f693408eab0ecf258b36b4af8a8a89983795d63d41cc7ebb84a38f182201f9f3

Analysis

max time kernel
45s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 07:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe
Size

184KB
MD5

f550cdc60dca257e23cd6da7f91cdae8
SHA1

6430831a381c41663b102c049679a39d69215533
SHA256

f693408eab0ecf258b36b4af8a8a89983795d63d41cc7ebb84a38f182201f9f3
SHA512

5ea8464ede74bc1b950aa543c6049c75733c9a64750963d338b07253e8d7939c60ccd3a6974a4f21ba19ba984192d281ef9a02a158c5971f50c689052aa10b3d
SSDEEP

3072:KABiok0ynsaUDdjr1d4DRs8Nlvarbq3rg2uxp+qxfNKxvwF7:KA8oEnbsdVdqRs8Nb+jNKxvwF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2904	Unicorn-41297.exe
2508	Unicorn-35599.exe
2632	Unicorn-7565.exe
2620	Unicorn-33866.exe
2492	Unicorn-5640.exe
2456	Unicorn-9169.exe
1720	Unicorn-37369.exe
2692	Unicorn-53575.exe
2772	Unicorn-48744.exe
2176	Unicorn-8095.exe
2288	Unicorn-37430.exe
1468	Unicorn-39022.exe
1256	Unicorn-52213.exe
2240	Unicorn-47574.exe
1244	Unicorn-39406.exe
2052	Unicorn-45965.exe
2764	Unicorn-293.exe
1424	Unicorn-62301.exe
1428	Unicorn-24798.exe
3052	Unicorn-45960.exe
1064	Unicorn-41361.exe
2996	Unicorn-46152.exe
1520	Unicorn-61419.exe
1012	Unicorn-15726.exe
2364	Unicorn-1850.exe
1164	Unicorn-6489.exe
1636	Unicorn-18571.exe
576	Unicorn-43075.exe
1976	Unicorn-43267.exe
2084	Unicorn-17419.exe
912	Unicorn-63090.exe
1984	Unicorn-22057.exe
3036	Unicorn-63853.exe
2512	Unicorn-11507.exe
2244	Unicorn-33101.exe
1664	Unicorn-54076.exe
2452	Unicorn-57797.exe
2440	Unicorn-5067.exe
2872	Unicorn-8596.exe
1960	Unicorn-8788.exe
2588	Unicorn-25317.exe
1812	Unicorn-13811.exe
2760	Unicorn-32333.exe
2304	Unicorn-15674.exe
1768	Unicorn-51876.exe
1760	Unicorn-51876.exe
1908	Unicorn-7890.exe
296	Unicorn-16058.exe
1836	Unicorn-27756.exe
2380	Unicorn-25364.exe
856	Unicorn-21834.exe
1220	Unicorn-41700.exe
688	Unicorn-33807.exe
600	Unicorn-51741.exe
2428	Unicorn-54310.exe
2372	Unicorn-34636.exe
2040	Unicorn-63054.exe
1228	Unicorn-38825.exe
924	Unicorn-22489.exe
3020	Unicorn-59992.exe
2360	Unicorn-36625.exe
2352	Unicorn-52961.exe
816	Unicorn-41455.exe
1748	Unicorn-53153.exe

Loads dropped DLL 64 IoCs

pid	Process
1660	f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe
1660	f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe
2904	Unicorn-41297.exe
2904	Unicorn-41297.exe
1660	f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe
1660	f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe
2508	Unicorn-35599.exe
2904	Unicorn-41297.exe
2508	Unicorn-35599.exe
2904	Unicorn-41297.exe
2632	Unicorn-7565.exe
2632	Unicorn-7565.exe
2620	Unicorn-33866.exe
2620	Unicorn-33866.exe
2508	Unicorn-35599.exe
2508	Unicorn-35599.exe
2492	Unicorn-5640.exe
2492	Unicorn-5640.exe
2456	Unicorn-9169.exe
2456	Unicorn-9169.exe
2632	Unicorn-7565.exe
2632	Unicorn-7565.exe
1720	Unicorn-37369.exe
1720	Unicorn-37369.exe
2620	Unicorn-33866.exe
2620	Unicorn-33866.exe
2692	Unicorn-53575.exe
2692	Unicorn-53575.exe
2772	Unicorn-48744.exe
2772	Unicorn-48744.exe
2288	Unicorn-37430.exe
2492	Unicorn-5640.exe
2492	Unicorn-5640.exe
2288	Unicorn-37430.exe
2456	Unicorn-9169.exe
2176	Unicorn-8095.exe
2456	Unicorn-9169.exe
2176	Unicorn-8095.exe
1468	Unicorn-39022.exe
1468	Unicorn-39022.exe
1720	Unicorn-37369.exe
1720	Unicorn-37369.exe
1256	Unicorn-52213.exe
1256	Unicorn-52213.exe
2240	Unicorn-47574.exe
2240	Unicorn-47574.exe
2692	Unicorn-53575.exe
2692	Unicorn-53575.exe
1244	Unicorn-39406.exe
1244	Unicorn-39406.exe
2772	Unicorn-48744.exe
2772	Unicorn-48744.exe
2052	Unicorn-45965.exe
2052	Unicorn-45965.exe
1424	Unicorn-62301.exe
1424	Unicorn-62301.exe
2764	Unicorn-293.exe
2764	Unicorn-293.exe
1428	Unicorn-24798.exe
2288	Unicorn-37430.exe
1428	Unicorn-24798.exe
2288	Unicorn-37430.exe
2176	Unicorn-8095.exe
2176	Unicorn-8095.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2956	1064	WerFault.exe	48
1912	1376	WerFault.exe	105

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1660	f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe
2904	Unicorn-41297.exe
2508	Unicorn-35599.exe
2632	Unicorn-7565.exe
2620	Unicorn-33866.exe
2492	Unicorn-5640.exe
2456	Unicorn-9169.exe
1720	Unicorn-37369.exe
2692	Unicorn-53575.exe
2772	Unicorn-48744.exe
2176	Unicorn-8095.exe
2288	Unicorn-37430.exe
1468	Unicorn-39022.exe
1256	Unicorn-52213.exe
2240	Unicorn-47574.exe
1244	Unicorn-39406.exe
2052	Unicorn-45965.exe
2764	Unicorn-293.exe
1424	Unicorn-62301.exe
1428	Unicorn-24798.exe
3052	Unicorn-45960.exe
1064	Unicorn-41361.exe
2996	Unicorn-46152.exe
1520	Unicorn-61419.exe
1012	Unicorn-15726.exe
2364	Unicorn-1850.exe
1164	Unicorn-6489.exe
1636	Unicorn-18571.exe
576	Unicorn-43075.exe
2084	Unicorn-17419.exe
1976	Unicorn-43267.exe
912	Unicorn-63090.exe
1984	Unicorn-22057.exe
3036	Unicorn-63853.exe
2512	Unicorn-11507.exe
1664	Unicorn-54076.exe
2244	Unicorn-33101.exe
2452	Unicorn-57797.exe
2440	Unicorn-5067.exe
2872	Unicorn-8596.exe
1960	Unicorn-8788.exe
2588	Unicorn-25317.exe
1812	Unicorn-13811.exe
2304	Unicorn-15674.exe
1768	Unicorn-51876.exe
1760	Unicorn-51876.exe
296	Unicorn-16058.exe
2760	Unicorn-32333.exe
1908	Unicorn-7890.exe
2380	Unicorn-25364.exe
1836	Unicorn-27756.exe
856	Unicorn-21834.exe
1220	Unicorn-41700.exe
688	Unicorn-33807.exe
600	Unicorn-51741.exe
2428	Unicorn-54310.exe
2372	Unicorn-34636.exe
924	Unicorn-22489.exe
2040	Unicorn-63054.exe
2360	Unicorn-36625.exe
3020	Unicorn-59992.exe
1228	Unicorn-38825.exe
2352	Unicorn-52961.exe
816	Unicorn-41455.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2904	1660	f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe	28
PID 1660 wrote to memory of 2904	1660	f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe	28
PID 1660 wrote to memory of 2904	1660	f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe	28
PID 1660 wrote to memory of 2904	1660	f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe	28
PID 2904 wrote to memory of 2508	2904	Unicorn-41297.exe	29
PID 2904 wrote to memory of 2508	2904	Unicorn-41297.exe	29
PID 2904 wrote to memory of 2508	2904	Unicorn-41297.exe	29
PID 2904 wrote to memory of 2508	2904	Unicorn-41297.exe	29
PID 1660 wrote to memory of 2632	1660	f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe	30
PID 1660 wrote to memory of 2632	1660	f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe	30
PID 1660 wrote to memory of 2632	1660	f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe	30
PID 1660 wrote to memory of 2632	1660	f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe	30
PID 2508 wrote to memory of 2620	2508	Unicorn-35599.exe	31
PID 2508 wrote to memory of 2620	2508	Unicorn-35599.exe	31
PID 2508 wrote to memory of 2620	2508	Unicorn-35599.exe	31
PID 2508 wrote to memory of 2620	2508	Unicorn-35599.exe	31
PID 2904 wrote to memory of 2492	2904	Unicorn-41297.exe	32
PID 2904 wrote to memory of 2492	2904	Unicorn-41297.exe	32
PID 2904 wrote to memory of 2492	2904	Unicorn-41297.exe	32
PID 2904 wrote to memory of 2492	2904	Unicorn-41297.exe	32
PID 2632 wrote to memory of 2456	2632	Unicorn-7565.exe	33
PID 2632 wrote to memory of 2456	2632	Unicorn-7565.exe	33
PID 2632 wrote to memory of 2456	2632	Unicorn-7565.exe	33
PID 2632 wrote to memory of 2456	2632	Unicorn-7565.exe	33
PID 2620 wrote to memory of 1720	2620	Unicorn-33866.exe	34
PID 2620 wrote to memory of 1720	2620	Unicorn-33866.exe	34
PID 2620 wrote to memory of 1720	2620	Unicorn-33866.exe	34
PID 2620 wrote to memory of 1720	2620	Unicorn-33866.exe	34
PID 2508 wrote to memory of 2692	2508	Unicorn-35599.exe	35
PID 2508 wrote to memory of 2692	2508	Unicorn-35599.exe	35
PID 2508 wrote to memory of 2692	2508	Unicorn-35599.exe	35
PID 2508 wrote to memory of 2692	2508	Unicorn-35599.exe	35
PID 2492 wrote to memory of 2772	2492	Unicorn-5640.exe	36
PID 2492 wrote to memory of 2772	2492	Unicorn-5640.exe	36
PID 2492 wrote to memory of 2772	2492	Unicorn-5640.exe	36
PID 2492 wrote to memory of 2772	2492	Unicorn-5640.exe	36
PID 2456 wrote to memory of 2176	2456	Unicorn-9169.exe	37
PID 2456 wrote to memory of 2176	2456	Unicorn-9169.exe	37
PID 2456 wrote to memory of 2176	2456	Unicorn-9169.exe	37
PID 2456 wrote to memory of 2176	2456	Unicorn-9169.exe	37
PID 2632 wrote to memory of 2288	2632	Unicorn-7565.exe	38
PID 2632 wrote to memory of 2288	2632	Unicorn-7565.exe	38
PID 2632 wrote to memory of 2288	2632	Unicorn-7565.exe	38
PID 2632 wrote to memory of 2288	2632	Unicorn-7565.exe	38
PID 1720 wrote to memory of 1468	1720	Unicorn-37369.exe	39
PID 1720 wrote to memory of 1468	1720	Unicorn-37369.exe	39
PID 1720 wrote to memory of 1468	1720	Unicorn-37369.exe	39
PID 1720 wrote to memory of 1468	1720	Unicorn-37369.exe	39
PID 2620 wrote to memory of 1256	2620	Unicorn-33866.exe	40
PID 2620 wrote to memory of 1256	2620	Unicorn-33866.exe	40
PID 2620 wrote to memory of 1256	2620	Unicorn-33866.exe	40
PID 2620 wrote to memory of 1256	2620	Unicorn-33866.exe	40
PID 2692 wrote to memory of 2240	2692	Unicorn-53575.exe	41
PID 2692 wrote to memory of 2240	2692	Unicorn-53575.exe	41
PID 2692 wrote to memory of 2240	2692	Unicorn-53575.exe	41
PID 2692 wrote to memory of 2240	2692	Unicorn-53575.exe	41
PID 2772 wrote to memory of 1244	2772	Unicorn-48744.exe	42
PID 2772 wrote to memory of 1244	2772	Unicorn-48744.exe	42
PID 2772 wrote to memory of 1244	2772	Unicorn-48744.exe	42
PID 2772 wrote to memory of 1244	2772	Unicorn-48744.exe	42
PID 2492 wrote to memory of 2052	2492	Unicorn-5640.exe	44
PID 2492 wrote to memory of 2052	2492	Unicorn-5640.exe	44
PID 2492 wrote to memory of 2052	2492	Unicorn-5640.exe	44
PID 2492 wrote to memory of 2052	2492	Unicorn-5640.exe	44

C:\Users\Admin\AppData\Local\Temp\f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f550cdc60dca257e23cd6da7f91cdae8_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41297.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41297.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35599.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33866.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37369.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39022.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45960.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63853.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33807.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        10⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23154.exe
        11⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        12⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
        13⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe
        10⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62807.exe
        11⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        9⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25335.exe
        11⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36354.exe
        9⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        10⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16797.exe
        11⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
        12⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46324.exe
        10⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31031.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        10⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
        7⤵
        Program crash
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52213.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46152.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        9⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
        10⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59992.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        8⤵
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54076.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53153.exe
        7⤵
        Executes dropped EXE
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
        9⤵
        
        PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38825.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64772.exe
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36340.exe
        10⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5067.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63054.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26781.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
        9⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38582.exe
        10⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28283.exe
        11⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45805.exe
        8⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56786.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
        8⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1850.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8788.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54310.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        10⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9204.exe
        11⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30620.exe
        9⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41794.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
        11⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21020.exe
        10⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
        9⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17882.exe
        10⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34636.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        8⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19999.exe
        10⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
        9⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24600.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3.exe
        8⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        9⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1334.exe
        10⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
        11⤵
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39256.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        8⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54819.exe
        9⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
        10⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
        9⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        10⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44907.exe
        7⤵
        
        PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45965.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32333.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55400.exe
        7⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        8⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        7⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
        8⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58258.exe
        9⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17198.exe
        10⤵
        
        PID:3240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52255.exe
        6⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21020.exe
        8⤵
        
        PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31856.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        7⤵
        
        PID:2064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17419.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13905.exe
        9⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        10⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
        11⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53449.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38212.exe
        9⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52619.exe
        10⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
        8⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 220
        9⤵
        Program crash
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41455.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52961.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64772.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20523.exe
        9⤵
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22057.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41700.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49479.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32152.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        9⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
        7⤵
        
        PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62301.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9563.exe
        8⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
        6⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55919.exe
        7⤵
        
        PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-293.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43267.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        7⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
        8⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
        9⤵
        
        PID:3620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        6⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9010.exe
        8⤵
        
        PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63090.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
        6⤵
        
        PID:2076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-37430.exe

Filesize
184KB

MD5
049a77ce9b0ed2deae1312cf0f3cd002

SHA1
9cebfcc5c1cbe650121b9c578a942f2dc6b3d68b

SHA256
b15126afdd04e7b6cfdaeef340d4c1b318f2a244526d5a41c14f77f681f3a928

SHA512
1386974131aea92de7697cfccd54d1635c2786c75e6f1e3b7d8ffc4581b4ecb3cd01072b03de90b43b0bdf19e096c8497365c3be737c6363a785d4057916e1d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe

Filesize
184KB

MD5
73944ef73fe22a44b01f6e403f523c99

SHA1
da1d370554f5db0ac3ca146b7c40ada447fdddbf

SHA256
02e271cafc62f716878bf5180b586871a541ea9d60463f2c9cfc84b119fd032c

SHA512
65982511601d34e37cc881e551090650f88b2419b172082d045ead58a7ff0ac2d58f86cc4f434d5e1b20c184cb7c14fc910a04781df2961bd4993609f4e03caf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53575.exe

Filesize
184KB

MD5
68a96b75ccdf0e5c35bdfdebb49effb5

SHA1
58e72626d1c7892467267eb4d64cc442aede7fad

SHA256
aa14a857f8573bdbe21a0d3531cbd9d428bf7a5d20c7aa7544e3fac1ce52cfbd

SHA512
38ad26e9dd0a463cf26ce39f162ff98adfdeefe5ba5cc65c6eed464e16b87ff1178e49152a817185ddc6d26a04b385519c2fbdbfab772c1e29af1f073e3b2357

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6194.exe

Filesize
184KB

MD5
cc0a02d9c902a2fd9b4b3a81751ec96a

SHA1
13bf05299574a6c740116580549abd0fcfcf8ce8

SHA256
2b90a8fea18e90ee95b31f8cdbf5ecdd683c712404a71cdacc3353e9e65877df

SHA512
f6c0798ebec3cbad8796118f91023ae0d9f5714672a55a97dfd9aea723e954387d777753fa46e4861651d3e1f0b71cd4130473ae00a5e5198d8d924e289279f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe

Filesize
184KB

MD5
4b33a36c03ef924fd6c88c57ad8c1836

SHA1
bece40b333176a53fd012cc0b6b0b9e1cce01e6a

SHA256
16dd397df2dcfd394a74972feae88eb15390108c65137e8abb45800a80a636ea

SHA512
14abd8b0bc1a6095b0ab2558aff2c3a16719e2cd65814768417e6591e70991d0d10342c487b1581f63826a537a980252831e6835bd5a9a58519255d731264c85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24798.exe

Filesize
184KB

MD5
914c0444ba623bbdd5ed1977e71afed4

SHA1
fbbd7f348983bbbf9e38f1d98f7413287104d59c

SHA256
f88c29e48366933c8e5cde2fbc7f63edb2f3c0d291411ff67700e81bd522f9e5

SHA512
0a14f83b229a9e40b91205b17f8042b48413091b36b8cf024474940c417a681b3a31e338bc3189747e3c07af889ea10bc25642d2b28287259a8a9bc3259a8411

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-293.exe

Filesize
184KB

MD5
5913ba859d9c5864b55c3bb30a632b21

SHA1
9e4f335daeb7b78ac88c81db189812de0e470b11

SHA256
a013bb0a37a022683f444b33800296d7116d93a1a8bf64a33b9918b877f408a9

SHA512
4fd60a4d86c4361238e8759ef7b517d274a1c5415e2fb439b133fee8ab9b20a5cded778994546d56076c9a27cdc934a1afce67c71a04e99931ba854064e3083f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33866.exe

Filesize
184KB

MD5
0c743c822102fff5dfa8656af6e9a265

SHA1
5fc56933008dfe946df858870b51631a8f53d317

SHA256
185b6ba6b712dac678f9d9a9adb45ed748f09c0b2628545cde8afcfbcf128d0d

SHA512
905c717e2c4e99bf392aad028c5bfc3065f798890d01a05c65c2a1a827d30f9fccd970a889d2e6f5d624e576b550ecc793bdb624779b9dbb62c5fcda2f4a255a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35599.exe

Filesize
184KB

MD5
47d6b5525f3460f76183f902b69abf08

SHA1
e4e0fdd6c4f596a86bb067dab1d6428dc781f738

SHA256
7942fcb52141fb0e6affb23fac6eeacc3df2cf88bf3bf7e6472792efea595397

SHA512
cd8ae446fb29958ae9caa20496b949c8c503b1d8bdabba99c0d5ff76f1ba083270d3d821d33e6bf89594d17342866acb5cccb14f450c688c27a5e9a2ef7ebdcd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37369.exe

Filesize
184KB

MD5
c584b88ea375747e3a65041351abf2d5

SHA1
e663d54d06d06c037b6fee1fe0259e303fdcb849

SHA256
f368e5f8d38c0226ca5f0af45477fbc871c8f151b8d82969072c7d89ffa856f3

SHA512
79b22a2d5348f70eb0035282f827d594a5627db00c792e22259d2725138d2ad860011d88346d09aff4277ac3eb17406e04f2a235b76f44e1e8c7160c30b50318

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39022.exe

Filesize
184KB

MD5
8485979fca0e57afb9d687ba601e6251

SHA1
a595c4f6b2dc6c9d976a5c4c2881f9711217822d

SHA256
bce7c9ea53889dbba3b16efdaaaea98b63490ab4c4d2b7d155c206c6d18012a4

SHA512
11df20a7936b15162d4437e187782896108ce71de282b7dab36b01ff3894202b2fc5df8e022bb581a40b9493118298c0b24c524fcd21ad498c6460cb41b84f55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41297.exe

Filesize
184KB

MD5
ffb05bb117f700dfd254b285edb7a742

SHA1
d0b90d6e0672631e3b3807357f95c33b29929b7e

SHA256
b7a87ad58c988e7b067f1e35a588ff3cf82d2ff2b0fda2396a9fd849730f618d

SHA512
b178af64ec21db3623df77a5b8e4883b1e66bee12a1a7e8388a041d98f4ef06b700bbda346c5112effeb5127d1dd96d545e580d0f4431515c15eed8130dd21fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45965.exe

Filesize
184KB

MD5
01dc18eadb54a05c0cb52fff7cb3e34c

SHA1
03141575436946221c932c8a6381e62788fba8bd

SHA256
b43b652696c83fcb3405966136340f082617c236af0f92180b934176bc9b29da

SHA512
95122db4758e2ab5f225c0ea0c2665d3dc0bf890900ff9ebb93831a5423953d4a22f42e93fa046fc8b01e5930412a7b766e5ec83b7ab2c38d03169027bd654eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47574.exe

Filesize
184KB

MD5
3f07f44027e890614dadf51c95ee8d68

SHA1
be445851506ca1079f79b87df181aedbccac9ee5

SHA256
81b80006c09dcbbc4a7935c58e0d73948a00d74234d66e946af0533ee72f9b63

SHA512
f5105c3aea9a5d7800c9d1094cf4c457da961c1a20c440a64144d099a6562fdb747872769c0dbd69710bbbf152762c1906ae399cfc686b71ff5b96a00ffd1a1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe

Filesize
184KB

MD5
3e4adf42f79ce9f4db54ead26ffc2ef4

SHA1
d45b88059a7673cbceb0eab74f92e045c9b418d6

SHA256
50483a4a33890e9e504b962790d4cb155857d661c389ba5e13c265462c4eff00

SHA512
4a260e016bfca2dd6f5e04f8d9518df1fe66b5d210b6ca7df635a9664d6a7632ffc82507ddac3e19e1986861086364daec157cb92bc01c95bb25514e24e7b055

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52213.exe

Filesize
184KB

MD5
b783bcb4ae733a795e30e013f130c3f6

SHA1
06f300cb19f13c5a1c67d446928b40022390d7a7

SHA256
f615bd3d896023a91f6bf0654c405ebafc9eb8597687a44001f37daa3130fcae

SHA512
952207742a189c8eb891e6c3eb81c065585f935e802dca2ef6e075f5a2048305046972c1936a23454e1d6257738be4d71cc629ae7702addf4826d00160d1ef1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5640.exe

Filesize
184KB

MD5
277d61cfebaa26c9a15996ffa7f9a4ee

SHA1
7e5d3637a2e1675be198360680a52a2117f6f25e

SHA256
3d86891a96fbb1a12ee77f19d7e75f84223c67d63729e66d52d0be0d8ad2646b

SHA512
0522c7409cb1da7d29bb0e76c5ea255eb062483e1686dfe1bab7aa38f5a0932811b783c612e5c8218598d0d245c2b33c0dbfd0a548916bb1220e5068fdf2cba7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62301.exe

Filesize
184KB

MD5
c59b194678153db04d1112e3ae3224c6

SHA1
40f01e1c56fcce14fd6f62b710da8d637406a74e

SHA256
def8fb9e7eb1b27a2b6c078aff657876380e5e22aeb98d483de6a47389a1c857

SHA512
3ab1cddc24acdbdfb0b1e8ac6ab11d5967d20937c0121d8ff52579eb99148dab8e7c2c7da359ea01022d4c6bbeac717380a71a7b6a1889abbb75fc83b8ad4cae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe

Filesize
184KB

MD5
e6b937eedbbe61b86b901ffbaff68c38

SHA1
c1061594cea9a02e9517844d73a2155232827240

SHA256
828bf689c5345b2bd4e0c8b81e35f0140879c6db589f709bca4b3f58bc8cc90b

SHA512
cf659938b210b5f8e0e7ab73945dfe421cb5897641a102d14a7e626bb226c2cf9dcd23654653d0fd81802db7603d45336bc371764ff96cead678fe4c2ec26a9a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe

Filesize
184KB

MD5
1ce138fa040e1382eddf9fd9058495d3

SHA1
eefb9e9bf8a419f17ee9ebe1ad8f24ecf1b3177e

SHA256
245678db0454cfbb46496f875c89f0d003ff837cc40bdf9b2acc8b1e47cec403

SHA512
801329445624c1d503268d8079f153b59f873610f6cba969882265ef1ecff495cb1da1088a3530e7bc68a2cd74448a879e6d988883b314e563d8b4f78871db07

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads