614d58212de2058fb52373140a36e57276cee855e1754af35d7f8a91c219a6cd

Analysis

max time kernel
35s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 15:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe
Size

184KB
MD5

f613285af3ac743fe10a615163e2f8eb
SHA1

ba7ed7977782edf5b88c286f406a58979af0128b
SHA256

614d58212de2058fb52373140a36e57276cee855e1754af35d7f8a91c219a6cd
SHA512

f27520b4abeef747224158fe23c616632ee908122d886a559e7fc2183f5deff15d1052eb6259feec17363751c5cba586009fe920d28607748291076decb65bf7
SSDEEP

3072:coNDoVVmQ9ACiejmMaZYJwc9CI8NMHrRlFQrxKPLUOClP6pFw:coloVqCipMDJwc9DpTClP6pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1028	Unicorn-4251.exe
2316	Unicorn-4972.exe
2144	Unicorn-24838.exe
2580	Unicorn-20081.exe
2428	Unicorn-39947.exe
2448	Unicorn-15442.exe
2488	Unicorn-14539.exe
1856	Unicorn-2287.exe
1616	Unicorn-63740.exe
1644	Unicorn-47959.exe
2136	Unicorn-43875.exe
940	Unicorn-21997.exe
2708	Unicorn-15452.exe
1244	Unicorn-9936.exe
2128	Unicorn-64098.exe
1172	Unicorn-19728.exe
2096	Unicorn-35510.exe
688	Unicorn-27896.exe
1736	Unicorn-26595.exe
1564	Unicorn-2645.exe
1800	Unicorn-34763.exe
1064	Unicorn-18427.exe
2804	Unicorn-60014.exe
952	Unicorn-7134.exe
2228	Unicorn-15302.exe
3068	Unicorn-40361.exe
2968	Unicorn-2858.exe
1104	Unicorn-54472.exe
1664	Unicorn-50388.exe
2836	Unicorn-6018.exe
1588	Unicorn-30522.exe
2840	Unicorn-25884.exe
2304	Unicorn-59111.exe
2112	Unicorn-13439.exe
2656	Unicorn-9355.exe
2940	Unicorn-55987.exe
2556	Unicorn-2147.exe
2468	Unicorn-39288.exe
2444	Unicorn-15338.exe
2132	Unicorn-5484.exe
2004	Unicorn-27166.exe
2792	Unicorn-60201.exe
1512	Unicorn-51478.exe
1180	Unicorn-43865.exe
2720	Unicorn-63730.exe
1444	Unicorn-47202.exe
2124	Unicorn-26782.exe
2024	Unicorn-3237.exe
1752	Unicorn-27336.exe
2076	Unicorn-6916.exe
1928	Unicorn-15489.exe
768	Unicorn-60606.exe
696	Unicorn-48162.exe
2300	Unicorn-39994.exe
2788	Unicorn-20128.exe
2580	Unicorn-35910.exe
2920	Unicorn-24212.exe
2496	Unicorn-26455.exe
2824	Unicorn-51706.exe
1672	Unicorn-1374.exe
1844	Unicorn-59298.exe
1812	Unicorn-54659.exe
2680	Unicorn-44114.exe
2588	Unicorn-59895.exe

Loads dropped DLL 64 IoCs

pid	Process
2332	f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe
2332	f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe
2332	f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe
1028	Unicorn-4251.exe
2332	f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe
1028	Unicorn-4251.exe
1028	Unicorn-4251.exe
1028	Unicorn-4251.exe
2144	Unicorn-24838.exe
2144	Unicorn-24838.exe
2316	Unicorn-4972.exe
2316	Unicorn-4972.exe
2580	Unicorn-20081.exe
2580	Unicorn-20081.exe
2428	Unicorn-39947.exe
2428	Unicorn-39947.exe
2144	Unicorn-24838.exe
2144	Unicorn-24838.exe
2448	Unicorn-15442.exe
2316	Unicorn-4972.exe
2448	Unicorn-15442.exe
2316	Unicorn-4972.exe
2488	Unicorn-14539.exe
2488	Unicorn-14539.exe
2580	Unicorn-20081.exe
2580	Unicorn-20081.exe
1856	Unicorn-2287.exe
1856	Unicorn-2287.exe
2136	Unicorn-43875.exe
2136	Unicorn-43875.exe
2428	Unicorn-39947.exe
2428	Unicorn-39947.exe
1644	Unicorn-47959.exe
1644	Unicorn-47959.exe
2448	Unicorn-15442.exe
2448	Unicorn-15442.exe
644	WerFault.exe
644	WerFault.exe
644	WerFault.exe
644	WerFault.exe
644	WerFault.exe
940	Unicorn-21997.exe
940	Unicorn-21997.exe
2488	Unicorn-14539.exe
2488	Unicorn-14539.exe
2708	Unicorn-15452.exe
2708	Unicorn-15452.exe
1244	Unicorn-9936.exe
1244	Unicorn-9936.exe
1856	Unicorn-2287.exe
1856	Unicorn-2287.exe
1172	Unicorn-19728.exe
1172	Unicorn-19728.exe
2096	Unicorn-35510.exe
2096	Unicorn-35510.exe
1644	Unicorn-47959.exe
1644	Unicorn-47959.exe
688	Unicorn-27896.exe
688	Unicorn-27896.exe
1736	Unicorn-26595.exe
1736	Unicorn-26595.exe
1564	Unicorn-2645.exe
1564	Unicorn-2645.exe
940	Unicorn-21997.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
644	2128	WerFault.exe	42
2576	952	WerFault.exe	52
2944	2720	WerFault.exe	73

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2332	f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe
1028	Unicorn-4251.exe
2316	Unicorn-4972.exe
2144	Unicorn-24838.exe
2580	Unicorn-20081.exe
2428	Unicorn-39947.exe
2448	Unicorn-15442.exe
2488	Unicorn-14539.exe
1856	Unicorn-2287.exe
2136	Unicorn-43875.exe
1644	Unicorn-47959.exe
1616	Unicorn-63740.exe
940	Unicorn-21997.exe
2708	Unicorn-15452.exe
1244	Unicorn-9936.exe
2128	Unicorn-64098.exe
1172	Unicorn-19728.exe
2096	Unicorn-35510.exe
688	Unicorn-27896.exe
1736	Unicorn-26595.exe
1564	Unicorn-2645.exe
1800	Unicorn-34763.exe
1064	Unicorn-18427.exe
2804	Unicorn-60014.exe
952	Unicorn-7134.exe
2228	Unicorn-15302.exe
3068	Unicorn-40361.exe
2968	Unicorn-2858.exe
1664	Unicorn-50388.exe
1104	Unicorn-54472.exe
2836	Unicorn-6018.exe
2112	Unicorn-13439.exe
2840	Unicorn-25884.exe
1588	Unicorn-30522.exe
2304	Unicorn-59111.exe
2656	Unicorn-9355.exe
2556	Unicorn-2147.exe
2444	Unicorn-15338.exe
2940	Unicorn-55987.exe
2468	Unicorn-39288.exe
2132	Unicorn-5484.exe
2004	Unicorn-27166.exe
2792	Unicorn-60201.exe
2720	Unicorn-63730.exe
1512	Unicorn-51478.exe
2076	Unicorn-6916.exe
1444	Unicorn-47202.exe
1752	Unicorn-27336.exe
1928	Unicorn-15489.exe
2580	Unicorn-35910.exe
1180	Unicorn-43865.exe
2124	Unicorn-26782.exe
2024	Unicorn-3237.exe
768	Unicorn-60606.exe
2300	Unicorn-39994.exe
696	Unicorn-48162.exe
2788	Unicorn-20128.exe
2920	Unicorn-24212.exe
2496	Unicorn-26455.exe
2824	Unicorn-51706.exe
1672	Unicorn-1374.exe
1844	Unicorn-59298.exe
1812	Unicorn-54659.exe
2680	Unicorn-44114.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 1028	2332	f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe	28
PID 2332 wrote to memory of 1028	2332	f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe	28
PID 2332 wrote to memory of 1028	2332	f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe	28
PID 2332 wrote to memory of 1028	2332	f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe	28
PID 2332 wrote to memory of 2316	2332	f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe	29
PID 2332 wrote to memory of 2316	2332	f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe	29
PID 2332 wrote to memory of 2316	2332	f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe	29
PID 2332 wrote to memory of 2316	2332	f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe	29
PID 1028 wrote to memory of 2144	1028	Unicorn-4251.exe	30
PID 1028 wrote to memory of 2144	1028	Unicorn-4251.exe	30
PID 1028 wrote to memory of 2144	1028	Unicorn-4251.exe	30
PID 1028 wrote to memory of 2144	1028	Unicorn-4251.exe	30
PID 1028 wrote to memory of 2580	1028	Unicorn-4251.exe	31
PID 1028 wrote to memory of 2580	1028	Unicorn-4251.exe	31
PID 1028 wrote to memory of 2580	1028	Unicorn-4251.exe	31
PID 1028 wrote to memory of 2580	1028	Unicorn-4251.exe	31
PID 2144 wrote to memory of 2428	2144	Unicorn-24838.exe	32
PID 2144 wrote to memory of 2428	2144	Unicorn-24838.exe	32
PID 2144 wrote to memory of 2428	2144	Unicorn-24838.exe	32
PID 2144 wrote to memory of 2428	2144	Unicorn-24838.exe	32
PID 2316 wrote to memory of 2448	2316	Unicorn-4972.exe	33
PID 2316 wrote to memory of 2448	2316	Unicorn-4972.exe	33
PID 2316 wrote to memory of 2448	2316	Unicorn-4972.exe	33
PID 2316 wrote to memory of 2448	2316	Unicorn-4972.exe	33
PID 2580 wrote to memory of 2488	2580	Unicorn-20081.exe	34
PID 2580 wrote to memory of 2488	2580	Unicorn-20081.exe	34
PID 2580 wrote to memory of 2488	2580	Unicorn-20081.exe	34
PID 2580 wrote to memory of 2488	2580	Unicorn-20081.exe	34
PID 2428 wrote to memory of 1856	2428	Unicorn-39947.exe	35
PID 2428 wrote to memory of 1856	2428	Unicorn-39947.exe	35
PID 2428 wrote to memory of 1856	2428	Unicorn-39947.exe	35
PID 2428 wrote to memory of 1856	2428	Unicorn-39947.exe	35
PID 2144 wrote to memory of 1644	2144	Unicorn-24838.exe	36
PID 2144 wrote to memory of 1644	2144	Unicorn-24838.exe	36
PID 2144 wrote to memory of 1644	2144	Unicorn-24838.exe	36
PID 2144 wrote to memory of 1644	2144	Unicorn-24838.exe	36
PID 2448 wrote to memory of 1616	2448	Unicorn-15442.exe	37
PID 2448 wrote to memory of 1616	2448	Unicorn-15442.exe	37
PID 2448 wrote to memory of 1616	2448	Unicorn-15442.exe	37
PID 2448 wrote to memory of 1616	2448	Unicorn-15442.exe	37
PID 2316 wrote to memory of 2136	2316	Unicorn-4972.exe	38
PID 2316 wrote to memory of 2136	2316	Unicorn-4972.exe	38
PID 2316 wrote to memory of 2136	2316	Unicorn-4972.exe	38
PID 2316 wrote to memory of 2136	2316	Unicorn-4972.exe	38
PID 2488 wrote to memory of 940	2488	Unicorn-14539.exe	39
PID 2488 wrote to memory of 940	2488	Unicorn-14539.exe	39
PID 2488 wrote to memory of 940	2488	Unicorn-14539.exe	39
PID 2488 wrote to memory of 940	2488	Unicorn-14539.exe	39
PID 2580 wrote to memory of 2708	2580	Unicorn-20081.exe	40
PID 2580 wrote to memory of 2708	2580	Unicorn-20081.exe	40
PID 2580 wrote to memory of 2708	2580	Unicorn-20081.exe	40
PID 2580 wrote to memory of 2708	2580	Unicorn-20081.exe	40
PID 1856 wrote to memory of 1244	1856	Unicorn-2287.exe	41
PID 1856 wrote to memory of 1244	1856	Unicorn-2287.exe	41
PID 1856 wrote to memory of 1244	1856	Unicorn-2287.exe	41
PID 1856 wrote to memory of 1244	1856	Unicorn-2287.exe	41
PID 2136 wrote to memory of 2128	2136	Unicorn-43875.exe	42
PID 2136 wrote to memory of 2128	2136	Unicorn-43875.exe	42
PID 2136 wrote to memory of 2128	2136	Unicorn-43875.exe	42
PID 2136 wrote to memory of 2128	2136	Unicorn-43875.exe	42
PID 2428 wrote to memory of 1172	2428	Unicorn-39947.exe	43
PID 2428 wrote to memory of 1172	2428	Unicorn-39947.exe	43
PID 2428 wrote to memory of 1172	2428	Unicorn-39947.exe	43
PID 2428 wrote to memory of 1172	2428	Unicorn-39947.exe	43

C:\Users\Admin\AppData\Local\Temp\f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f613285af3ac743fe10a615163e2f8eb_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4251.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4251.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13439.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27166.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1374.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        11⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4678.exe
        12⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        10⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        11⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59298.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        10⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11290.exe
        11⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53548.exe
        12⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        9⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7496.exe
        10⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        11⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24285.exe
        12⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26320.exe
        10⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
        9⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        9⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
        10⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49158.exe
        8⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9355.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        9⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        9⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        10⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11554.exe
        11⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
        9⤵
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19728.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
        7⤵
        Program crash
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55987.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
        9⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26741.exe
        10⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
        11⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20947.exe
        12⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        7⤵
        
        PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2147.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51478.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
        8⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
        9⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
        10⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
        11⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        8⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42698.exe
        9⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        10⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
        11⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        12⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3849.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        8⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43865.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27991.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        8⤵
        
        PID:1556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14539.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26595.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54472.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47202.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59895.exe
        9⤵
        Executes dropped EXE
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        10⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
        11⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27777.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1239.exe
        9⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49335.exe
        10⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
        8⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        9⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24783.exe
        8⤵
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30522.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15546.exe
        8⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
        9⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48712.exe
        8⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56611.exe
        9⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        7⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6605.exe
        8⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39994.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
        7⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
        8⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15739.exe
        7⤵
        
        PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34763.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25884.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
        8⤵
        Program crash
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1239.exe
        8⤵
        
        PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6018.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26455.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        8⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
        7⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37612.exe
        7⤵
        
        PID:1796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2858.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39288.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48162.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        8⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62287.exe
        7⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3486.exe
        7⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
        8⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26993.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
        10⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
        11⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60606.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
        8⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
        9⤵
        
        PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2128
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 188
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19728.exe

Filesize
184KB

MD5
218a8aab046ae25804f403b67df565b9

SHA1
7b544086f696666248b72492bf2f70fe31ebce22

SHA256
57c5c2d3c9eadc363fad9fc8dfe09e17cbe3de1c653939fba6fe625e033dfa21

SHA512
c29fc4e97a22de904c78a60b908b747072ccb62d64bfab7b2a79f42e91d84f4791817f42570c37763b397d55ca1e73203f8b71790a99875b85e5df5c27525dbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe

Filesize
184KB

MD5
78af6404ee469382f9887fd75797feda

SHA1
efefc064c10b4cb285395539d4d2154db2cba933

SHA256
d9d8e9f367624b0e68dbc077f259157b79536c996387c98de1740859942469b3

SHA512
cc93411d8876fee25850eb20a04bee7890c4ea881f284911b3d3e3e7f2cb2c622888944d654ce17e67272f13bd31bd931096b349d578f394db28faa9209c7487

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe

Filesize
184KB

MD5
00338f50cb5d5220b4665a2e24164fd0

SHA1
d39800a1a35ab44478c6b315dc3f6a7330b69383

SHA256
c7e7908f7777ecb4486cb1286a9c2991dd0ff4d1de368d0185b02179709dd1e8

SHA512
e63b3f6412e426c4c3fff2f523d632c30e76f5dc08d7341e7cf349fd0bb601250147414551a20724331fba9e3b2ece653574f04e533bf9102e665c65ac37a353

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5484.exe

Filesize
184KB

MD5
c8e8615a4d9df0da99abe5eda3864eca

SHA1
39fbb3df2cba6fadc3f7c90748f77725f00a02be

SHA256
f806e64557b58deca248019a8182bd94907ab4a349383023d8f556cb34fc173e

SHA512
363d61f5b42b8cefe58bb2369b76e8646f495ff87efc796281cf434c8ad6cabe414c2887b17b2eb1329bef8d20d40372edef465676dbd142249ad97ffd3c1219

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe

Filesize
184KB

MD5
ac7de0a6719a223b3f4dd63a60443bab

SHA1
e5c48e5e7c38c81c5defbd2a09d5a60b8365894f

SHA256
a52790f7f3024e78f049ab7fe871b5b580b69d21c887511089e05dd78f3c7e3c

SHA512
dbbd2f9189050e320c88cda4213da58367a2d6778aa7bfd7d236dda3d007a3d118dafa42088ee885c2da0bfc87db666ade44a7702adf5f3ad796ede323c6b9ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6605.exe

Filesize
184KB

MD5
cd8a889b1bcff7f15810757d09df7950

SHA1
a762fe1825048deae45cb8cd22cea17d424ef58e

SHA256
edb0eba15080d9b9f1c0670b2ea14793cd485919858130ff517137b448ae8db5

SHA512
e564ac1b2d0ae970a22dfcd69d1fe07a1c9a4d3c9168888dba4f330555d4c15d3e26eace3eb108047ee789f5d52210e6edf1c86b47a34cc439a0b66c9018ab8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe

Filesize
184KB

MD5
e6cbefd7692d31a9fc4e91c0d6856e3c

SHA1
866114eef79e8f785f1ad7f404950f6d4d6ac57d

SHA256
b65838b42c7c17270ebbfc68f13476172588ce78e52f0f34200ead0a588e656e

SHA512
4565dbbfd07cdede043cd756678f8646b40ef7414f419e0eee2cdc4db43270dfeab16c7e2da4d331cd125d14d9eff5a567796cfe4bbb566f8ba7cb1e1f62a869

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14539.exe

Filesize
184KB

MD5
c5486ce1e21f625658ae8f5162d191ea

SHA1
4718a87dd42d41229b8907f3c34370aa5a150634

SHA256
70c9570f1a38232bf72a44da55f42876e559a6d1100bd21c74496dcfb8aa9ac9

SHA512
809b968223ab8ee1653108d863407529fba6c8b85713f33fd512e9f05bf913685d13085f877b5dfdfb290a54071e5bb1ad591911ec59ae4e2520a2ee3686d754

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15442.exe

Filesize
184KB

MD5
81fc24564f8800f9e2769e37f253d51f

SHA1
1de33be34668bd9faaaec27fd8454eb40f0d4420

SHA256
9cabc94448b2aa4a6ebdac50be6f947395b531c484b597f3379289537105288a

SHA512
70ae74881f8ccacb45659304f2ea3fa775dcab9a421ce21a0ae8c01ee64e46b5e782447fa3ae8feed3884f15decbc9dbdc4cfd77240581309f398268a23d2ef5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe

Filesize
184KB

MD5
63030429df20ab8c7ff9e58377c67b3e

SHA1
d19f226817be5f91c01cb502ec48a43c82045e9e

SHA256
ed50d16a960252ea334ed6641f0efed81f2e052daa2c32def05f091e495c9183

SHA512
26570594de4f08489eccd8267757e0ebfeb3d953d5e9c0b7aa6561e0123ba5c73bd8fe674ecea4eab480c985d5a56c12b7ece7b4d1a52e045d3486f41a580ec1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20081.exe

Filesize
184KB

MD5
8928d33a81ad3b6c62ecbeb068f48b99

SHA1
e9304fb7a682051dfba6efa8f9b9a97fad10c27d

SHA256
24481bf401c5ee2d9719a45334703cc17edfbe16fe990c10155b78585fe8be19

SHA512
5b23e01120031e8fc4259414a52b3a17ab430876b84f2bc38866ee12bf6fd8470564f1379ee8f108ecb47f1b44dd1ec5b14d33c96b46d0a3ee215f24d1026985

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21997.exe

Filesize
184KB

MD5
de3d9d9eafcfe5174b4aa16c4dd5f802

SHA1
398d7ac9ccf30c79ada365c33ac1c58af46a55b5

SHA256
4baa1c265bad8077e012f9c93794410e7b2aa0958b67d6e8393a86e4ec1f359e

SHA512
0cbaa3cf240793d48cd6b1c0311a32daa043bbf925e58c0916a36538c7b83a9e6a3ed7b6a0513b074863ec067a9974469851878062586b76da2d7b3dd8d23789

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe

Filesize
184KB

MD5
b871a6a60a0775af1327009f1a23f20e

SHA1
0a9eccc642fb16c9358bc0e612857ef6ab798832

SHA256
4bf9fbf77c21ebd76bcf53efecf594674864708e2debd611c51d86e349ee5e79

SHA512
1c30321dada7e3cee1062f50d5e7396c4e8be241469fa1e139ed3abd38d070fefe3ac9e514602bd7ff968162a1493a7687e1021c3304b7b8216423bf35e8881f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27896.exe

Filesize
184KB

MD5
1179e01944ec184720797da4566ce819

SHA1
11f3ee86b62311639f8a4eccb5ab163bce5cc105

SHA256
db9a8ba4036cee42e934d8da4662976337be2daeb568c6cecb76c19d894b9437

SHA512
332750bcd3762cd1267e14019cc14ebb926af2c7707d08c158eeb2d21597ab1d16f982355e91f6de292a5830351a581111e15aae676eb05d54c36095edc13d6e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35510.exe

Filesize
184KB

MD5
748714a6847df18844492659daba7a94

SHA1
486e0000afe3ff11b5f8e0c24feedb7190ad472f

SHA256
4e6437f9946c054e83bb822efa94bcbfd9889ebbd95eb60da96a4a83a8c97318

SHA512
3054f911ee4109b34e9efac2c40dcf8df2b12a537a898b0eb412e1de5fdfb4e205a456af1058ee337f33369692b8065b5044a38ef5c0b6ff258cb61f88d9f7da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe

Filesize
184KB

MD5
c0825ac175cca50ac8bcf134d3b1052b

SHA1
96be2384564af140c93d42b3b5ce03e0c24a212f

SHA256
8b033376ea55dbe7fc0b87a89e607dda78c1539e3e9911588985562dc7960070

SHA512
169d401b26a7314a1779c9e4a9cafbbc03bbe6f4e62b6dfdebce39d7cc858504ec4c790cd251134f13490b5bd335e207da4a8852fa1378e5921f6620bbf31497

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4251.exe

Filesize
184KB

MD5
260a6f176d6a237b2d294d5475835ab1

SHA1
a0f9140eb6a6846c53c67a0b83c0366272ae1c28

SHA256
cbb935982cc43b7548635bc910a8a0f75b268af6afdf555febaa5233a907488a

SHA512
c5e1340b1480980405c9574679d52b7bd4525cf008fe46f8b5c3003672519056ce50c14974ce9edd64c907ca9bc916a9287cdf059ee84b55f940d7fb2f7aea37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe

Filesize
184KB

MD5
5117d525a02d6d469879198b5c0558e8

SHA1
70952dab217ae67b65ef8fea1364a163f175513d

SHA256
5b38ec2ec6b4c483f9e96c7d5670af8686519989d73b58954c8b2d3d5532829c

SHA512
e1459c1527c593312e065adfd486f68be1aa319ce930c4aad3eb102cdb69b8ff9dffb968eac6c5cd6b192f3f497de2b49955a74210cd9338bb2f845a347d0498

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe

Filesize
184KB

MD5
00a32d3f98090ab3a83434b49c279109

SHA1
977524be617929d4820853c7ca85d698c1c801f9

SHA256
a5bd9955923cf36ec79ebf97f715e444481a5a43a2597b17e035c95db06c6a44

SHA512
952d9f932295469ccf188155f3ed3705308fecf6702e4e1ef7fd7d81b42b379532ed22d7f7c0abaf023d7332ed3770b8f860b8c691289549937a607ea70610f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe

Filesize
184KB

MD5
09e489c57c6c1cc797b67b067bb9e551

SHA1
32ba4bbae4982550245e376ab19064b2a659b822

SHA256
d71fc3662410d8ccbcdf9392789e000e1a53d8190cf6909b604fef6a394526e3

SHA512
1c49aed0c6cc07f970ff3ed99d45f0d00c57ea18cdc6652af43770a70ab4eb70439d72f5cf506f4db9daec07a27ee2dae8db0172f23d406de22efc9bc58ce641

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63740.exe

Filesize
184KB

MD5
456f607a4894bbbd10236bd1ec310453

SHA1
ab0c0e2fdf77ba1dad551d8ad48295be1cc7f72e

SHA256
53cda3af17f9f577306d1b11b7bf47254d116625195dadd3cdfe6eb1a775ab4c

SHA512
3b4950d5d93810b5a7b8e87487cb04c8c8d6a56e070940dc4ed7ed23004f062d29ccda67f482ddcdc897f9428f726b6d42d2df3967239258327f2ab2a927a627

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe

Filesize
184KB

MD5
d19aa94ab9258bd7188e06742612f033

SHA1
7e6d100cdd274b7276d9e49677ea328d5d0ac93d

SHA256
58999249a473ee63d58d565c40292c1875298ead39bdcdfd58d753907ced0808

SHA512
7850df32c4006a0527e25d52eaf8daa08655464a028b14d8ee9badaa9f6f1ad1fc3726651aee6dd0a9b5a7b9bae53df727b16674f51a635ad5edf7cf467e238d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe

Filesize
184KB

MD5
bc791ee337b5247ebc82bb371614d6e0

SHA1
d9bdf7aa280372f6d55869809346cd929df477e8

SHA256
9f52d2aaab2bfd53fb9c988d979b97bfb5d35c38517f1f39b958c3c40a11e6d5

SHA512
ae65e47415eaf49ef4185784105719c699ed4de2b67627c0d719a378a033af1d60f1a228686a1419b68af9a01039be4737b75178cdf1f6ef759e85426160ec81

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads