da93dc0e13a23b76d4a2eadda582be472019e204f724484fe24aa7f58d83d15b

Analysis

max time kernel
52s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/04/2024, 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb88272b9126f9d882be418173451849_JaffaCakes118.exe
Size

184KB
MD5

fb88272b9126f9d882be418173451849
SHA1

5b893b49d79353a931c3bab3a1f90c4f930ea59d
SHA256

da93dc0e13a23b76d4a2eadda582be472019e204f724484fe24aa7f58d83d15b
SHA512

c5a20e8d4438bb78a1d825aaed1b5ef1c3c3d8e55b60a7434987de395014308c95596c6213ab339ccbbf673c91519c108f33352755b2f933dac8a1b619b7701b
SSDEEP

3072:ohi0onmQVuFmgLjjIFpVl8SYqOAWtxolu1SxcCP6aylw3pF6:ohVoT+mgTIHVl8r4eOylw3pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1716	Unicorn-15702.exe
2552	Unicorn-38082.exe
2564	Unicorn-1963.exe
2760	Unicorn-38750.exe
2424	Unicorn-1095.exe
2844	Unicorn-20961.exe
3008	Unicorn-46605.exe
2200	Unicorn-6838.exe
2856	Unicorn-63543.exe
1200	Unicorn-62282.exe
1972	Unicorn-47326.exe
1576	Unicorn-37094.exe
2788	Unicorn-975.exe
1584	Unicorn-24489.exe
2004	Unicorn-60067.exe
2036	Unicorn-3087.exe
548	Unicorn-54447.exe
1276	Unicorn-40235.exe
2064	Unicorn-62354.exe
828	Unicorn-60034.exe
1152	Unicorn-465.exe
2188	Unicorn-45561.exe
1552	Unicorn-65426.exe
1616	Unicorn-16775.exe
760	Unicorn-5722.exe
2136	Unicorn-2878.exe
676	Unicorn-20632.exe
2544	Unicorn-25240.exe
1816	Unicorn-39713.exe
2264	Unicorn-48270.exe
2096	Unicorn-9581.exe
2868	Unicorn-541.exe
2884	Unicorn-56561.exe
2288	Unicorn-45461.exe
2896	Unicorn-65326.exe
2496	Unicorn-60749.exe
2504	Unicorn-39923.exe
2480	Unicorn-59213.exe
2532	Unicorn-13769.exe
1716	Unicorn-62861.exe
2344	Unicorn-51761.exe
2824	Unicorn-37584.exe
2636	Unicorn-18067.exe
2700	Unicorn-33779.exe
1708	Unicorn-9161.exe
2984	Unicorn-53593.exe
2352	Unicorn-55409.exe
3016	Unicorn-53593.exe
2660	Unicorn-54470.exe
1512	Unicorn-51396.exe
2052	Unicorn-18505.exe
2904	Unicorn-22938.exe
324	Unicorn-21926.exe
1500	Unicorn-50000.exe
1488	Unicorn-35823.exe
1872	Unicorn-35823.exe
1356	Unicorn-58381.exe
1252	Unicorn-26607.exe
2100	Unicorn-30255.exe
1536	Unicorn-18278.exe
1044	Unicorn-19154.exe
2540	Unicorn-31755.exe
2044	Unicorn-11889.exe
2056	Unicorn-34478.exe

Loads dropped DLL 64 IoCs

pid	Process
2032	fb88272b9126f9d882be418173451849_JaffaCakes118.exe
2032	fb88272b9126f9d882be418173451849_JaffaCakes118.exe
1716	Unicorn-15702.exe
1716	Unicorn-15702.exe
2032	fb88272b9126f9d882be418173451849_JaffaCakes118.exe
2032	fb88272b9126f9d882be418173451849_JaffaCakes118.exe
2552	Unicorn-38082.exe
2552	Unicorn-38082.exe
2564	Unicorn-1963.exe
1716	Unicorn-15702.exe
1716	Unicorn-15702.exe
2564	Unicorn-1963.exe
2760	Unicorn-38750.exe
2760	Unicorn-38750.exe
2552	Unicorn-38082.exe
2552	Unicorn-38082.exe
2424	Unicorn-1095.exe
2424	Unicorn-1095.exe
2844	Unicorn-20961.exe
2844	Unicorn-20961.exe
2564	Unicorn-1963.exe
2564	Unicorn-1963.exe
3008	Unicorn-46605.exe
3008	Unicorn-46605.exe
2760	Unicorn-38750.exe
2760	Unicorn-38750.exe
2200	Unicorn-6838.exe
2200	Unicorn-6838.exe
2856	Unicorn-63543.exe
2856	Unicorn-63543.exe
2424	Unicorn-1095.exe
2424	Unicorn-1095.exe
1200	Unicorn-62282.exe
1200	Unicorn-62282.exe
2844	Unicorn-20961.exe
2844	Unicorn-20961.exe
1576	Unicorn-37094.exe
1576	Unicorn-37094.exe
3008	Unicorn-46605.exe
3008	Unicorn-46605.exe
2788	Unicorn-975.exe
2788	Unicorn-975.exe
1972	Unicorn-47326.exe
2004	Unicorn-60067.exe
1972	Unicorn-47326.exe
2004	Unicorn-60067.exe
2856	Unicorn-63543.exe
2856	Unicorn-63543.exe
1584	Unicorn-24489.exe
2200	Unicorn-6838.exe
1584	Unicorn-24489.exe
2200	Unicorn-6838.exe
2036	Unicorn-3087.exe
2036	Unicorn-3087.exe
548	Unicorn-54447.exe
548	Unicorn-54447.exe
1276	Unicorn-40235.exe
1276	Unicorn-40235.exe
1200	Unicorn-62282.exe
1200	Unicorn-62282.exe
2064	Unicorn-62354.exe
2064	Unicorn-62354.exe
1576	Unicorn-37094.exe
1576	Unicorn-37094.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2268	2896	WerFault.exe	62
3036	2700	WerFault.exe	71
1688	2056	WerFault.exe	91

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2032	fb88272b9126f9d882be418173451849_JaffaCakes118.exe
1716	Unicorn-15702.exe
2552	Unicorn-38082.exe
2564	Unicorn-1963.exe
2760	Unicorn-38750.exe
2424	Unicorn-1095.exe
2844	Unicorn-20961.exe
3008	Unicorn-46605.exe
2200	Unicorn-6838.exe
2856	Unicorn-63543.exe
1200	Unicorn-62282.exe
1972	Unicorn-47326.exe
1576	Unicorn-37094.exe
2788	Unicorn-975.exe
1584	Unicorn-24489.exe
2004	Unicorn-60067.exe
2036	Unicorn-3087.exe
548	Unicorn-54447.exe
1276	Unicorn-40235.exe
2064	Unicorn-62354.exe
828	Unicorn-60034.exe
1152	Unicorn-465.exe
1552	Unicorn-65426.exe
2188	Unicorn-45561.exe
1616	Unicorn-16775.exe
760	Unicorn-5722.exe
676	Unicorn-20632.exe
2136	Unicorn-2878.exe
2544	Unicorn-25240.exe
1816	Unicorn-39713.exe
2264	Unicorn-48270.exe
2096	Unicorn-9581.exe
2868	Unicorn-541.exe
2884	Unicorn-56561.exe
2896	Unicorn-65326.exe
2288	Unicorn-45461.exe
2496	Unicorn-60749.exe
2504	Unicorn-39923.exe
2480	Unicorn-59213.exe
2532	Unicorn-13769.exe
1716	Unicorn-62861.exe
2344	Unicorn-51761.exe
2700	Unicorn-33779.exe
2636	Unicorn-18067.exe
2824	Unicorn-37584.exe
1708	Unicorn-9161.exe
2352	Unicorn-55409.exe
3016	Unicorn-53593.exe
2984	Unicorn-53593.exe
2660	Unicorn-54470.exe
1512	Unicorn-51396.exe
2052	Unicorn-18505.exe
2904	Unicorn-22938.exe
324	Unicorn-21926.exe
1500	Unicorn-50000.exe
1488	Unicorn-35823.exe
1872	Unicorn-35823.exe
1356	Unicorn-58381.exe
2100	Unicorn-30255.exe
1536	Unicorn-18278.exe
1252	Unicorn-26607.exe
1044	Unicorn-19154.exe
2056	Unicorn-34478.exe
2540	Unicorn-31755.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1716	2032	fb88272b9126f9d882be418173451849_JaffaCakes118.exe	28
PID 2032 wrote to memory of 1716	2032	fb88272b9126f9d882be418173451849_JaffaCakes118.exe	28
PID 2032 wrote to memory of 1716	2032	fb88272b9126f9d882be418173451849_JaffaCakes118.exe	28
PID 2032 wrote to memory of 1716	2032	fb88272b9126f9d882be418173451849_JaffaCakes118.exe	28
PID 1716 wrote to memory of 2552	1716	Unicorn-15702.exe	29
PID 1716 wrote to memory of 2552	1716	Unicorn-15702.exe	29
PID 1716 wrote to memory of 2552	1716	Unicorn-15702.exe	29
PID 1716 wrote to memory of 2552	1716	Unicorn-15702.exe	29
PID 2032 wrote to memory of 2564	2032	fb88272b9126f9d882be418173451849_JaffaCakes118.exe	30
PID 2032 wrote to memory of 2564	2032	fb88272b9126f9d882be418173451849_JaffaCakes118.exe	30
PID 2032 wrote to memory of 2564	2032	fb88272b9126f9d882be418173451849_JaffaCakes118.exe	30
PID 2032 wrote to memory of 2564	2032	fb88272b9126f9d882be418173451849_JaffaCakes118.exe	30
PID 2552 wrote to memory of 2760	2552	Unicorn-38082.exe	31
PID 2552 wrote to memory of 2760	2552	Unicorn-38082.exe	31
PID 2552 wrote to memory of 2760	2552	Unicorn-38082.exe	31
PID 2552 wrote to memory of 2760	2552	Unicorn-38082.exe	31
PID 1716 wrote to memory of 2424	1716	Unicorn-15702.exe	33
PID 1716 wrote to memory of 2424	1716	Unicorn-15702.exe	33
PID 1716 wrote to memory of 2424	1716	Unicorn-15702.exe	33
PID 1716 wrote to memory of 2424	1716	Unicorn-15702.exe	33
PID 2564 wrote to memory of 2844	2564	Unicorn-1963.exe	32
PID 2564 wrote to memory of 2844	2564	Unicorn-1963.exe	32
PID 2564 wrote to memory of 2844	2564	Unicorn-1963.exe	32
PID 2564 wrote to memory of 2844	2564	Unicorn-1963.exe	32
PID 2760 wrote to memory of 3008	2760	Unicorn-38750.exe	34
PID 2760 wrote to memory of 3008	2760	Unicorn-38750.exe	34
PID 2760 wrote to memory of 3008	2760	Unicorn-38750.exe	34
PID 2760 wrote to memory of 3008	2760	Unicorn-38750.exe	34
PID 2552 wrote to memory of 2200	2552	Unicorn-38082.exe	35
PID 2552 wrote to memory of 2200	2552	Unicorn-38082.exe	35
PID 2552 wrote to memory of 2200	2552	Unicorn-38082.exe	35
PID 2552 wrote to memory of 2200	2552	Unicorn-38082.exe	35
PID 2424 wrote to memory of 2856	2424	Unicorn-1095.exe	36
PID 2424 wrote to memory of 2856	2424	Unicorn-1095.exe	36
PID 2424 wrote to memory of 2856	2424	Unicorn-1095.exe	36
PID 2424 wrote to memory of 2856	2424	Unicorn-1095.exe	36
PID 2844 wrote to memory of 1200	2844	Unicorn-20961.exe	37
PID 2844 wrote to memory of 1200	2844	Unicorn-20961.exe	37
PID 2844 wrote to memory of 1200	2844	Unicorn-20961.exe	37
PID 2844 wrote to memory of 1200	2844	Unicorn-20961.exe	37
PID 2564 wrote to memory of 1972	2564	Unicorn-1963.exe	38
PID 2564 wrote to memory of 1972	2564	Unicorn-1963.exe	38
PID 2564 wrote to memory of 1972	2564	Unicorn-1963.exe	38
PID 2564 wrote to memory of 1972	2564	Unicorn-1963.exe	38
PID 3008 wrote to memory of 1576	3008	Unicorn-46605.exe	39
PID 3008 wrote to memory of 1576	3008	Unicorn-46605.exe	39
PID 3008 wrote to memory of 1576	3008	Unicorn-46605.exe	39
PID 3008 wrote to memory of 1576	3008	Unicorn-46605.exe	39
PID 2760 wrote to memory of 2788	2760	Unicorn-38750.exe	40
PID 2760 wrote to memory of 2788	2760	Unicorn-38750.exe	40
PID 2760 wrote to memory of 2788	2760	Unicorn-38750.exe	40
PID 2760 wrote to memory of 2788	2760	Unicorn-38750.exe	40
PID 2200 wrote to memory of 1584	2200	Unicorn-6838.exe	41
PID 2200 wrote to memory of 1584	2200	Unicorn-6838.exe	41
PID 2200 wrote to memory of 1584	2200	Unicorn-6838.exe	41
PID 2200 wrote to memory of 1584	2200	Unicorn-6838.exe	41
PID 2856 wrote to memory of 2004	2856	Unicorn-63543.exe	42
PID 2856 wrote to memory of 2004	2856	Unicorn-63543.exe	42
PID 2856 wrote to memory of 2004	2856	Unicorn-63543.exe	42
PID 2856 wrote to memory of 2004	2856	Unicorn-63543.exe	42
PID 2424 wrote to memory of 2036	2424	Unicorn-1095.exe	43
PID 2424 wrote to memory of 2036	2424	Unicorn-1095.exe	43
PID 2424 wrote to memory of 2036	2424	Unicorn-1095.exe	43
PID 2424 wrote to memory of 2036	2424	Unicorn-1095.exe	43

C:\Users\Admin\AppData\Local\Temp\fb88272b9126f9d882be418173451849_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fb88272b9126f9d882be418173451849_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51396.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
        10⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18505.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-541.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22938.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25268.exe
        9⤵
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 244
        8⤵
        Program crash
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        7⤵
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-975.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56561.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26607.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        8⤵
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45461.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15677.exe
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36106.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        9⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52294.exe
        8⤵
        
        PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12621.exe
        8⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13125.exe
        9⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47435.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
        9⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24815.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19678.exe
        9⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54470.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62308.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
        8⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17561.exe
        9⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
        10⤵
        
        PID:3568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2878.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62861.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        8⤵
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34478.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        7⤵
        Program crash
        
        PID:1688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60749.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        9⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41521.exe
        10⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe
        8⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        9⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50000.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27754.exe
        10⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9546.exe
        7⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
        8⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        7⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29050.exe
        8⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        9⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62381.exe
        7⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49289.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19678.exe
        9⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16775.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37584.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63789.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15107.exe
        9⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
        8⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
        9⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        6⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64002.exe
        7⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49289.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe
        9⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21743.exe
        7⤵
        
        PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        8⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        7⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5224.exe
        8⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
        6⤵
        Executes dropped EXE
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
        7⤵
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51761.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53251.exe
        7⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        6⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26297.exe
        7⤵
        
        PID:1972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25240.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
        8⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
        9⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
        7⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
        8⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33779.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
        7⤵
        Program crash
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17386.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        8⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35231.exe
        6⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
        7⤵
        
        PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40235.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
        7⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3737.exe
        6⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60779.exe
        8⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        9⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55409.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        6⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
        7⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        8⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22121.exe
        6⤵
        
        PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
        7⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21268.exe
        8⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50789.exe
        9⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50680.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
        8⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31498.exe
        6⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55207.exe
        7⤵
        
        PID:644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58381.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
        7⤵
        
        PID:1424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1095.exe

Filesize
184KB

MD5
f3e8f52b0b79e1e168b1aede1584e52b

SHA1
329b9c1bbc45a6de17544c5f6359341a74979c4a

SHA256
d7391301d8c7fde8db68b957965cc851b707b13b1b0593a19aed8ba6311e274c

SHA512
45a2f31f978088aa54a34f7e4f3e46ae097c9881fec49bdda322fb1a334c733bc7cf76c1c2f4c3713f96ce4f5c48ffba443a73116db226304f1034be7951cd8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe

Filesize
184KB

MD5
f4f36992d5979641f656909f12cdfa52

SHA1
bdcc6dfefe93a3848215eb70f2ea319ffcec7f43

SHA256
ef0ece568371ef7821b438bf419f7dead4517e1755730c2353f1a88b2a99860e

SHA512
79bdd6eeb31b06090a13dd0922fb22dfcec5d3f96aecfbc08bbd84c85950e037dd4b5dbb08ca4f0a3a59331b67b8fc9451f4a9e20e2cdbabda1130396e9fbd59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe

Filesize
184KB

MD5
f3035b8ac5ba3e7de5fbe54b2e909861

SHA1
1bfe611cdd5d107023e20e0695325cd6e9d7a803

SHA256
70a952c8009b97c40d536feed89d59ea2da291f8c819faa7448410d6ef77ae33

SHA512
23dabb5e9232c09d3175c369263032e2df547595794816200ae169c05d4af5c5b4dff02c134b556c721b1108cbb02b264b5ba697832c994df022ab6e1e0fdb4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe

Filesize
184KB

MD5
b8fd5af9b7018908e6d4d5ea8ee6fa64

SHA1
afa8d1164c7c6de0db7748ce23aa25ca6e53069e

SHA256
9d8deb579b12c9cbe4a9155904f653cb16d4975296c6bdb6aee236377e0774c8

SHA512
9080a702250fba61bdb74ac53119a0e1da663234becc6e3d7686ffd779650441e9e3fce9c78673923390b12e1499bd059c9bd9e8e32e0f9ef32a5dbbc3b4a344

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46605.exe

Filesize
184KB

MD5
cd7d99d6a2ebba344b3f568dcbad67ef

SHA1
0217e1579f4a89612740b832016b2fc5572d2be5

SHA256
e021bc5166f8de00cf3641d84bab4006174c6a0de6b6c3fc23aa7e28a8448978

SHA512
4b8bc56263dbf3b91ab4ee3f2a27d58333adaca57de970dc0b26f947e44d03f7d6f53d58f754012afc24ed91f261d5f387b2112bed143feaa609b1d5603324d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe

Filesize
184KB

MD5
b3f3069c938a0f06a099d535634477aa

SHA1
0135bf98fed2909f763a823a6f582b9334b403a9

SHA256
ea927466986dfd1519bcbf516b66d920b46a4189c2f066912a68ba0f72bfc698

SHA512
bd326e135bb579c889065523539382360705a4e0e1e950edd7307339ead2e2752b272bf88d62654b73f7aa138403ddb6d941bc7b079e7d359c2c499ca8e9be22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe

Filesize
184KB

MD5
28652e4536f496859d30ae6e465e01d2

SHA1
37e8719c4aeecac958fdeb51728bab4fad47c628

SHA256
098b77cf61b9135fe5e139bc5e65aa62fd7165ab56580acdbb4694c29ad19a53

SHA512
0a3b7591ad51c2c6fb0da5c832ce98e2c8213fa4463b375408c3e9c66f571c6104c4b095f1f31c2a6f8b22a4fbb421f53e10a9ecef8dca7b5a44f39cee87d847

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe

Filesize
184KB

MD5
e4dd5debe7a28c27cea6388ea1be5b3a

SHA1
74d0d46d3fa5c40a305fee4264f5a1b4a79f32c0

SHA256
684c4fccc5590c02be001ceffa40b414ebb5b2976ca1773fd1f812e18fc2877a

SHA512
31fb5a25c6bdca9e3d6fdb0778161d7855977b1fdc8de8dfc2525c251a7812c5a41804b70bc7363d5fcf5273a22c6ec2d749a60f4fea24a416546069e055f2c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6593.exe

Filesize
184KB

MD5
85e2338dceb773c92fa7aa73844a1c4c

SHA1
043d56abf05a068b6936d3b8fd5939388061c76e

SHA256
6a59fa13a9d3edb58d0f8ec99a6e2fe0cadfac4c89bfe2c28baeced61d2448b5

SHA512
1bce979e173051138436334a4ba6fdcbb046182fae50508ba5e3f7309ac32f1818c5fbdddecba2174da3ffc2d3077f72ed4f6b369c5517f85659e854a517a62e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15702.exe

Filesize
184KB

MD5
bc8b35a35c1e539643ebeaa5da4fefad

SHA1
c1d9dc8feced943593f729404f7cfdb87fb7a80e

SHA256
7cdd0f9fd50d9006eb5b09ade6c616132e0adf3c21573c161fc2cb833ed81f63

SHA512
8bbeb7b802ce374a2b29b9c9053ab28d3dac6186ccf0cb71a3f8e118fa0816d95bc99b853bf5fa5fced9fc7975388cbbdd24e72882a769b4107def869b2b7483

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe

Filesize
184KB

MD5
179d687598d58cf49ce49c5fbee9fc2d

SHA1
40b2c954b4786a5cdf4a4627af750ac0d7bfb756

SHA256
ed7957f9f345009d4f270c38a0d17b6e232fc72e54638202847dff98a273a475

SHA512
ca35bcf418b7542776a98c5cd168614a0c1f80517b6b91bd07dc410e7adb4b2482e61ab822301aed1dec98d203f9e7c033548fd4c6c21a8b2e9ba477056b80d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe

Filesize
184KB

MD5
eae9e9feb1b1bfe30ef526ba87818d05

SHA1
8d3df28ab6e2b9d0c90bd718b3960375a57faf18

SHA256
c18acf822c9e8585963699c982e351375432f7a4c9f2487ce21b016b5939669f

SHA512
54ff934b77d4c56cb8209b3b032569264a89f3ea6c8281cd396b69125657b6b96df3220f716d3c769a42682f011ce3198e0e3bd11be8273d650e7355d3879e0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24489.exe

Filesize
184KB

MD5
3c5f4e5ebebcbc30e055c2d2766faf9d

SHA1
33c5d5448132df1e7b993113c7033b3786e1034b

SHA256
5ddc7faf41b99548e0ab22427655882ff300bf01425987238b9cd11c61135940

SHA512
a01048f7e11c89de9ed5072db013dd2c23d67de2edcf6063e08f8c5d8501e915aafbb134e639a5969dd473c585c7e4e67ef8cd65a56d957691381c86ed25d828

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe

Filesize
184KB

MD5
81b15a1ef403678dca1c79c63d8a627e

SHA1
abdd673cff3f9f3bc4defcf8bc7e91e26aae9f5c

SHA256
817769431a3f494b25671f19633ee63cfe2f38ca7a790a20c45bd47bfc986c7e

SHA512
9e0e3d1202eef476eedd336c781d6da9de7957a95e00e408d35fffb9b8a748f1757e0d7fd8b9499c9d2dfce7c7727ba694bdb00e233ac8cd4b7221aedf11a6c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe

Filesize
184KB

MD5
2f1b83a10a47476cfc2ec741de175abd

SHA1
bfd897c1a508389b1194b6efbbe842f0e4e80d14

SHA256
9c8c94802caedb3b9a8e9c0e68d8adb5d02ab54791a61cc31e4f2b4b23f3ac63

SHA512
3bc78d8eb16d5334abdb969ba618fd0f4374bc17db1d90dca26fb5af33beed7a0cbb3399595509e800e395cbd29c48ed42524b72bab126269987ad5c9cccb010

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38082.exe

Filesize
184KB

MD5
aa433045c1971ca0709f726ce775077b

SHA1
57dda5ed2df498cefc0c0b010fde64df0774980b

SHA256
97466326c34fe61dae33b1e86ec672173292a89b0d409bba4e734208ae7fb83c

SHA512
6886b21293ed6ebae105ce0efa6168840c3b7088b9026a064f61d5364da540a354b25bd5f26f171d142fd07780da2027e18d472ab2f81151b9d697d8dd52c68c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38750.exe

Filesize
184KB

MD5
9454fb11c847eaf25e953ebf10f95f08

SHA1
659554ab7f13ce50cd26fd58fffa64b94b51b2ce

SHA256
7f6409823605fff20483022357943fb5071d74b294ec6d95dc18ddef76738d7d

SHA512
9de77190e3e6a874112252b2e0dadc42b6ac63cc3c055fa4e8d0f22a273de56ebd3e7543b2ede61f585f85acfe72978a4a3c0077f14cb491a5bada3e27183a4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40235.exe

Filesize
184KB

MD5
f0af5982181ce15c0483739b72b674b1

SHA1
0ada0fc14af6cdd10d12f1e785660c60cded5137

SHA256
a52cc910c6dff221b9b2336e225a8e397a4cb53c30ce1a6cdd8ed1e18e944eab

SHA512
ec052043e13ecc6fab4cfee5a6a909372dafafd34fe14caf671f6e097251a2d41edf4d0481f674fe79789fb0dc310dc0cceb076177bf9d466e38452548d77d9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe

Filesize
184KB

MD5
4d7084e261da9eae232e767cd1bfbf98

SHA1
4a167598de531bb9e3e566c85a9d083088e7d064

SHA256
237fd806d858badacc6e8fbfccb60d3be317207d603fcb497c2f90e426b28ac3

SHA512
5748f9c829fedcd1ed087b26f8f8de3c1536f3a3a0753d7a42914cfdb23b4d97807c05c542f60ba14e9b62a44e00c4072ff401c68075753916605a949dc1178a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60067.exe

Filesize
184KB

MD5
f0f819a0396e9ac85f21373cd256caeb

SHA1
966cac9e627215e15415a49897c878d1f468c11d

SHA256
8cb78e8f26a3ecf634e79892b195abdd6db81748a76c394d803699e73f4e529b

SHA512
00cae678e29779337dc06ad7e4b901a3f0a9ab6c316084c7bf65f0105c8f87463c6887234c83dbbc9cad04f490bbefc3ac81cfc0fe165f6aee357a35ae6815de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe

Filesize
184KB

MD5
abdb786e471207549758e4e9720bbda7

SHA1
05c6bb7bc553119b10d6e55e7e0a18d61d52db77

SHA256
04316242cc3e45c6ec9d44babddbf5722ea7beab91c5af3df1ebd9f685d7b144

SHA512
3b90d0ef30ac3ac462f31a6b141f119b6d7f2f2fbc52248dc3d11d88593a175cc10280985bc597a0e797248f8bdce3e9371389e632f0d1e6f7195e42a9714da8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe

Filesize
184KB

MD5
5942d591bfa196b37a5e332312a80af8

SHA1
d0c86d3ba4a3823aa8ff066f0f356b8a6bc1ab12

SHA256
7d69c5f8cbd375a5e5a50abe339ea1b37a8bb51d93c454dbf146aa999c1b85fd

SHA512
c3830577f5f3e03df93fe7868e91c821f783b45c273b3cd9657ca3f0d7143a4491126a7b9c502844fe533604bbea691a4bf618c5281dd342f8e9e9588970aaca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-975.exe

Filesize
184KB

MD5
fbf182260c8a7663f2cbaa48bb7b7c0e

SHA1
7f5e8d9988ff6cbd3b85ccdd046023660995c3f2

SHA256
d4843ab8efa89d71d43ed78b82215241b518d5aa69a6472498ffc0db257961a3

SHA512
7426961c9ca1001c9f35c721e3cf240d53ff485aa50f30ea3c7508bfa6dea09ce905693b362ce84a55c842c4a252090706791ff2d86ead580575cb2287f8b68b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads