512
d795ca4e4abcafd3792d763b7544b9ea32cbd4df0a8351dbbc325c7066c2bd557c63c5fb0bd55ae09f5af5cfe2fc0cc0357d4343e5d277358c7cf81d867ef3c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe

Filesize
192KB

MD5
cbb0df74901fa84fcb51da350abed923

SHA1
a55869780eb3aabda0947640420ac2e74d0b8475

SHA256
ad94f7cb0fbe7460ac78bd8854a1e0e5ecc8a2258e01f24e1ceb35ab1bb4911b

SHA512
f38b83e471969fa0376f065287e268b9f06712ffe807ee9cf30150acd7c8e9995a5084ba52e68906a5d47e35b3a1b49ea31cf2a1d3f270faf16e99bee39db041

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49962.exe

Filesize
192KB

MD5
d68a6e6133c32ef81e73ddc35441ed67

SHA1
541ae77d8f247c3082619200f33df8ac8b9802ce

SHA256
5fcfa5c22fe184dc76129294f02e1a2b23aa9471d6e9cbbd3324ecc99be9d456

SHA512
856074348f6c7f6fe1b957a89f5c8e1cc35deeca93d5be7a9f3ff0d51e2dcba21d2d8687bcafa0ac8011d5ec684efe8d70970cd19713f12e1077dc1f6e00d4d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe

Filesize
192KB

MD5
99a8c5f679c46b2744c1b204758a5658

SHA1
22eac827e95b671c9c4be3e721effada46d22662

SHA256
e27ad394f951ce539c2a67b581cf6e54f89ab3863d03effa4271cdedd7846b87

SHA512
8292bbf392c61ec07938a138304cb33e583b0ab7912514897c8dd706a23350ef53cdd0afab1f4df59258a0ffc59829ed8ac0b483d0073913e6e8d85c3be76110

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62048.exe

Filesize
192KB

MD5
fab8f34325db554ba84498322f93f89b

SHA1
4c121bcd57957354a7a6a1a4be75a1a06a078e4f

SHA256
ec592588bbf51f567820d24e70aac3bf697f9e609a0b51beb0236748e5392ee7

SHA512
413cc26e3c6e9075187263dbd426f650214d5f1caf68abd555f03e1d5116b40a9bca66503bb16b1229e48d99e70d3e40a61bab4d684635b5155e1f02330f91df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe

Filesize
192KB

MD5
9f5da6b79b1fdc71f2cef7fe96d7df4a

SHA1
3f92f78c2c0836d16c052e3bb81ea00d034873a3

SHA256
7fc15bea7b8f5630bef3c08adea52b60884a131eb580eafa16a404fd6038dd3b

SHA512
5dcedf2f4ae9cf949365e2377526bf8123ce8da0f169257f6fac5a8854665bd2741c32e4efb0202b3619f055f0c5a7f1e95bc045ae4f515fec524cd31b4ef8e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8213.exe

Filesize
192KB

MD5
7640128f684ff8d697f0175d35cb9178

SHA1
d64b2b76e177f6dd06cdee8a442de5fc8ef91742

SHA256
fca9354a2c8b526be0426f442ec090f63572b64c77cc8de9ffd770483d61f1a8

SHA512
e11258d79bfa7b73b9e017f9aa9cbccdcaf1e0907d74aade7d5cf0765d7cc49da85fe3123fc966e0c1d29a7b4ed01683f840d1c6d5887f488520c66c9e3bcac6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads