da684edc51b02f1c4ce2abff4fca911c7625524d670304e3f89d55f3145a20e9

Analysis

max time kernel
173s
max time network
146s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 13:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe
Size

184KB
MD5

e299ddc9b9567518dd3779b6f0218dc7
SHA1

c0c33377b65a5615bfbd6b5482c8e3edece7ea3a
SHA256

da684edc51b02f1c4ce2abff4fca911c7625524d670304e3f89d55f3145a20e9
SHA512

9f2f20d4797ab61ab2c3848a63d8a69c671d20956837420283e03a293549cbf3417261abbc1f5fe3a96be5082640e972806f6d4884ef66ea5108b82b2264d615
SSDEEP

3072:m8HPoY7B9DA0uyjddOD0q8FsTsn6vNf1BnEx89PgmslPvpFd:m8voy80u+dQ0q8Md5hslPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2968	Unicorn-18031.exe
1900	Unicorn-18581.exe
2408	Unicorn-43832.exe
1976	Unicorn-50350.exe
2472	Unicorn-5980.exe
2928	Unicorn-11598.exe
1600	Unicorn-15163.exe
2684	Unicorn-44499.exe
2804	Unicorn-23332.exe
1492	Unicorn-51920.exe
2864	Unicorn-15334.exe
2992	Unicorn-24806.exe
1624	Unicorn-12034.exe
2988	Unicorn-43555.exe
1816	Unicorn-37420.exe
1732	Unicorn-21276.exe
1200	Unicorn-8469.exe
800	Unicorn-33737.exe
1012	Unicorn-20914.exe
844	Unicorn-9787.exe
1484	Unicorn-7369.exe
1248	Unicorn-44126.exe
2976	Unicorn-38781.exe
2184	Unicorn-34889.exe
2480	Unicorn-35766.exe
1228	Unicorn-10913.exe
1712	Unicorn-39139.exe
2572	Unicorn-11318.exe
2452	Unicorn-60519.exe
2524	Unicorn-52351.exe
2468	Unicorn-19679.exe
2236	Unicorn-15210.exe
2880	Unicorn-64219.exe
268	Unicorn-36185.exe
2908	Unicorn-23379.exe
2608	Unicorn-36377.exe
2448	Unicorn-52522.exe
2924	Unicorn-3513.exe
2520	Unicorn-28209.exe
1824	Unicorn-23182.exe
1204	Unicorn-49933.exe
2320	Unicorn-39544.exe
1100	Unicorn-9284.exe
1744	Unicorn-59772.exe
836	Unicorn-16301.exe
1188	Unicorn-39387.exe
1544	Unicorn-46212.exe
2260	Unicorn-28937.exe
984	Unicorn-7172.exe
2804	Unicorn-540.exe
3020	Unicorn-11365.exe
1128	Unicorn-54209.exe
940	Unicorn-18356.exe
3068	Unicorn-39710.exe
2120	Unicorn-903.exe
1108	Unicorn-15402.exe
764	Unicorn-27270.exe
2348	Unicorn-13155.exe
1620	Unicorn-36057.exe
476	Unicorn-56280.exe
2748	Unicorn-15632.exe
2772	Unicorn-24947.exe
1900	Unicorn-13932.exe
864	Unicorn-44934.exe

Loads dropped DLL 64 IoCs

pid	Process
2016	e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe
2016	e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe
2968	Unicorn-18031.exe
2968	Unicorn-18031.exe
2016	e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe
2016	e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe
1900	Unicorn-18581.exe
1900	Unicorn-18581.exe
2968	Unicorn-18031.exe
2968	Unicorn-18031.exe
2408	Unicorn-43832.exe
2408	Unicorn-43832.exe
1976	Unicorn-50350.exe
1900	Unicorn-18581.exe
1976	Unicorn-50350.exe
1900	Unicorn-18581.exe
2472	Unicorn-5980.exe
2472	Unicorn-5980.exe
2928	Unicorn-11598.exe
2928	Unicorn-11598.exe
2408	Unicorn-43832.exe
2408	Unicorn-43832.exe
2684	Unicorn-44499.exe
1492	Unicorn-51920.exe
2684	Unicorn-44499.exe
1492	Unicorn-51920.exe
2864	Unicorn-15334.exe
2864	Unicorn-15334.exe
2472	Unicorn-5980.exe
2472	Unicorn-5980.exe
2804	Unicorn-23332.exe
2804	Unicorn-23332.exe
1976	Unicorn-50350.exe
1976	Unicorn-50350.exe
1600	Unicorn-15163.exe
1600	Unicorn-15163.exe
2988	Unicorn-43555.exe
2988	Unicorn-43555.exe
1492	Unicorn-51920.exe
1492	Unicorn-51920.exe
1732	Unicorn-21276.exe
2992	Unicorn-24806.exe
1816	Unicorn-37420.exe
1732	Unicorn-21276.exe
1624	Unicorn-12034.exe
1816	Unicorn-37420.exe
1624	Unicorn-12034.exe
2992	Unicorn-24806.exe
1200	Unicorn-8469.exe
1200	Unicorn-8469.exe
800	Unicorn-33737.exe
2988	Unicorn-43555.exe
2988	Unicorn-43555.exe
800	Unicorn-33737.exe
1012	Unicorn-20914.exe
1012	Unicorn-20914.exe
2480	Unicorn-35766.exe
1248	Unicorn-44126.exe
2480	Unicorn-35766.exe
1248	Unicorn-44126.exe
1484	Unicorn-7369.exe
1484	Unicorn-7369.exe
2184	Unicorn-34889.exe
1816	Unicorn-37420.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2064	984	WerFault.exe	81
1748	1224	WerFault.exe	122

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2016	e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe
2968	Unicorn-18031.exe
1900	Unicorn-18581.exe
2408	Unicorn-43832.exe
2472	Unicorn-5980.exe
1976	Unicorn-50350.exe
2928	Unicorn-11598.exe
1600	Unicorn-15163.exe
2684	Unicorn-44499.exe
2804	Unicorn-23332.exe
1492	Unicorn-51920.exe
2864	Unicorn-15334.exe
2988	Unicorn-43555.exe
1816	Unicorn-37420.exe
2992	Unicorn-24806.exe
1732	Unicorn-21276.exe
1624	Unicorn-12034.exe
1200	Unicorn-8469.exe
800	Unicorn-33737.exe
844	Unicorn-9787.exe
1012	Unicorn-20914.exe
1484	Unicorn-7369.exe
2480	Unicorn-35766.exe
2184	Unicorn-34889.exe
2976	Unicorn-38781.exe
1248	Unicorn-44126.exe
1228	Unicorn-10913.exe
1712	Unicorn-39139.exe
2468	Unicorn-19679.exe
2452	Unicorn-60519.exe
2572	Unicorn-11318.exe
268	Unicorn-36185.exe
2908	Unicorn-23379.exe
2924	Unicorn-3513.exe
2448	Unicorn-52522.exe
2520	Unicorn-28209.exe
2608	Unicorn-36377.exe
2880	Unicorn-64219.exe
2236	Unicorn-15210.exe
1824	Unicorn-23182.exe
1100	Unicorn-9284.exe
836	Unicorn-16301.exe
1188	Unicorn-39387.exe
1204	Unicorn-49933.exe
1544	Unicorn-46212.exe
1744	Unicorn-59772.exe
3020	Unicorn-11365.exe
2260	Unicorn-28937.exe
3068	Unicorn-39710.exe
1128	Unicorn-54209.exe
984	Unicorn-7172.exe
2804	Unicorn-540.exe
2120	Unicorn-903.exe
940	Unicorn-18356.exe
1620	Unicorn-36057.exe
476	Unicorn-56280.exe
2348	Unicorn-13155.exe
2772	Unicorn-24947.exe
864	Unicorn-44934.exe
1108	Unicorn-15402.exe
764	Unicorn-27270.exe
2336	Unicorn-35848.exe
2748	Unicorn-15632.exe
1900	Unicorn-13932.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2968	2016	e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe	29
PID 2016 wrote to memory of 2968	2016	e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe	29
PID 2016 wrote to memory of 2968	2016	e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe	29
PID 2016 wrote to memory of 2968	2016	e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe	29
PID 2968 wrote to memory of 1900	2968	Unicorn-18031.exe	30
PID 2968 wrote to memory of 1900	2968	Unicorn-18031.exe	30
PID 2968 wrote to memory of 1900	2968	Unicorn-18031.exe	30
PID 2968 wrote to memory of 1900	2968	Unicorn-18031.exe	30
PID 2016 wrote to memory of 2408	2016	e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe	31
PID 2016 wrote to memory of 2408	2016	e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe	31
PID 2016 wrote to memory of 2408	2016	e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe	31
PID 2016 wrote to memory of 2408	2016	e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe	31
PID 1900 wrote to memory of 1976	1900	Unicorn-18581.exe	32
PID 1900 wrote to memory of 1976	1900	Unicorn-18581.exe	32
PID 1900 wrote to memory of 1976	1900	Unicorn-18581.exe	32
PID 1900 wrote to memory of 1976	1900	Unicorn-18581.exe	32
PID 2968 wrote to memory of 2472	2968	Unicorn-18031.exe	33
PID 2968 wrote to memory of 2472	2968	Unicorn-18031.exe	33
PID 2968 wrote to memory of 2472	2968	Unicorn-18031.exe	33
PID 2968 wrote to memory of 2472	2968	Unicorn-18031.exe	33
PID 2408 wrote to memory of 2928	2408	Unicorn-43832.exe	34
PID 2408 wrote to memory of 2928	2408	Unicorn-43832.exe	34
PID 2408 wrote to memory of 2928	2408	Unicorn-43832.exe	34
PID 2408 wrote to memory of 2928	2408	Unicorn-43832.exe	34
PID 1976 wrote to memory of 1600	1976	Unicorn-50350.exe	35
PID 1976 wrote to memory of 1600	1976	Unicorn-50350.exe	35
PID 1976 wrote to memory of 1600	1976	Unicorn-50350.exe	35
PID 1976 wrote to memory of 1600	1976	Unicorn-50350.exe	35
PID 1900 wrote to memory of 2684	1900	Unicorn-18581.exe	36
PID 1900 wrote to memory of 2684	1900	Unicorn-18581.exe	36
PID 1900 wrote to memory of 2684	1900	Unicorn-18581.exe	36
PID 1900 wrote to memory of 2684	1900	Unicorn-18581.exe	36
PID 2472 wrote to memory of 2804	2472	Unicorn-5980.exe	37
PID 2472 wrote to memory of 2804	2472	Unicorn-5980.exe	37
PID 2472 wrote to memory of 2804	2472	Unicorn-5980.exe	37
PID 2472 wrote to memory of 2804	2472	Unicorn-5980.exe	37
PID 2928 wrote to memory of 1492	2928	Unicorn-11598.exe	38
PID 2928 wrote to memory of 1492	2928	Unicorn-11598.exe	38
PID 2928 wrote to memory of 1492	2928	Unicorn-11598.exe	38
PID 2928 wrote to memory of 1492	2928	Unicorn-11598.exe	38
PID 2408 wrote to memory of 2864	2408	Unicorn-43832.exe	39
PID 2408 wrote to memory of 2864	2408	Unicorn-43832.exe	39
PID 2408 wrote to memory of 2864	2408	Unicorn-43832.exe	39
PID 2408 wrote to memory of 2864	2408	Unicorn-43832.exe	39
PID 2684 wrote to memory of 2992	2684	Unicorn-44499.exe	40
PID 2684 wrote to memory of 2992	2684	Unicorn-44499.exe	40
PID 2684 wrote to memory of 2992	2684	Unicorn-44499.exe	40
PID 2684 wrote to memory of 2992	2684	Unicorn-44499.exe	40
PID 1492 wrote to memory of 2988	1492	Unicorn-51920.exe	41
PID 1492 wrote to memory of 2988	1492	Unicorn-51920.exe	41
PID 1492 wrote to memory of 2988	1492	Unicorn-51920.exe	41
PID 1492 wrote to memory of 2988	1492	Unicorn-51920.exe	41
PID 2864 wrote to memory of 1624	2864	Unicorn-15334.exe	42
PID 2864 wrote to memory of 1624	2864	Unicorn-15334.exe	42
PID 2864 wrote to memory of 1624	2864	Unicorn-15334.exe	42
PID 2864 wrote to memory of 1624	2864	Unicorn-15334.exe	42
PID 2472 wrote to memory of 1816	2472	Unicorn-5980.exe	43
PID 2472 wrote to memory of 1816	2472	Unicorn-5980.exe	43
PID 2472 wrote to memory of 1816	2472	Unicorn-5980.exe	43
PID 2472 wrote to memory of 1816	2472	Unicorn-5980.exe	43
PID 2804 wrote to memory of 1200	2804	Unicorn-23332.exe	44
PID 2804 wrote to memory of 1200	2804	Unicorn-23332.exe	44
PID 2804 wrote to memory of 1200	2804	Unicorn-23332.exe	44
PID 2804 wrote to memory of 1200	2804	Unicorn-23332.exe	44

C:\Users\Admin\AppData\Local\Temp\e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e299ddc9b9567518dd3779b6f0218dc7_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18031.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18031.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18581.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11318.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18356.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
        9⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        11⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        12⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63201.exe
        10⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
        11⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        9⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        10⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
        11⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        12⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        10⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2132.exe
        8⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8069.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        10⤵
        
        PID:112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11365.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30685.exe
        9⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
        10⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        11⤵
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe
        9⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
        10⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36832.exe
        11⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36117.exe
        9⤵
        
        PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19679.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7172.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 188
        9⤵
        Program crash
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
        8⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
        9⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        10⤵
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9284.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36057.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4846.exe
        9⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        10⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11058.exe
        11⤵
        
        PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8469.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60519.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3367.exe
        9⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
        10⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5443.exe
        11⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
        12⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        13⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37212.exe
        11⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35848.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47021.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27364.exe
        10⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20322.exe
        11⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        12⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
        10⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        11⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe
        12⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36377.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34889.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
        8⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
        9⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        10⤵
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51489.exe
        8⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21614.exe
        9⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
        10⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe
        11⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14192.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48142.exe
        9⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        10⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16301.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44934.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25148.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29590.exe
        9⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
        10⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42204.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        9⤵
        
        PID:936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43832.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43832.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51920.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39139.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59772.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15402.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
        8⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        9⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53954.exe
        10⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
        8⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10913.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
        7⤵
        Executes dropped EXE
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27369.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16137.exe
        10⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1357.exe
        11⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        10⤵
        
        PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23379.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
        9⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
        10⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
        11⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46212.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        9⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
        10⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40174.exe
        11⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
        12⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57890.exe
        11⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        10⤵
        
        PID:2956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
        6⤵
        Executes dropped EXE
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19201.exe
        7⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
        8⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        9⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50236.exe
        10⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30370.exe
        9⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        8⤵
        
        PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23182.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64125.exe
        8⤵
        
        PID:1224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 188
        9⤵
        Program crash
        
        PID:1748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe

Filesize
184KB

MD5
66dddffcb06c56f9f8c1a4dced35293a

SHA1
6ba8da0faa179888d2ccd002bb4a7b4038586523

SHA256
6c0459ceeab444177395327ff54bb09dd83af4c70a3e4d7f774dfaf372595b6b

SHA512
27cc767114d8dbebe3aa47bc71fb32527653326c4f48bf1bf8fff2f731e2b752a4e95f15b05a270b80facb0c504040ff552d4af7139c164c0aed4ab3ae0a7c3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15334.exe

Filesize
184KB

MD5
d8c199acba2fc751ec900354e4aada48

SHA1
afd85c4f6950fdc2f524a93acad3adca95ada95e

SHA256
cf6d371af2b02676e2fa667fba1d60250cdfad28707d84eeebc5a94a6dbfa7c2

SHA512
aaa122894a759e5d40e0728ef4421f618c944dfb88fd9241c9ca20fbe9e46b70fcb6a3181b82381609282f9e606abf13d6921ff0e28b1dd459982e991e235549

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21276.exe

Filesize
184KB

MD5
591c3ed6666decee4a8af05133cf7e91

SHA1
07a7000162233273c5b9272027d6b07545783dba

SHA256
e63e3a0053ae0bd5d12c905aa6a200cf71ee79512a1621adaeebdfac76967126

SHA512
39c25bef388c0653ae139ad7e14b16c8513f6e0c7614b173f0ea0d7f1f0182a01a7644a491979f958072540696b3185495d2d23553182bf360b54afb2b59e22b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe

Filesize
184KB

MD5
4e3fdfa8874eeb4798a227cdabfc8c8f

SHA1
18bfd581387197457534863e85427f2850a22bd8

SHA256
a8fa20b391ace45b26a3ba970da331d15f02cbd8c40d22a705e7769e06e0438f

SHA512
e4186e283b306449b55e2b3e76565609feb6a7e288bf6399679946cc07652164e47e90c5fd0de5e674ff87db17c174fc50932b5b577c439884d39d5e08d510b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51920.exe

Filesize
184KB

MD5
61a3c7ebe8377e23a109835c08b153d2

SHA1
8f81dc91ebcde9740bd3b1d6a3ba19389c680554

SHA256
b3294609d90c4a4bc50d89440db3927e4a503f104e98fa9ff0e05d9833ac109a

SHA512
7392a8ab130961657e303e5c7f8949966a7cdb0a15a4bb0435427a7a2c180a0ffabfa445693ac330ebdc3db00969c379ee0985a0835ad1119ea18c841f0e0704

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe

Filesize
184KB

MD5
63ea054af4475c798811d4a9d37d6d6e

SHA1
656343167d3aaab4a2e218648902dd1ca021e1c7

SHA256
ca4aa6ebbad7bdedff2a03e5626c53e60e64a9a13c2bf8c478dca1570055400f

SHA512
073a9a3c6441ef40ea73bda40e0da28da3afff7c1816c6d52b4b53a33d51705cf37a25aa060e0e1890330fbf42f6e815970eecb005d69c6a8683041d2adc642e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5980.exe

Filesize
184KB

MD5
c0ed2dfb36c1b45e96cf1a2fb5cd9316

SHA1
23e594a9b9594625bb68bb215347e6e02e00abbc

SHA256
b02a35d1443537595ca71a609f4eee83442bc59218d08b80ade61ca90dec12ff

SHA512
b00724c53c83527221523470df738da6fb13f99b0e61f2a79d93a104df1d2654abfa41de2188e3686100c15e28bc8ffbbff4cc93d83b895bfed81b4a4f5d110f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe

Filesize
184KB

MD5
0b69582d6412b484263746687d605a8d

SHA1
7ddceb5a8b63bf3ba0414f005ceafefc52e835e3

SHA256
2ccc43496907717f873891a8a96bbcc60ff6e24ba5aab88a82f57754d12a9a79

SHA512
9b63039d14464f2c6d83eb406925e0819f15948f593f0badef0de72be4524447ced6ae1273f689f59283ac966813d5c0aef7aa7144004fc2a8b70d00fddcb891

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe

Filesize
184KB

MD5
be08814c2b178b62e1fd387c72052445

SHA1
ada18a851571c0c8fc475c1e2de41b94c3981420

SHA256
0d9a2f1186c1928688a440b95f24c2c1940c15b533869d67f08bd1afb199d959

SHA512
ed2cd815acbb19e7195dd442e7543a0a74d5d61c1a3a7c2fbe3c79c816d190c212252e7642b132cbe21f68d3121053f7bea9158d0b273c1f50b1db9cf8d807d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8469.exe

Filesize
184KB

MD5
0772e5a4a910b466196db58fc333ca6f

SHA1
33e7049b9287436291a587d70d92cf8c2cadeab3

SHA256
1f17f625dd74e095e5c7d51ff40ad736fdde59033d3bb4f293b95b4f7f184c2d

SHA512
4650dbf949db5706c617cf6a709dadbf7fed979fe105f9d5acfbe8abaf37e2a2f26ec5126c235de0649dcd3cff836f6e1ec995475470722a058cf98b6bbab0d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe

Filesize
184KB

MD5
cfb7d0066d66e40f6b0f6ac3749c40f7

SHA1
45ced4c7f915138db9671369f1acc345fa0b9680

SHA256
93b5bdcb1021bf577512dfcc3cb1f2bda0669304d5b2a607be003d1845389da7

SHA512
5f27e18c4102a01207ea3a2e2f0ca545bdfea1e05f91b33c8c871461e9a39fe6e356882b4f1fecec9a491c5112cb437f75915ecc560d86f431e95f9f9fa4442b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe

Filesize
184KB

MD5
75cc31ce35458d0918bf08907a897b3d

SHA1
5c5232518c2e68496cdb1549fc34d0ec98ab8f06

SHA256
f2612086358d93b6fbeb8e7949f7a5bb9893f43b460e1046c554a92235433881

SHA512
a39a7c024b1a714abfb952648729194cb9f9ac214bb108570a6a20289dec431f3b6c487f313490004b4ee9a4fbea128e4af0a97782fe497d3801ec78531b79b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18031.exe

Filesize
184KB

MD5
16d455df428457fd7291c94913056d29

SHA1
5ebb6ee99db333ee258c344e0a79697c42a3385d

SHA256
93bc2df33a6851bf90dec548b4431a64288d8886e2341fa68bb64d53afceff87

SHA512
489ac0c858eabd862ed72b9a5bbce45e223612013554ffeb6d41f16e5f6440a717e076c0c35de21a04d8a7dbc266117563402ddcd64136e140f644b373845bda

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18581.exe

Filesize
184KB

MD5
07f9106a173f8ff27a6e731f40834b92

SHA1
4a6e261fa1519befa9eddd62339ce8fb79810bec

SHA256
d22886f8d41866297f91079fb239ab9553fd61618b6cf26c402e31e08e8ef575

SHA512
87f52aaf1af4c080fb331185cadb988041ff897f636babeaaadacf42dcda8ab2e68db9d5d927ca7217cc57ff11454bdde466071095ca269d1e2c2235f8a631b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23332.exe

Filesize
184KB

MD5
1db72aa69a2c2c4adaa052b8db887396

SHA1
8dc3c463d23eebcc41324efbd7743d6501f64eb3

SHA256
c2590804b4c09f031d77b27cf4768bc80c518ba3ae88b79ba2337f315a45abee

SHA512
608bfbb67c6d202ac50942e34085987cf92dd39166579e1c13fc3a0cdc42e6970842208c8c0070c1f4a9c1afbac052dfca04e187eb66f8554dee6dcf54ea3ff6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe

Filesize
184KB

MD5
9fb145331f2662a85604bd83c8fc495e

SHA1
feb2c449001e9c06415b47e8d355d436ba5bc2df

SHA256
5cb3f76e0977487b85ff9bc5d3130ff660c974c20c88e1ea4dfc0ad957879d02

SHA512
2c896f7485fb6f67bb6af933cd7ed6742431f344679120d1d2963e9dfcabf3811e566511718798c5c53261e1140435a723a7d528a4ab6d33f6b3b8da857375cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe

Filesize
184KB

MD5
257f97f0de0984185caef681acc06423

SHA1
6a6f1057b0ce2cc22903d4081bf046c0ecc7b21d

SHA256
255679e86dcbba891ab628e14a92e7bf5b3390e56cf4defad039a45149377d27

SHA512
ebc0380ea85fa22bddd029c7bc1831e777a6fc6156c07beb8df689d59f73914ddb51661ebedc66b6efd3e7fb27bd9c51c90772e99405f18e7491832022f296a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43832.exe

Filesize
184KB

MD5
74e6d5f1476c5b6f3a1c4a8ae507a398

SHA1
77a93449eaa950ffbaa69cf93defd39824ef1579

SHA256
194b8d5be56612256837eb95f235be2425356411e9c07c903a33b7ef8303d91f

SHA512
9985f9a1accc1b37ff44186e2d057babd9bbdedb293e4c7d83e45005e05e638663db0af49c167b1e5cf930da314ec569d1298467b764f55c36fa569a431a70ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe

Filesize
184KB

MD5
95e01ebec3db1c21271c5a544a84076a

SHA1
d651b74e0a1dede8872c98102a4c1c2e04508116

SHA256
480b1bb114bba271fbb09b7ae4e48b21145d77f65cda1ad0767f11dcb1808bdd

SHA512
e40e238f84ce91b60fe14149745d29767994dd86592ff59457c1fdbd64c4688d83c664a5c9dd1c5a281b77e6d6677b64ec33017a459a458e45a7051084dc9921

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50350.exe

Filesize
184KB

MD5
581651bff08a2f958c3729012556987d

SHA1
414258c95b7f85bd19334aadeb9f5212188611a8

SHA256
cd37c1315ccc686cec0c485a900998ad7512a1258b1cf1baaad298ee76741f7f

SHA512
2fb704eb61c67dc5cc3c1642061ab8e49c8a901741f8b399a5118282d898408b282df82941b839f684c9b675c5274ff7b7ef1faacbfedf320305e2b8ad3df183

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads