ff6e23ed19cf3cd71734b698b41aa047ff0e9f948beb38573f1c6b5753fc0796

Analysis

max time kernel
98s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21/04/2024, 15:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe
Size

184KB
MD5

ff9ac39aef48b636ddd50914dc4ff7fe
SHA1

eaa51d0b5da460458ad15f6ac535b6729eefef81
SHA256

ff6e23ed19cf3cd71734b698b41aa047ff0e9f948beb38573f1c6b5753fc0796
SHA512

06223a8522a8519cb1dc24c049f9f982152e4babe8d5b7588d107722906b73bba869a6f699d7285a4c48350fc4687ce2df97da9499a920d92b698ae86b7d50ac
SSDEEP

3072:d+1/oEIOXhA8IUjWwzOSO8k6r+86QZph4DMx+YdfUNlPvpn6:d+toEO8I3wKSO8FTaDNlPvpn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2912	Unicorn-10837.exe
2680	Unicorn-52192.exe
2536	Unicorn-11906.exe
2616	Unicorn-19577.exe
2436	Unicorn-35913.exe
2432	Unicorn-53188.exe
588	Unicorn-26614.exe
548	Unicorn-11538.exe
572	Unicorn-26806.exe
240	Unicorn-20261.exe
2672	Unicorn-58170.exe
1644	Unicorn-52628.exe
1920	Unicorn-8450.exe
1828	Unicorn-65072.exe
1464	Unicorn-31824.exe
776	Unicorn-28486.exe
944	Unicorn-48352.exe
1740	Unicorn-19572.exe
2952	Unicorn-37614.exe
1548	Unicorn-27221.exe
1840	Unicorn-48580.exe
1168	Unicorn-35005.exe
1080	Unicorn-53889.exe
2040	Unicorn-57418.exe
2400	Unicorn-16578.exe
1780	Unicorn-5477.exe
1424	Unicorn-5477.exe
2968	Unicorn-5477.exe
1980	Unicorn-51149.exe
2356	Unicorn-34812.exe
1608	Unicorn-38918.exe
2648	Unicorn-11377.exe
2324	Unicorn-22006.exe
2620	Unicorn-39603.exe
2152	Unicorn-61730.exe
2424	Unicorn-57859.exe
2532	Unicorn-25872.exe
2460	Unicorn-106.exe
528	Unicorn-64143.exe
788	Unicorn-19410.exe
1304	Unicorn-18664.exe
340	Unicorn-59696.exe
2248	Unicorn-32238.exe
952	Unicorn-19432.exe
1452	Unicorn-19602.exe
1140	Unicorn-2519.exe
1760	Unicorn-8502.exe
1132	Unicorn-61595.exe
2088	Unicorn-65124.exe
2980	Unicorn-13100.exe
2204	Unicorn-37967.exe
3040	Unicorn-61917.exe
1068	Unicorn-17355.exe
1692	Unicorn-24969.exe
1248	Unicorn-30265.exe
1480	Unicorn-60176.exe
1540	Unicorn-39755.exe
2056	Unicorn-63321.exe
2212	Unicorn-64068.exe
2264	Unicorn-52138.exe
2296	Unicorn-49761.exe
1744	Unicorn-53290.exe
2640	Unicorn-28956.exe
2636	Unicorn-581.exe

Loads dropped DLL 64 IoCs

pid	Process
2660	ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe
2660	ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe
2912	Unicorn-10837.exe
2912	Unicorn-10837.exe
2660	ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe
2660	ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe
2536	Unicorn-11906.exe
2680	Unicorn-52192.exe
2680	Unicorn-52192.exe
2536	Unicorn-11906.exe
2912	Unicorn-10837.exe
2912	Unicorn-10837.exe
2432	Unicorn-53188.exe
2432	Unicorn-53188.exe
2436	Unicorn-35913.exe
2436	Unicorn-35913.exe
2616	Unicorn-19577.exe
2616	Unicorn-19577.exe
2536	Unicorn-11906.exe
2536	Unicorn-11906.exe
2680	Unicorn-52192.exe
2680	Unicorn-52192.exe
588	Unicorn-26614.exe
588	Unicorn-26614.exe
2432	Unicorn-53188.exe
2432	Unicorn-53188.exe
240	Unicorn-20261.exe
240	Unicorn-20261.exe
548	Unicorn-11538.exe
548	Unicorn-11538.exe
2436	Unicorn-35913.exe
2436	Unicorn-35913.exe
2672	Unicorn-58170.exe
2672	Unicorn-58170.exe
572	Unicorn-26806.exe
572	Unicorn-26806.exe
2616	Unicorn-19577.exe
2616	Unicorn-19577.exe
1644	Unicorn-52628.exe
1644	Unicorn-52628.exe
588	Unicorn-26614.exe
588	Unicorn-26614.exe
1920	Unicorn-8450.exe
1920	Unicorn-8450.exe
2016	WerFault.exe
2016	WerFault.exe
2016	WerFault.exe
2016	WerFault.exe
2016	WerFault.exe
2016	WerFault.exe
240	Unicorn-20261.exe
240	Unicorn-20261.exe
2016	WerFault.exe
776	Unicorn-28486.exe
776	Unicorn-28486.exe
1464	Unicorn-31824.exe
1464	Unicorn-31824.exe
2672	Unicorn-58170.exe
2952	Unicorn-37614.exe
1740	Unicorn-19572.exe
2952	Unicorn-37614.exe
2672	Unicorn-58170.exe
1740	Unicorn-19572.exe
944	Unicorn-48352.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2016	1828	WerFault.exe	41
1848	2460	WerFault.exe	66

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2660	ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe
2912	Unicorn-10837.exe
2680	Unicorn-52192.exe
2536	Unicorn-11906.exe
2436	Unicorn-35913.exe
2432	Unicorn-53188.exe
2616	Unicorn-19577.exe
588	Unicorn-26614.exe
548	Unicorn-11538.exe
240	Unicorn-20261.exe
2672	Unicorn-58170.exe
572	Unicorn-26806.exe
1644	Unicorn-52628.exe
1920	Unicorn-8450.exe
1828	Unicorn-65072.exe
1464	Unicorn-31824.exe
1740	Unicorn-19572.exe
944	Unicorn-48352.exe
776	Unicorn-28486.exe
2952	Unicorn-37614.exe
1548	Unicorn-27221.exe
1840	Unicorn-48580.exe
1168	Unicorn-35005.exe
1080	Unicorn-53889.exe
2040	Unicorn-57418.exe
2400	Unicorn-16578.exe
1780	Unicorn-5477.exe
2968	Unicorn-5477.exe
1424	Unicorn-5477.exe
2356	Unicorn-34812.exe
1980	Unicorn-51149.exe
1608	Unicorn-38918.exe
2648	Unicorn-11377.exe
2324	Unicorn-22006.exe
2620	Unicorn-39603.exe
2152	Unicorn-61730.exe
2424	Unicorn-57859.exe
2460	Unicorn-106.exe
528	Unicorn-64143.exe
2532	Unicorn-25872.exe
788	Unicorn-19410.exe
340	Unicorn-59696.exe
1304	Unicorn-18664.exe
2248	Unicorn-32238.exe
952	Unicorn-19432.exe
1452	Unicorn-19602.exe
1140	Unicorn-2519.exe
2088	Unicorn-65124.exe
1132	Unicorn-61595.exe
1760	Unicorn-8502.exe
3040	Unicorn-61917.exe
2980	Unicorn-13100.exe
1692	Unicorn-24969.exe
1068	Unicorn-17355.exe
2204	Unicorn-37967.exe
1540	Unicorn-39755.exe
1248	Unicorn-30265.exe
2296	Unicorn-49761.exe
1480	Unicorn-60176.exe
2212	Unicorn-64068.exe
2056	Unicorn-63321.exe
2640	Unicorn-28956.exe
2264	Unicorn-52138.exe
1684	Unicorn-54613.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2912	2660	ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe	28
PID 2660 wrote to memory of 2912	2660	ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe	28
PID 2660 wrote to memory of 2912	2660	ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe	28
PID 2660 wrote to memory of 2912	2660	ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe	28
PID 2912 wrote to memory of 2680	2912	Unicorn-10837.exe	29
PID 2912 wrote to memory of 2680	2912	Unicorn-10837.exe	29
PID 2912 wrote to memory of 2680	2912	Unicorn-10837.exe	29
PID 2912 wrote to memory of 2680	2912	Unicorn-10837.exe	29
PID 2660 wrote to memory of 2536	2660	ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe	30
PID 2660 wrote to memory of 2536	2660	ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe	30
PID 2660 wrote to memory of 2536	2660	ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe	30
PID 2660 wrote to memory of 2536	2660	ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe	30
PID 2680 wrote to memory of 2616	2680	Unicorn-52192.exe	32
PID 2680 wrote to memory of 2616	2680	Unicorn-52192.exe	32
PID 2680 wrote to memory of 2616	2680	Unicorn-52192.exe	32
PID 2680 wrote to memory of 2616	2680	Unicorn-52192.exe	32
PID 2536 wrote to memory of 2436	2536	Unicorn-11906.exe	31
PID 2536 wrote to memory of 2436	2536	Unicorn-11906.exe	31
PID 2536 wrote to memory of 2436	2536	Unicorn-11906.exe	31
PID 2536 wrote to memory of 2436	2536	Unicorn-11906.exe	31
PID 2912 wrote to memory of 2432	2912	Unicorn-10837.exe	33
PID 2912 wrote to memory of 2432	2912	Unicorn-10837.exe	33
PID 2912 wrote to memory of 2432	2912	Unicorn-10837.exe	33
PID 2912 wrote to memory of 2432	2912	Unicorn-10837.exe	33
PID 2432 wrote to memory of 588	2432	Unicorn-53188.exe	34
PID 2432 wrote to memory of 588	2432	Unicorn-53188.exe	34
PID 2432 wrote to memory of 588	2432	Unicorn-53188.exe	34
PID 2432 wrote to memory of 588	2432	Unicorn-53188.exe	34
PID 2436 wrote to memory of 548	2436	Unicorn-35913.exe	35
PID 2436 wrote to memory of 548	2436	Unicorn-35913.exe	35
PID 2436 wrote to memory of 548	2436	Unicorn-35913.exe	35
PID 2436 wrote to memory of 548	2436	Unicorn-35913.exe	35
PID 2616 wrote to memory of 572	2616	Unicorn-19577.exe	36
PID 2616 wrote to memory of 572	2616	Unicorn-19577.exe	36
PID 2616 wrote to memory of 572	2616	Unicorn-19577.exe	36
PID 2616 wrote to memory of 572	2616	Unicorn-19577.exe	36
PID 2536 wrote to memory of 240	2536	Unicorn-11906.exe	37
PID 2536 wrote to memory of 240	2536	Unicorn-11906.exe	37
PID 2536 wrote to memory of 240	2536	Unicorn-11906.exe	37
PID 2536 wrote to memory of 240	2536	Unicorn-11906.exe	37
PID 2680 wrote to memory of 2672	2680	Unicorn-52192.exe	38
PID 2680 wrote to memory of 2672	2680	Unicorn-52192.exe	38
PID 2680 wrote to memory of 2672	2680	Unicorn-52192.exe	38
PID 2680 wrote to memory of 2672	2680	Unicorn-52192.exe	38
PID 588 wrote to memory of 1644	588	Unicorn-26614.exe	39
PID 588 wrote to memory of 1644	588	Unicorn-26614.exe	39
PID 588 wrote to memory of 1644	588	Unicorn-26614.exe	39
PID 588 wrote to memory of 1644	588	Unicorn-26614.exe	39
PID 2432 wrote to memory of 1920	2432	Unicorn-53188.exe	40
PID 2432 wrote to memory of 1920	2432	Unicorn-53188.exe	40
PID 2432 wrote to memory of 1920	2432	Unicorn-53188.exe	40
PID 2432 wrote to memory of 1920	2432	Unicorn-53188.exe	40
PID 240 wrote to memory of 1828	240	Unicorn-20261.exe	41
PID 240 wrote to memory of 1828	240	Unicorn-20261.exe	41
PID 240 wrote to memory of 1828	240	Unicorn-20261.exe	41
PID 240 wrote to memory of 1828	240	Unicorn-20261.exe	41
PID 548 wrote to memory of 1464	548	Unicorn-11538.exe	42
PID 548 wrote to memory of 1464	548	Unicorn-11538.exe	42
PID 548 wrote to memory of 1464	548	Unicorn-11538.exe	42
PID 548 wrote to memory of 1464	548	Unicorn-11538.exe	42
PID 2436 wrote to memory of 776	2436	Unicorn-35913.exe	43
PID 2436 wrote to memory of 776	2436	Unicorn-35913.exe	43
PID 2436 wrote to memory of 776	2436	Unicorn-35913.exe	43
PID 2436 wrote to memory of 776	2436	Unicorn-35913.exe	43

C:\Users\Admin\AppData\Local\Temp\ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ff9ac39aef48b636ddd50914dc4ff7fe_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19577.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2519.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
        9⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
        10⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53705.exe
        9⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39414.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        11⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15349.exe
        12⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61595.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
        8⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34812.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
        8⤵
        Executes dropped EXE
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
        9⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10057.exe
        10⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        11⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61837.exe
        8⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        9⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20852.exe
        10⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        11⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
        12⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
        13⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
        10⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24021.exe
        8⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17728.exe
        9⤵
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37614.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19432.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
        8⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54489.exe
        9⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        10⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60316.exe
        11⤵
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25872.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35143.exe
        9⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14733.exe
        10⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62408.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4702.exe
        10⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
        11⤵
        
        PID:488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33062.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
        8⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
        7⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
        8⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50405.exe
        9⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        10⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43409.exe
        11⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41836.exe
        7⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
        8⤵
        
        PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32865.exe
        9⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
        10⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21189.exe
        8⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65124.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64323.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        9⤵
        
        PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48580.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22006.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe
        8⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45366.exe
        9⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55584.exe
        10⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7223.exe
        11⤵
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4655.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        8⤵
        
        PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35005.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8502.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10970.exe
        7⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50903.exe
        8⤵
        
        PID:620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        8⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        9⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
        10⤵
        
        PID:2716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35913.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53290.exe
        8⤵
        Executes dropped EXE
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
        9⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
        10⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe
        11⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10689.exe
        12⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
        9⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28956.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
        8⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60742.exe
        9⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26612.exe
        10⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23846.exe
        11⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5241.exe
        10⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        11⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19897.exe
        9⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22715.exe
        10⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51682.exe
        11⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54182.exe
        12⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32238.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
        8⤵
        
        PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        7⤵
        Program crash
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34391.exe
        8⤵
        
        PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8557.exe
        6⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25081.exe
        7⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8931.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13970.exe
        9⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18434.exe
        10⤵
        
        PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20261.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53889.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30265.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
        7⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38667.exe
        9⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5402.exe
        7⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60176.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe
        6⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        7⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
        8⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58111.exe
        6⤵
        
        PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17728.exe

Filesize
184KB

MD5
a136b23cf4294105d9e18365cd592db7

SHA1
278b943686d0f0a2dfae300bd771273cee8ad5b1

SHA256
16a36d95afc56a42c61edc6a5f64a97e145bb7b3d02a33b657047f12d534909c

SHA512
212a959c556b489a841e798c45b265a2885531bf81312b6f4c920aa7190cba91cd0263f408887ea03721a5dec6d4920d424927b60fda5aeced95abf7d921334c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18664.exe

Filesize
184KB

MD5
b7a43cdff49336c3b38c8430aab681b4

SHA1
4967a37fe67545f5e113b44edb411004282edeeb

SHA256
c0f38a9043a52562f95577960f3668b0817b220ebf0cfb6dc2c2091a7a481651

SHA512
74efd169e1099e4f72558c8298318d08c3e4e2547dc1ed68ec333bbda7724c8d3bfbcb1a997e74f4f349006deb3c7ae7412245a9ac5f142580ee2abed05f4f97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19577.exe

Filesize
184KB

MD5
af8f1bb1747ad12eb88440f2aca42212

SHA1
818fe671d8d7ff6c27b4acffed4d8d962981b54c

SHA256
042de794b52a43bd49c75d910a54d8ec453850f752c8dfd86ac5761a99394928

SHA512
c6904ea1c646612c477804965a7156bc10c87c7863ea3de71ad4ebfa9fa0778d6b46b0f63115f6c0ae3f5a946c81555e8933cb2f0d33cc585f5eac0a01826d3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26806.exe

Filesize
184KB

MD5
2230008da4764ef2dbe5153489fa1468

SHA1
e5f5eb779978a6d3758755dd54ad2cc6b89064e6

SHA256
64fc2f2e11ba0fdda22917992833b1b4e319669d5a29f37b8240c870904d2595

SHA512
6aaabaf05fa8f114bb583ebe31b3a2e93ca12b07686b0cc5ed7a13f00bf43ef64df680a9bbbfd5448a5f670ad0bf04d74c0e552b296c161445cc84ac225f2ba3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe

Filesize
184KB

MD5
fb9fce0088888f0e3354d3a768c12be3

SHA1
fab4567858ff649f926b4035af665c7569f761ae

SHA256
96920507adee2620e92ad80f6822ac8ec1e55d05a3eab7b07135c5d494bfc8f3

SHA512
83f4a71a2b61749f6abd7fc2c377ca7425ea854cb191d63170a69a0890fcfca7774299123ea47e72bd09314c63a12a482543f7048bd5308da7524eea9731a0af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe

Filesize
184KB

MD5
6083840794f6288fe324b48abe845fe6

SHA1
65c3eb6d71b770a974cb32260fb9ac0bcef6948a

SHA256
1b861081526ffb91864b3f64ac1f07436a7c86e7e3b0b3947fdd3ae22f22ac52

SHA512
144d7cd2ebab86ae6b882adf1500b816d169b33a588bfa3af0bed13794e89070620e1865a1576416cbd27bef46e520449ad5363dab29b124d332e762a2d86bed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65072.exe

Filesize
184KB

MD5
3cfbef02ac7c8bee19f5447a944f20ba

SHA1
2f0ffce8912d15542abd35a068b6e574b4d676d9

SHA256
0e41ca5bd952f22060ce55fd8ce60759cff01e8650a7e70f278d2b179907bea9

SHA512
a1462c95e7b24a15f17f8f0c04f8bb7869d050a8f033c6278b2f88f6e0d809d1a4b085dd95a2cefe93c1f101e268303eb0ba009e638c94a7b42379639564af84

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10837.exe

Filesize
184KB

MD5
d48b1135d191337335c9b137ad6c282d

SHA1
2ec269d18b3249a58c086170dc3072ac28b53d5b

SHA256
f26940f78b6b47e99fd1b0efb75672b822b511b5ff9239c4631648ea72fc7df1

SHA512
9a0d49d16aaf1d6ce0c17feb0bca28c756fa74b27d73485f3f43485403b3fecf5a4aad0ead74350ed3935f05d48f66c2b256c4b148b5c00e219286b0654c8930

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe

Filesize
184KB

MD5
746a171a846936bda9dbbbef2063eb20

SHA1
4ed8e3d2fd418d1e462476818da7c57b632475a9

SHA256
e295ffdf7d90d3fe4f234677ddc515c62afe091b03e1ecdd70dc9e2efb2a2114

SHA512
3e2d8b0e36c73e627ab90772811ab7d4bc832b290eed1cfddd1c56a2370108ab1d9dfbffbc62625315e141d6f65448c78d8f73760313d35bdb46817a1a5e5a5c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe

Filesize
184KB

MD5
422513e621174898ca47294e74c85698

SHA1
8c324fc73d7e2081ec0a610ba1036f2f7528f421

SHA256
4253aca4560ee506a6473b65639ad8f2a7dcc38c87b4c38a591a712bbe112546

SHA512
5d3933d22b6181028caaea0bc7185d7fd9a8ecbe7bb7e15cc1ddfc64dac449f82b4957e4b5d52687e7f8475ba4c2f63b4b41977b7305efe1bc9505d69ce216ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19572.exe

Filesize
184KB

MD5
994635796ca45272caa8630c9291dbb4

SHA1
626aae94a54d2350a55268be8d8335343acbc908

SHA256
0837997f35873fa3e880724e258d0b309c6ef2060c6d7b4aa472714e7e4f5c4c

SHA512
c7cafa59c3ab3fcd0a2bf0ae6e10b818670ad201ecd82d80df72a04893c8ad1554b39d21263b06d63480cf3191fabf857b2e77042e19dfa52e14456b21f20fbb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20261.exe

Filesize
184KB

MD5
553f8bdf4b9b73080be1b0ff2059b9b3

SHA1
484305db3c33a0718a69f6605ee40bc7b3fd804c

SHA256
8ce9a15db7d52b40a0e6a3e2426367b5c8bdc5e4c6269e7c79170ad747366b91

SHA512
e7a6df9619e2e55d54ba5555584e061375874f17c8f128651feabdbcd14a541673aa20ab630bb0ab0638c77790e108087eeab9a000c5536c7d00e362f51313e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26614.exe

Filesize
184KB

MD5
8643c08f03466628419d4acdb6569eb6

SHA1
4ff65a5b35ef13f7aa99df4162afbb9c53a0b4b2

SHA256
a7cd4e38da04517d72ec86b3d1594a7c8f6404cd2cfbec52cda3cd04c90c77ae

SHA512
5743983682dde52d7de911c63044d1a067d2d37ae993ddb3abbb8bedc4be2ad19a1d731230532deda506795cfd2f3773ec1b34a518f8e3bddd453249fd033be2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe

Filesize
184KB

MD5
7d7f680bc41b7c598b36057fa27698b8

SHA1
f62daa59a5823272f509d7462f2ae4a25c985979

SHA256
52dde3f98e33d179ca90462feb29cb88ef22adffbff2e0f450d672139d361e01

SHA512
c6239f69223d145756b68596ae1cc791f075193701d73f0215f9c19067b0381a03255bda5bd7e41ccf216500cd98965c3f52c36523f886eaddf4037bc71beb9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35913.exe

Filesize
184KB

MD5
353bba9d5904e2b0174ab81ac3a0ee50

SHA1
afd2cef3f358b8f1bafc5428ce62d100763ee79d

SHA256
fffa38b49886e14c2e32f2a8eeac409f3c239ba310ef4cf603874e669188ea5a

SHA512
d85166cff93849509b7b83afff824575f0dc478562ccb78c3bcabd88480a00b551ce24f91c2d57b277977eb1f7584c219da92c750543b971653e049a3a04d2fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe

Filesize
184KB

MD5
3e95cd94119e5f149e955f2b246ef388

SHA1
8138a4add2a574489201cf49de97131ae23d2c62

SHA256
95552f9d0ab6e94b1d141f917ac30b920275c5d6668208cd4c465f015dd7abde

SHA512
665b9058ed715b4b760fdc4a2fb0059529032bd21ee8ef1af704fc4f4f2adcc8b254351899710f9ec070ef1189b9c2084fcd29a850499660feffeafd8eb7f7cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52192.exe

Filesize
184KB

MD5
0009392daed9892ffcc1f5084f571c99

SHA1
94b8e5916f91fb0db72593a3e24d46fa90d029a0

SHA256
d8b10af60ee709a288383df5fa1c9356df7682c7cac0e7469ccf3830798a604a

SHA512
eaaf458a82edd1d7d07660f610c8612f429c84863249111ab7beb99c63638907300a29ebc3466beefcee19a5b76c59c0d31175a226eb305f3d41fd78d29b19b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe

Filesize
184KB

MD5
daddcb88a9c56970e812f5215191923e

SHA1
12342eb38315f15e07994d4d6a30b62a57009130

SHA256
7d57621368fd0a451399a25b5ea494a2d7205976d3687c82bb01ed8df0dabd50

SHA512
4531cccc383d4bbf03869b14e91d2337f84743bc96338c22939786dbb2bffa06db45eaf46b069118a055e682b6dbfb4fa17100bba741bed700aadb467aac85ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53188.exe

Filesize
184KB

MD5
ae75b32a07fde3f1eb557dffe3709b78

SHA1
a8a0f5bd549713c70353b27dd48e9f27a130fc23

SHA256
0ef63364fea676899798b23884876dc5fde21cbe8e906d316fb1b2e41636f020

SHA512
3fa0e168e23e6b757913124f841a6b4ce060e3fb0ee0c93772db1778c1adf8fc498a16dc962256f9dd35a957ccfe0ab31258817d03b9a5e246ac60684cde8f01

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe

Filesize
184KB

MD5
30e4ad69e6f632f07f3262399741b658

SHA1
a23e95c991d9ced4ab183e34642cefadcbec3fa6

SHA256
84ed9336fe412b08c2d1f46150b615134cdb8acae40d528238aebc10d23ea853

SHA512
a5dd9735006c45ab37015c4e5cb5dc7d3e1bf08922122570a3d17c397f8f61bfd2d1b6acba8323f571a569311cb2a4a3a9e789d3107be018a0271ce0517283bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe

Filesize
184KB

MD5
ed75cbb3e0d3155b5b4faa8413319a4e

SHA1
40214043178af08e237752d7fafad36b5d94ecfa

SHA256
c16773e37b9c11924737a06ebb3ec967e9f95cda07c681e9b1e638863663bead

SHA512
3993758b310666d0011be8d410f84e18f1b4cd26d8e49b9c5f8954731b5bd732596044aa94c4304414851023acf0f74eba3fc92d33ba9e52ea46ce9b1126adf3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads