0d0a959b4e12411f0ded26030d2532c93443ae50f8d8b83fee0c3d776d5a71b9

Analysis

max time kernel
71s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe
Size

196KB
MD5

df5ef35c65fb5c4560881dc2845a3090
SHA1

353cda4c2a1f4d402b90928e3079b7fdbf525d49
SHA256

0d0a959b4e12411f0ded26030d2532c93443ae50f8d8b83fee0c3d776d5a71b9
SHA512

2a96a915dd14efd6db0b5fc906de16893fed15b6e380ec0312f948b0283cb31f09c159da5b13c0104c2054634d8e51fbff580c7f88e98dcd095c426243daf1c6
SSDEEP

3072:6reboq3MaPAUkbn1Td7iqH8b62vbrhKrTQNFx7gWRP2lVvMe:6rqoSYjbld2qH8qnu12lVvM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2332	Unicorn-36081.exe
2144	Unicorn-18012.exe
2632	Unicorn-55323.exe
2040	Unicorn-40347.exe
2736	Unicorn-16035.exe
2608	Unicorn-61706.exe
2300	Unicorn-39273.exe
2804	Unicorn-10964.exe
2972	Unicorn-6325.exe
2464	Unicorn-63886.exe
2704	Unicorn-51997.exe
2680	Unicorn-33300.exe
488	Unicorn-62635.exe
840	Unicorn-53549.exe
860	Unicorn-52589.exe
1764	Unicorn-44613.exe
1936	Unicorn-28277.exe
2824	Unicorn-243.exe
2732	Unicorn-16579.exe
568	Unicorn-44841.exe
2376	Unicorn-64706.exe
1168	Unicorn-61691.exe
964	Unicorn-22003.exe
276	Unicorn-59698.exe
380	Unicorn-46144.exe
928	Unicorn-26278.exe
1924	Unicorn-29808.exe
1980	Unicorn-17150.exe
2100	Unicorn-20872.exe
2160	Unicorn-37208.exe
2216	Unicorn-9174.exe
1968	Unicorn-42361.exe
2744	Unicorn-37841.exe
1728	Unicorn-59200.exe
2856	Unicorn-38225.exe
2844	Unicorn-2023.exe
3016	Unicorn-21998.exe
2428	Unicorn-43164.exe
2864	Unicorn-56590.exe
2332	Unicorn-39678.exe
1640	Unicorn-16605.exe
2920	Unicorn-11966.exe
2964	Unicorn-39870.exe
2412	Unicorn-16797.exe
2700	Unicorn-34847.exe
284	Unicorn-18319.exe
1692	Unicorn-55822.exe
2168	Unicorn-31509.exe
2780	Unicorn-2174.exe
320	Unicorn-51567.exe
2764	Unicorn-23533.exe
2264	Unicorn-17394.exe
2052	Unicorn-13139.exe
2280	Unicorn-37644.exe
2404	Unicorn-9610.exe
1148	Unicorn-45428.exe
1572	Unicorn-3627.exe
1140	Unicorn-16299.exe
2116	Unicorn-36165.exe
784	Unicorn-23315.exe
1044	Unicorn-53653.exe
1872	Unicorn-27037.exe
1320	Unicorn-51349.exe
1780	Unicorn-31675.exe

Loads dropped DLL 64 IoCs

pid	Process
2204	df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe
2204	df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe
2332	Unicorn-36081.exe
2332	Unicorn-36081.exe
2204	df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe
2204	df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe
2632	Unicorn-55323.exe
2632	Unicorn-55323.exe
2332	Unicorn-36081.exe
2332	Unicorn-36081.exe
2144	Unicorn-18012.exe
2144	Unicorn-18012.exe
2040	Unicorn-40347.exe
2040	Unicorn-40347.exe
2632	Unicorn-55323.exe
2632	Unicorn-55323.exe
2736	Unicorn-16035.exe
2736	Unicorn-16035.exe
2608	Unicorn-61706.exe
2608	Unicorn-61706.exe
2144	Unicorn-18012.exe
2144	Unicorn-18012.exe
2300	Unicorn-39273.exe
2300	Unicorn-39273.exe
2040	Unicorn-40347.exe
2040	Unicorn-40347.exe
2704	Unicorn-51997.exe
2704	Unicorn-51997.exe
2972	Unicorn-6325.exe
2972	Unicorn-6325.exe
2804	Unicorn-10964.exe
2804	Unicorn-10964.exe
2464	Unicorn-63886.exe
2464	Unicorn-63886.exe
2608	Unicorn-61706.exe
2608	Unicorn-61706.exe
2736	Unicorn-16035.exe
2736	Unicorn-16035.exe
2300	Unicorn-39273.exe
2680	Unicorn-33300.exe
2300	Unicorn-39273.exe
2680	Unicorn-33300.exe
488	Unicorn-62635.exe
488	Unicorn-62635.exe
840	Unicorn-53549.exe
840	Unicorn-53549.exe
2704	Unicorn-51997.exe
2704	Unicorn-51997.exe
2804	Unicorn-10964.exe
1764	Unicorn-44613.exe
1764	Unicorn-44613.exe
2804	Unicorn-10964.exe
860	Unicorn-52589.exe
860	Unicorn-52589.exe
2972	Unicorn-6325.exe
2972	Unicorn-6325.exe
2824	Unicorn-243.exe
2824	Unicorn-243.exe
1936	Unicorn-28277.exe
1936	Unicorn-28277.exe
2464	Unicorn-63886.exe
2732	Unicorn-16579.exe
2732	Unicorn-16579.exe
2464	Unicorn-63886.exe

Program crash 22 IoCs

pid	pid_target	Process	procid_target
1128	276	WerFault.exe	51
2076	2864	WerFault.exe	66
1296	2428	WerFault.exe	65
1840	2964	WerFault.exe	70
1548	1572	WerFault.exe	85
2668	2784	WerFault.exe	77
1716	2708	WerFault.exe	107
2028	2540	WerFault.exe	103
1064	1972	WerFault.exe	106
840	556	WerFault.exe	99
1000	2184	WerFault.exe	101
1260	2052	WerFault.exe	83
2124	1312	WerFault.exe	96
2972	1044	WerFault.exe	95
2168	3048	WerFault.exe	108
1820	324	WerFault.exe	142
2408	1508	WerFault.exe	127
3052	2948	WerFault.exe	145
2084	1828	WerFault.exe	147
2996	1620	WerFault.exe	152
1168	2492	WerFault.exe	151
1528	2872	WerFault.exe	157

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2204	df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe
2332	Unicorn-36081.exe
2632	Unicorn-55323.exe
2144	Unicorn-18012.exe
2040	Unicorn-40347.exe
2736	Unicorn-16035.exe
2608	Unicorn-61706.exe
2300	Unicorn-39273.exe
2704	Unicorn-51997.exe
2804	Unicorn-10964.exe
2972	Unicorn-6325.exe
2464	Unicorn-63886.exe
2680	Unicorn-33300.exe
488	Unicorn-62635.exe
840	Unicorn-53549.exe
1764	Unicorn-44613.exe
860	Unicorn-52589.exe
2824	Unicorn-243.exe
2732	Unicorn-16579.exe
1936	Unicorn-28277.exe
2376	Unicorn-64706.exe
568	Unicorn-44841.exe
1168	Unicorn-61691.exe
964	Unicorn-22003.exe
276	Unicorn-59698.exe
380	Unicorn-46144.exe
928	Unicorn-26278.exe
1924	Unicorn-29808.exe
1980	Unicorn-17150.exe
2100	Unicorn-20872.exe
2216	Unicorn-9174.exe
2160	Unicorn-37208.exe
2744	Unicorn-37841.exe
1728	Unicorn-59200.exe
2856	Unicorn-38225.exe
2844	Unicorn-2023.exe
3016	Unicorn-21998.exe
2428	Unicorn-43164.exe
2864	Unicorn-56590.exe
2332	Unicorn-39678.exe
1640	Unicorn-16605.exe
2920	Unicorn-11966.exe
2964	Unicorn-39870.exe
2412	Unicorn-16797.exe
2700	Unicorn-34847.exe
284	Unicorn-18319.exe
2168	Unicorn-31509.exe
2052	Unicorn-13139.exe
2264	Unicorn-17394.exe
2764	Unicorn-23533.exe
2784	Unicorn-51375.exe
2780	Unicorn-2174.exe
1780	Unicorn-31675.exe
1572	Unicorn-3627.exe
784	Unicorn-23315.exe
320	Unicorn-51567.exe
2404	Unicorn-9610.exe
2280	Unicorn-37644.exe
1140	Unicorn-16299.exe
1148	Unicorn-45428.exe
1312	Unicorn-59709.exe
2116	Unicorn-36165.exe
1320	Unicorn-51349.exe
556	Unicorn-50233.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2332	2204	df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe	28
PID 2204 wrote to memory of 2332	2204	df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe	28
PID 2204 wrote to memory of 2332	2204	df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe	28
PID 2204 wrote to memory of 2332	2204	df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe	28
PID 2332 wrote to memory of 2144	2332	Unicorn-36081.exe	29
PID 2332 wrote to memory of 2144	2332	Unicorn-36081.exe	29
PID 2332 wrote to memory of 2144	2332	Unicorn-36081.exe	29
PID 2332 wrote to memory of 2144	2332	Unicorn-36081.exe	29
PID 2204 wrote to memory of 2632	2204	df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe	30
PID 2204 wrote to memory of 2632	2204	df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe	30
PID 2204 wrote to memory of 2632	2204	df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe	30
PID 2204 wrote to memory of 2632	2204	df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe	30
PID 2632 wrote to memory of 2040	2632	Unicorn-55323.exe	31
PID 2632 wrote to memory of 2040	2632	Unicorn-55323.exe	31
PID 2632 wrote to memory of 2040	2632	Unicorn-55323.exe	31
PID 2632 wrote to memory of 2040	2632	Unicorn-55323.exe	31
PID 2332 wrote to memory of 2608	2332	Unicorn-36081.exe	32
PID 2332 wrote to memory of 2608	2332	Unicorn-36081.exe	32
PID 2332 wrote to memory of 2608	2332	Unicorn-36081.exe	32
PID 2332 wrote to memory of 2608	2332	Unicorn-36081.exe	32
PID 2144 wrote to memory of 2736	2144	Unicorn-18012.exe	33
PID 2144 wrote to memory of 2736	2144	Unicorn-18012.exe	33
PID 2144 wrote to memory of 2736	2144	Unicorn-18012.exe	33
PID 2144 wrote to memory of 2736	2144	Unicorn-18012.exe	33
PID 2040 wrote to memory of 2300	2040	Unicorn-40347.exe	34
PID 2040 wrote to memory of 2300	2040	Unicorn-40347.exe	34
PID 2040 wrote to memory of 2300	2040	Unicorn-40347.exe	34
PID 2040 wrote to memory of 2300	2040	Unicorn-40347.exe	34
PID 2632 wrote to memory of 2804	2632	Unicorn-55323.exe	35
PID 2632 wrote to memory of 2804	2632	Unicorn-55323.exe	35
PID 2632 wrote to memory of 2804	2632	Unicorn-55323.exe	35
PID 2632 wrote to memory of 2804	2632	Unicorn-55323.exe	35
PID 2736 wrote to memory of 2972	2736	Unicorn-16035.exe	36
PID 2736 wrote to memory of 2972	2736	Unicorn-16035.exe	36
PID 2736 wrote to memory of 2972	2736	Unicorn-16035.exe	36
PID 2736 wrote to memory of 2972	2736	Unicorn-16035.exe	36
PID 2608 wrote to memory of 2464	2608	Unicorn-61706.exe	37
PID 2608 wrote to memory of 2464	2608	Unicorn-61706.exe	37
PID 2608 wrote to memory of 2464	2608	Unicorn-61706.exe	37
PID 2608 wrote to memory of 2464	2608	Unicorn-61706.exe	37
PID 2144 wrote to memory of 2704	2144	Unicorn-18012.exe	38
PID 2144 wrote to memory of 2704	2144	Unicorn-18012.exe	38
PID 2144 wrote to memory of 2704	2144	Unicorn-18012.exe	38
PID 2144 wrote to memory of 2704	2144	Unicorn-18012.exe	38
PID 2300 wrote to memory of 2680	2300	Unicorn-39273.exe	39
PID 2300 wrote to memory of 2680	2300	Unicorn-39273.exe	39
PID 2300 wrote to memory of 2680	2300	Unicorn-39273.exe	39
PID 2300 wrote to memory of 2680	2300	Unicorn-39273.exe	39
PID 2040 wrote to memory of 488	2040	Unicorn-40347.exe	40
PID 2040 wrote to memory of 488	2040	Unicorn-40347.exe	40
PID 2040 wrote to memory of 488	2040	Unicorn-40347.exe	40
PID 2040 wrote to memory of 488	2040	Unicorn-40347.exe	40
PID 2704 wrote to memory of 840	2704	Unicorn-51997.exe	41
PID 2704 wrote to memory of 840	2704	Unicorn-51997.exe	41
PID 2704 wrote to memory of 840	2704	Unicorn-51997.exe	41
PID 2704 wrote to memory of 840	2704	Unicorn-51997.exe	41
PID 2972 wrote to memory of 860	2972	Unicorn-6325.exe	42
PID 2972 wrote to memory of 860	2972	Unicorn-6325.exe	42
PID 2972 wrote to memory of 860	2972	Unicorn-6325.exe	42
PID 2972 wrote to memory of 860	2972	Unicorn-6325.exe	42
PID 2804 wrote to memory of 1764	2804	Unicorn-10964.exe	43
PID 2804 wrote to memory of 1764	2804	Unicorn-10964.exe	43
PID 2804 wrote to memory of 1764	2804	Unicorn-10964.exe	43
PID 2804 wrote to memory of 1764	2804	Unicorn-10964.exe	43

C:\Users\Admin\AppData\Local\Temp\df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\df5ef35c65fb5c4560881dc2845a3090_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18012.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39870.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        9⤵
        Program crash
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
        8⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
        9⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
        10⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe
        8⤵
        Executes dropped EXE
        
        PID:1044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
        9⤵
        Program crash
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17150.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
        8⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28860.exe
        9⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44480.exe
        10⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
        11⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
        10⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
        9⤵
        
        PID:1828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 244
        10⤵
        Program crash
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50233.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 244
        8⤵
        Program crash
        
        PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16579.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        6⤵
        Executes dropped EXE
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51375.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 244
        8⤵
        Program crash
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        7⤵
        
        PID:2540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 244
        8⤵
        Program crash
        
        PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51997.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22003.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36165.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1653.exe
        9⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54324.exe
        10⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15424.exe
        11⤵
        
        PID:2948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
        12⤵
        Program crash
        
        PID:3052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 248
        11⤵
        Program crash
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44568.exe
        10⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
        11⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16299.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8657.exe
        9⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
        10⤵
        Program crash
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43164.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 244
        7⤵
        Program crash
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59698.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 244
        7⤵
        Program crash
        
        PID:2076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 236
        6⤵
        Program crash
        
        PID:1128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63886.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37208.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51567.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9233.exe
        9⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
        10⤵
        
        PID:488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23533.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
        7⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 244
        8⤵
        Program crash
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9174.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45580.exe
        7⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
        8⤵
        
        PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18319.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        7⤵
        
        PID:2184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 244
        8⤵
        Program crash
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
        6⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44819.exe
        7⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12907.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44724.exe
        9⤵
        
        PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55822.exe
        5⤵
        Executes dropped EXE
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23188.exe
        6⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47957.exe
        7⤵
        
        PID:1944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55323.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55323.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39273.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37841.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
        9⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20552.exe
        10⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37132.exe
        11⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        10⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17394.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29628.exe
        9⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        10⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
        11⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
        12⤵
        Program crash
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
        10⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe
        9⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40557.exe
        10⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
        11⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13139.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 244
        8⤵
        Program crash
        
        PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44841.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38225.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36693.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42622.exe
        9⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9041.exe
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
        11⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
        8⤵
        
        PID:324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 220
        9⤵
        Program crash
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9610.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37028.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        8⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        9⤵
        Program crash
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58429.exe
        8⤵
        
        PID:600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62635.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3627.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 244
        7⤵
        Program crash
        
        PID:1548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39678.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42525.exe
        8⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56905.exe
        9⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
        10⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
        11⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46613.exe
        12⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64667.exe
        13⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe
        11⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12757.exe
        12⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
        11⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54419.exe
        7⤵
        
        PID:3048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 244
        8⤵
        Program crash
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16605.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
        6⤵
        Executes dropped EXE
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        7⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
        9⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
        8⤵
        
        PID:808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26278.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 244
        7⤵
        Program crash
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19697.exe
        6⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 244
        7⤵
        Program crash
        
        PID:1064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe

Filesize
196KB

MD5
97b8245c2ad610cb6f8bc6b9370a7569

SHA1
94650534c88893333b5445f344b117f8946c86b8

SHA256
65929c7df31ba2f775b54749a5f328d828ddefd1c6df55cd4151edf62a9fdce3

SHA512
9f7b92eace45fab8c5043acb9b3506e0e4f8f77a8630feeee22ad55a190d958cd5dba72c6d1e2885f1281af6a416e789a67fa8df6ae56f5b7e700fcc3da6c07f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28277.exe

Filesize
196KB

MD5
dc23ecb1d691b11cab895fb3b9b2c61b

SHA1
37c1203bcafac9ad36f2448ad9368a78272088c1

SHA256
86a33ea44a35a8ec21cb7fb432372106a393a251b9671ebeeed4ba74b7f388c7

SHA512
826fd1aaa01ba49c67ad865b95aa1e3f4f76aa46c8cac73bc9dddbb8c95456fb6016852a9334705cfc50ee930f0b9f31e3b12191ab02ac1774e0698840bf3f90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44613.exe

Filesize
196KB

MD5
b005cebde431b58b30416a4c5df467ac

SHA1
5a5ed8c74b7e67173f674e2cfccd04a8d7cf7bb5

SHA256
42238c0d7ed22e0ab15b305b4410373b43a87eb2e104ce3ff27284235a979329

SHA512
75a620575b9cb2bcb7e3ce7b4f46e995a5f140eb4e6d9a79e0da539eb9efbb78fa46aaee65ed1ec308749e05b8e080b030c574e62cb4f2ec423858216c57aba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52589.exe

Filesize
196KB

MD5
cc7122436cdaf36ba32168fa2763f8dc

SHA1
3344fa1962c16195635327791cf6b03c394f0ead

SHA256
906ee7de8f0d2b6b66066f9d0fe0d1bb546a95216ff5946832f82eeb82ecb8f1

SHA512
d5932489c384aba5f53fce3e686e1d966c71e7fe9973d977438fd430d1295183f5f82b465bf9b2c27a6f41b9cbdf45f5f981c9393e1fac5929fe18e8008abadd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55323.exe

Filesize
196KB

MD5
623aa5229b7bb274c35741266445527f

SHA1
902f5543d463465c69ae4e9bab715310ca80bdba

SHA256
decdda781364870488065d013b58616ce952ce353dba6cccad3dca5bec07bd64

SHA512
8534d1764a1b3623326a035aa5118b60f4d987c41452d77bc4c148b9bb891256ddeed677f3d1222b6db4eb863bde21cb64e3575041d34b0b519359e3d6042e3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63886.exe

Filesize
196KB

MD5
a67bddc05f5817d5e0241b5b4dc7750a

SHA1
5af25439795f9fa2192f1125c6f2c31d87db8554

SHA256
514d75c2b439eafcf3fc45c473722d32af58b6af3c3da1365e3affc57a8c0279

SHA512
e87f84306805f474c88f072b35d6f8560e1a01ad474264a46caabdc351681e46d564272ff3908eb23f68edb0ce76c44c2f7e84ba259c57d1d2f36112a333500d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe

Filesize
196KB

MD5
f112dc534b8c4151f81e010737e2c5fc

SHA1
d1a93f4378f2e9966f7efe7b9000f5601fdbbcbc

SHA256
62518a3b68e20e74320a5e7f90fb4b898255702106bab1f2c7696e8219092c0e

SHA512
06077bb0480e4416839339d7b77c6956c3c388b82a523c1f615d64f778a2ee8266660ae0cb3b06efb264541b4b86d7e5e10729aad5041297d02e1e8fe92f6793

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18012.exe

Filesize
196KB

MD5
8d9d6cb02b35bca34bbf2aac73dcf58f

SHA1
327a084850f69962badb60bfc21b57ec8dbcca6f

SHA256
1233cb9dcf5b63b08e7db986cb184f39f87e48de0defde6a294cb15f2d63db98

SHA512
18ecd5f54dce3fd609556f3e062fcbfe49fd73c9d9dd770ed924049c6fda5cd08653d54f0486a00628fdf2e8fa08198580a3fe72bacc288e8efeb4814431627a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-243.exe

Filesize
196KB

MD5
eea7af92a74f7889b718e9b871592443

SHA1
f0373a749db8d4df219f6a0a3d6081b98088aa3c

SHA256
61897c5ebc33755c4dd418865dbe52af790db787b5c7c10048678becc132f3f7

SHA512
82371a3db41aaf45a28c5d17ed37a6f004cd400e68fd7fabef541bc0644afacc82375e570d41ebc19dfc4d4b1ec7901994ddf834d507897ce3c7397ac6123355

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe

Filesize
196KB

MD5
5390f850de1689f67a3359ba28eb6c58

SHA1
e179c9f6957541386c4fe89bb88c1df0a052c1a0

SHA256
9d328199877f8e084efee51f37ac7e75cb73cddee84c2414364895fccdac21d4

SHA512
83c8ddfc167dc9bc9c8c5d9f594ad5266d5668c20d4c34bcb9d9ff1246c36dc02718af078e649b58acf1dbb5320f46383f171ea4e70600d4fb2dd20a4cc626cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36081.exe

Filesize
196KB

MD5
789efccadbcc281c73e47fd1b0d4c6d4

SHA1
27fbcf8223d65268d3a18852876160c803d986c0

SHA256
4b42631084f74e287925d284fcaedd4eae84884fd4c2e783c1d8acd4a90be3ea

SHA512
bb01fdd3f8b33907eb73308e9cbef6d3a8ce5068ee677d6406a9b82db8da7bd7448516fcfd055e6fedd7bff728b03badafc91e2702e749b7417b0aba9cdf6e58

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39273.exe

Filesize
196KB

MD5
9096313148bb51c1b2872cd70567d889

SHA1
5ff8644de069a43bd9744d32223d1e61c153dc1c

SHA256
4f6a39feba3eba8e62046ba6da5078df524a4c6e2626d57b0e5c96d456c2040e

SHA512
4c9c6d635fbfbd896a1374a23a75d2cdc073e13b8c304a6d24e049795d8d0e2cda9d8da881212746d1868078dd18d286978065b0c6e9ddcaca0f7b4dc613d40a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe

Filesize
196KB

MD5
486b175f3c09c03ae1513ff0e7c2f888

SHA1
62f62b527849df3eb3391993c6f6bdd51c954d60

SHA256
b8ce5f9d8723cb791446b744ae049715b59b6c9f778bb59e8440ff474b6eff4c

SHA512
b93bbaf9fa4577891cf9516cb74c10467254c3e26c6299dfb7c31996e672587c8be69f44ca44805823f09488832c12be2f1a2092a1cf07a6b108aebe271edfcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51997.exe

Filesize
196KB

MD5
505af85e35c3942d5b539fdbe81e87ff

SHA1
6e2bc62ef3df3a814f40539a454e693790be7be8

SHA256
efe4dcd1c086b2b4055b951dba5429b6aca1be3f89e34ccba71b8b3f25dfa9a3

SHA512
f44b6346cb4339fe80d3361ceae6489edbd8a287c9202cf7b761d3e9a19745869ac4b18689f12986e5220a40c27056d94b489c811b27e39a1484e3ac21cda740

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe

Filesize
196KB

MD5
5b1b255d388d5c289d0728cfa883a8aa

SHA1
26ab7fd54996d822311ec76ccd6efe34ffaed376

SHA256
339c424f88b661c3132f1a082358225adcf74991f62d02137b0650fe7671a564

SHA512
f35dd9041e3dde72d249e3922f826d9373a2631b284dd40313d4f14a959e3a318c6648d0faef8f9e8b9987e5204a1015ea09a8a55f22da2aa810e588a283810b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61706.exe

Filesize
196KB

MD5
b3b6e0dfc59722763c87d6ae1e436c15

SHA1
1c19abd7d3e485b13e6eed545e01832229155167

SHA256
8a0f4254b0027841c188453abcbfca0f75af158959242cd2271f4687580a301c

SHA512
5b8be8291deb047003adeed98b80d2f379bb5ac3968de7535819ce3ff98cb7c6f67149251033b4f99a9d1fe55ea87f24f2af1a8fe9d3c5a7e0acc0aa79ec8575

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62635.exe

Filesize
196KB

MD5
dc814a8240f386f63ec37fb0dbfede62

SHA1
e252cf6387a485db37a63602fa3ae39b3d3c8886

SHA256
37de1c425b3441bf47915d8d166a4bc41872e577e5933600009decf4e068f2f3

SHA512
74a2c1febe94943979ea4e3dfed9b45e302af420aa63c8e7c4589d333ba2e38868e05fac1ea180d577fac867ecb039abc03ee9856459a80cbccb58cd740bb7db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe

Filesize
196KB

MD5
05281e93c44142984d90cd8b909f8330

SHA1
c7364a26b6f3a55b3755f619d6bbb626a8ab1d06

SHA256
dbbcf930756305a2316a3fc8085e2d5543459315e4f21ac5d31ca013b41b6d88

SHA512
0833003a5ebbfbb794ce8f800edbc8fa12efd50faac47133926e4c4ef380353bcbe02f534bff709ac7e5fea2224bc2fdd9e65bbe61665e806cc08e26e2af1664

Download Submit
memory/1968-588-0x0000000002830000-0x000000000298C000-memory.dmp

Filesize
1.4MB

Download
memory/1968-610-0x0000000075390000-0x00000000753DC000-memory.dmp

Filesize
304KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads