d0259b787a1d4a21356ede04c60ec01a1090aca7d200470575437ced79a21e5a

Analysis

max time kernel
89s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 22:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe
Size

188KB
MD5

11dcd9b0e712f9438ec537e5a559ea45
SHA1

f2aca5ac8c87dfa08eef4abe000b34c5916dc07d
SHA256

d0259b787a1d4a21356ede04c60ec01a1090aca7d200470575437ced79a21e5a
SHA512

2d68e408d3c32151049383173c55ba67cc3f2a310fead71fbdb773a7f6a11cc90cbd662e945ac9cf0fd69a9e3ca374b2f825ccc28b3e54dd72de55b2f9d5ce69
SSDEEP

3072:4BTYomjtlcwp1Hje8Bt9TcRegU+MVBfTCexQ7ctwdlv1pFZ:4BcogJp1y8b9TcON81dlv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1328	Unicorn-1561.exe
1116	Unicorn-39470.exe
1612	Unicorn-15520.exe
1264	Unicorn-52573.exe
2032	Unicorn-63434.exe
580	Unicorn-9594.exe
1848	Unicorn-27960.exe
940	Unicorn-65463.exe
2460	Unicorn-14124.exe
2672	Unicorn-38074.exe
2872	Unicorn-60632.exe
2864	Unicorn-62324.exe
1828	Unicorn-20415.exe
2920	Unicorn-26999.exe
2908	Unicorn-34613.exe
3016	Unicorn-22361.exe
3052	Unicorn-33221.exe
240	Unicorn-48811.exe
1372	Unicorn-59672.exe
1032	Unicorn-52101.exe
2776	Unicorn-54794.exe
1728	Unicorn-56185.exe
2112	Unicorn-24643.exe
1936	Unicorn-13782.exe
2184	Unicorn-24089.exe
892	Unicorn-4223.exe
2276	Unicorn-26035.exe
1036	Unicorn-63346.exe
2040	Unicorn-36149.exe
2372	Unicorn-27981.exe
1700	Unicorn-65292.exe
2000	Unicorn-11343.exe
548	Unicorn-52931.exe
1096	Unicorn-29626.exe
920	Unicorn-16004.exe
696	Unicorn-57591.exe
2468	Unicorn-1421.exe
2888	Unicorn-11727.exe
2632	Unicorn-44955.exe
2848	Unicorn-40316.exe
2624	Unicorn-40316.exe
2836	Unicorn-8774.exe
1268	Unicorn-3943.exe
1868	Unicorn-65396.exe
1836	Unicorn-10720.exe
1872	Unicorn-18334.exe
3024	Unicorn-40892.exe
1648	Unicorn-16750.exe
3060	Unicorn-16750.exe
560	Unicorn-38623.exe
1688	Unicorn-58489.exe
1556	Unicorn-12002.exe
2428	Unicorn-30477.exe
3044	Unicorn-6527.exe
2844	Unicorn-5780.exe
2148	Unicorn-43283.exe
1748	Unicorn-19979.exe
2124	Unicorn-65095.exe
2576	Unicorn-10419.exe
2572	Unicorn-40399.exe
1636	Unicorn-47176.exe
1048	Unicorn-20555.exe
1760	Unicorn-61587.exe
2020	Unicorn-12941.exe

Loads dropped DLL 64 IoCs

pid	Process
2044	11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe
2044	11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe
1328	Unicorn-1561.exe
2044	11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe
1328	Unicorn-1561.exe
2044	11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe
1116	Unicorn-39470.exe
1328	Unicorn-1561.exe
1328	Unicorn-1561.exe
1116	Unicorn-39470.exe
1612	Unicorn-15520.exe
1612	Unicorn-15520.exe
1264	Unicorn-52573.exe
1264	Unicorn-52573.exe
1116	Unicorn-39470.exe
1116	Unicorn-39470.exe
580	Unicorn-9594.exe
580	Unicorn-9594.exe
1612	Unicorn-15520.exe
1612	Unicorn-15520.exe
2032	Unicorn-63434.exe
2032	Unicorn-63434.exe
940	Unicorn-65463.exe
940	Unicorn-65463.exe
1848	Unicorn-27960.exe
1848	Unicorn-27960.exe
1264	Unicorn-52573.exe
1264	Unicorn-52573.exe
2460	Unicorn-14124.exe
2460	Unicorn-14124.exe
2672	Unicorn-38074.exe
2672	Unicorn-38074.exe
580	Unicorn-9594.exe
580	Unicorn-9594.exe
2032	Unicorn-63434.exe
2872	Unicorn-60632.exe
2032	Unicorn-63434.exe
2872	Unicorn-60632.exe
2864	Unicorn-62324.exe
2864	Unicorn-62324.exe
940	Unicorn-65463.exe
940	Unicorn-65463.exe
2920	Unicorn-26999.exe
2920	Unicorn-26999.exe
1828	Unicorn-20415.exe
1848	Unicorn-27960.exe
1828	Unicorn-20415.exe
1848	Unicorn-27960.exe
2460	Unicorn-14124.exe
2908	Unicorn-34613.exe
2460	Unicorn-14124.exe
2908	Unicorn-34613.exe
3016	Unicorn-22361.exe
3016	Unicorn-22361.exe
2672	Unicorn-38074.exe
2672	Unicorn-38074.exe
1372	Unicorn-59672.exe
1372	Unicorn-59672.exe
240	Unicorn-48811.exe
240	Unicorn-48811.exe
2872	Unicorn-60632.exe
2872	Unicorn-60632.exe
1396	WerFault.exe
1396	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1396	3052	WerFault.exe	46

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2044	11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe
1328	Unicorn-1561.exe
1116	Unicorn-39470.exe
1612	Unicorn-15520.exe
1264	Unicorn-52573.exe
2032	Unicorn-63434.exe
580	Unicorn-9594.exe
940	Unicorn-65463.exe
1848	Unicorn-27960.exe
2460	Unicorn-14124.exe
2872	Unicorn-60632.exe
2672	Unicorn-38074.exe
2864	Unicorn-62324.exe
1828	Unicorn-20415.exe
2920	Unicorn-26999.exe
2908	Unicorn-34613.exe
3016	Unicorn-22361.exe
3052	Unicorn-33221.exe
240	Unicorn-48811.exe
1372	Unicorn-59672.exe
1032	Unicorn-52101.exe
2776	Unicorn-54794.exe
1728	Unicorn-56185.exe
2112	Unicorn-24643.exe
1936	Unicorn-13782.exe
892	Unicorn-4223.exe
2184	Unicorn-24089.exe
2276	Unicorn-26035.exe
1036	Unicorn-63346.exe
2372	Unicorn-27981.exe
1700	Unicorn-65292.exe
2040	Unicorn-36149.exe
548	Unicorn-52931.exe
2000	Unicorn-11343.exe
1096	Unicorn-29626.exe
920	Unicorn-16004.exe
696	Unicorn-57591.exe
2468	Unicorn-1421.exe
2888	Unicorn-11727.exe
2632	Unicorn-44955.exe
2848	Unicorn-40316.exe
2624	Unicorn-40316.exe
2836	Unicorn-8774.exe
1268	Unicorn-3943.exe
1868	Unicorn-65396.exe
1836	Unicorn-10720.exe
1872	Unicorn-18334.exe
3024	Unicorn-40892.exe
3060	Unicorn-16750.exe
1648	Unicorn-16750.exe
560	Unicorn-38623.exe
1688	Unicorn-58489.exe
2428	Unicorn-30477.exe
1556	Unicorn-12002.exe
2844	Unicorn-5780.exe
1748	Unicorn-19979.exe
2148	Unicorn-43283.exe
3044	Unicorn-6527.exe
2124	Unicorn-65095.exe
1636	Unicorn-47176.exe
2572	Unicorn-40399.exe
2576	Unicorn-10419.exe
1060	Unicorn-51089.exe
1048	Unicorn-20555.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1328	2044	11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe	30
PID 2044 wrote to memory of 1328	2044	11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe	30
PID 2044 wrote to memory of 1328	2044	11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe	30
PID 2044 wrote to memory of 1328	2044	11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe	30
PID 1328 wrote to memory of 1116	1328	Unicorn-1561.exe	31
PID 1328 wrote to memory of 1116	1328	Unicorn-1561.exe	31
PID 1328 wrote to memory of 1116	1328	Unicorn-1561.exe	31
PID 1328 wrote to memory of 1116	1328	Unicorn-1561.exe	31
PID 2044 wrote to memory of 1612	2044	11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe	32
PID 2044 wrote to memory of 1612	2044	11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe	32
PID 2044 wrote to memory of 1612	2044	11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe	32
PID 2044 wrote to memory of 1612	2044	11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe	32
PID 1328 wrote to memory of 2032	1328	Unicorn-1561.exe	34
PID 1328 wrote to memory of 2032	1328	Unicorn-1561.exe	34
PID 1328 wrote to memory of 2032	1328	Unicorn-1561.exe	34
PID 1328 wrote to memory of 2032	1328	Unicorn-1561.exe	34
PID 1116 wrote to memory of 1264	1116	Unicorn-39470.exe	33
PID 1116 wrote to memory of 1264	1116	Unicorn-39470.exe	33
PID 1116 wrote to memory of 1264	1116	Unicorn-39470.exe	33
PID 1116 wrote to memory of 1264	1116	Unicorn-39470.exe	33
PID 1612 wrote to memory of 580	1612	Unicorn-15520.exe	35
PID 1612 wrote to memory of 580	1612	Unicorn-15520.exe	35
PID 1612 wrote to memory of 580	1612	Unicorn-15520.exe	35
PID 1612 wrote to memory of 580	1612	Unicorn-15520.exe	35
PID 1264 wrote to memory of 1848	1264	Unicorn-52573.exe	36
PID 1264 wrote to memory of 1848	1264	Unicorn-52573.exe	36
PID 1264 wrote to memory of 1848	1264	Unicorn-52573.exe	36
PID 1264 wrote to memory of 1848	1264	Unicorn-52573.exe	36
PID 1116 wrote to memory of 940	1116	Unicorn-39470.exe	37
PID 1116 wrote to memory of 940	1116	Unicorn-39470.exe	37
PID 1116 wrote to memory of 940	1116	Unicorn-39470.exe	37
PID 1116 wrote to memory of 940	1116	Unicorn-39470.exe	37
PID 580 wrote to memory of 2672	580	Unicorn-9594.exe	38
PID 580 wrote to memory of 2672	580	Unicorn-9594.exe	38
PID 580 wrote to memory of 2672	580	Unicorn-9594.exe	38
PID 580 wrote to memory of 2672	580	Unicorn-9594.exe	38
PID 1612 wrote to memory of 2460	1612	Unicorn-15520.exe	39
PID 1612 wrote to memory of 2460	1612	Unicorn-15520.exe	39
PID 1612 wrote to memory of 2460	1612	Unicorn-15520.exe	39
PID 1612 wrote to memory of 2460	1612	Unicorn-15520.exe	39
PID 2032 wrote to memory of 2872	2032	Unicorn-63434.exe	40
PID 2032 wrote to memory of 2872	2032	Unicorn-63434.exe	40
PID 2032 wrote to memory of 2872	2032	Unicorn-63434.exe	40
PID 2032 wrote to memory of 2872	2032	Unicorn-63434.exe	40
PID 940 wrote to memory of 2864	940	Unicorn-65463.exe	41
PID 940 wrote to memory of 2864	940	Unicorn-65463.exe	41
PID 940 wrote to memory of 2864	940	Unicorn-65463.exe	41
PID 940 wrote to memory of 2864	940	Unicorn-65463.exe	41
PID 1848 wrote to memory of 1828	1848	Unicorn-27960.exe	42
PID 1848 wrote to memory of 1828	1848	Unicorn-27960.exe	42
PID 1848 wrote to memory of 1828	1848	Unicorn-27960.exe	42
PID 1848 wrote to memory of 1828	1848	Unicorn-27960.exe	42
PID 1264 wrote to memory of 2920	1264	Unicorn-52573.exe	43
PID 1264 wrote to memory of 2920	1264	Unicorn-52573.exe	43
PID 1264 wrote to memory of 2920	1264	Unicorn-52573.exe	43
PID 1264 wrote to memory of 2920	1264	Unicorn-52573.exe	43
PID 2460 wrote to memory of 2908	2460	Unicorn-14124.exe	44
PID 2460 wrote to memory of 2908	2460	Unicorn-14124.exe	44
PID 2460 wrote to memory of 2908	2460	Unicorn-14124.exe	44
PID 2460 wrote to memory of 2908	2460	Unicorn-14124.exe	44
PID 2672 wrote to memory of 3016	2672	Unicorn-38074.exe	45
PID 2672 wrote to memory of 3016	2672	Unicorn-38074.exe	45
PID 2672 wrote to memory of 3016	2672	Unicorn-38074.exe	45
PID 2672 wrote to memory of 3016	2672	Unicorn-38074.exe	45

C:\Users\Admin\AppData\Local\Temp\11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\11dcd9b0e712f9438ec537e5a559ea45_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20415.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13782.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        10⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38277.exe
        11⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53518.exe
        12⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        13⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60295.exe
        11⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29412.exe
        12⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47176.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        10⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32522.exe
        11⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44955.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20555.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17369.exe
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27587.exe
        10⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43487.exe
        11⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24643.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1421.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
        9⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16186.exe
        10⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4426.exe
        10⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        11⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
        10⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26999.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5780.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42366.exe
        9⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7036.exe
        10⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
        11⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        12⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42868.exe
        10⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
        11⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        12⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
        11⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38806.exe
        9⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19979.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
        8⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30856.exe
        9⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25641.exe
        10⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
        9⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4317.exe
        10⤵
        
        PID:268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52101.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11343.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
        9⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56948.exe
        10⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        11⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
        12⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16662.exe
        9⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
        10⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-155.exe
        9⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39024.exe
        10⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33098.exe
        11⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
        8⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
        9⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27779.exe
        10⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        8⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59444.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40415.exe
        10⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        11⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
        10⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        9⤵
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12002.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
        8⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        9⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11011.exe
        10⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57218.exe
        11⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        12⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
        11⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26475.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
        9⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26876.exe
        10⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29900.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31951.exe
        8⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
        9⤵
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54794.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29626.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54618.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21230.exe
        10⤵
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6527.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49164.exe
        7⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
        8⤵
        
        PID:1372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48811.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3943.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        8⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42366.exe
        9⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
        10⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
        11⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46974.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
        10⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65292.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
        7⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30197.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        9⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50274.exe
        6⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28168.exe
        7⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1603.exe
        9⤵
        
        PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36149.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        6⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11447.exe
        7⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56512.exe
        8⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63056.exe
        9⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        10⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
        9⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39106.exe
        8⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe
        6⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30301.exe
        7⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6730.exe
        8⤵
        
        PID:592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38074.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26035.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59081.exe
        9⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58972.exe
        8⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11753.exe
        8⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16750.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6548.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59086.exe
        8⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35620.exe
        10⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53611.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58458.exe
        8⤵
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25023.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48152.exe
        9⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24546.exe
        10⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        11⤵
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-881.exe
        6⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45459.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8484.exe
        8⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54156.exe
        7⤵
        
        PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33221.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3052
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14124.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24089.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        9⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55728.exe
        6⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30690.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
        8⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
        9⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24447.exe
        6⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1141.exe
        7⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46118.exe
        9⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        8⤵
        
        PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40316.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
        6⤵
        Executes dropped EXE
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32060.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        9⤵
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12941.exe
        5⤵
        Executes dropped EXE
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41629.exe
        6⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43487.exe
        7⤵
        
        PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14124.exe

Filesize
188KB

MD5
1de73cc66f416ebb97f27fb0d5b825ad

SHA1
96f988349356f05a4f56d934032bbe7052ec588b

SHA256
77af2226bcd94a7dc55f8cc58d2f2084490339356ba475661e0667d6b700e548

SHA512
cbe2b2018b956572d6357c56613e1faf5a41b7eef3db78c589af0a42558311216d0fcfbe06f3cb8e0a75eecd7bbf1fbded82e3c351a128b1807a8d7282e2e481

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe

Filesize
188KB

MD5
978ffa0841a35ff901630c2cfd12b2bd

SHA1
3c8cfb1089a37fdf8eb4a23fd1e9ffbb6046dfea

SHA256
b5c6cd71cab2ed6a0ba03ac555d72136fe00f6539c1fca80605266d6c3847943

SHA512
2813f98d11d247e7db1565ff6c9a499119993f175fc83461b5d5285304ccee1588c2d81400e021831a25303d2893eaf92d94a9e3ea7133eeea68262a9a6cb56e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe

Filesize
188KB

MD5
5cf544746dd4ec7d312981e0fa79fbec

SHA1
149f5fc937f537c5fd5dd74957831b205529e837

SHA256
ec0a42555a7ccfd151526a2b7aab6ada40c80355dfd3ce234fb6a4c8ebf26a53

SHA512
12b5429cfa8175eacb24b240ba2a71795edbd96b612377ea4e56ab2f7a878090258a381cd2368ea7582d134e715c5982e3a2a182362d4cf08b9e7a3e46c382c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe

Filesize
188KB

MD5
7351e718f82ae33dbf1dcc15c4bcd2ce

SHA1
7a3041b6e3bfbb42bbabb7d3bea7c84c0d750f56

SHA256
bd150437b0652f995e426aa1b7b294f2274e6075b671bba94e671297cf6ba93e

SHA512
830f30d73e89436c9cde002c0195ba8f3e6f976328405899eb9d4fddeb63a09ee10219e936d6ad2e7de234857870f5f20474c7ba723174c64b8b8206e5205674

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe

Filesize
188KB

MD5
79c687042b881bcb19c107595c1f2d3b

SHA1
63160b3fbfcc77b0e9fdc44dae0344f1d2c7e0b0

SHA256
32086b398abd3d1fe049408232eccba7228b37bb0265c8aea31c10e7d33a2556

SHA512
58232407527d5f4518169bdb9d7f123f7b8b09d7184b2e944d568ed892da1807c42cc901a43b9dbc6ed3f0482ddc8482aca646db6e59cce6a9260c40deb191c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15520.exe

Filesize
188KB

MD5
8210e5d1262dbcf97a35ca4aa5f0874f

SHA1
f47edc2259976d22aa853a93d9bc5a4fd654a1ed

SHA256
3a017cd713fe05d4c6b616f68f1497db7f4e4943bb6ab5611bccc414ea79a79f

SHA512
3416540cf057a36b13a16bae1bbaca8d5ebf94012d56ccc608b89880d39d9720e552239b2a6f63a7ff66d71be72cba733ca20b5579eb0757cc5716beecb8d7c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe

Filesize
188KB

MD5
b8161921cbca435d77aaf22e30274142

SHA1
1ce3c8988bacf22f086c69ab5c5425c282d17f73

SHA256
89515704ca6d3d7a2c3cf0ace0ddaf80ddfe593a33b41b480b8b8339be60edbb

SHA512
c477fe3db644d1d1d5e952c2c34fa826005dc91d1e58010774c07bf9bbb2a038f52795473ca920206a4ad928eab0e5af50a703fb27d588a7c3f89fe119fd2843

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20415.exe

Filesize
188KB

MD5
9402e7ea44ffa51e6ae909687a382635

SHA1
2330559bbbda9cba53465e1c5f34da1c02db7434

SHA256
abd9ec71b3c75668473fa60f107cc0b4273d4bb67d45996ea1aa7a6b773c4b2a

SHA512
25be7aabb500df5c7114566966c2648972c22718419ee522d93ec030bc88d53255d397ef7d47d46b034aae8e8c87e5239e456e09db17aa0f637a1577eaf17d9a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26999.exe

Filesize
188KB

MD5
3c123f5d12a2436126a6d1c9134906fe

SHA1
948b959a58838a3dbb36d653822331a16411c468

SHA256
b8db78674999bcbd48a7c5a9b74a794cd81f0f17d7e163b862bcec9fb39892a1

SHA512
2d77fbe809aced220de6d67e96bc191af0ccd71adc02ca18fe50c0798b6e31a5d17e50ca58fb7354a544717c83b33ebfd2572a529cd921fd8bb90a4223880a15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe

Filesize
188KB

MD5
65ed3e42643bdd101f8676d02e953b35

SHA1
20eaa3428282904a7a0df096dceabdf46270994d

SHA256
6f08ea45ecd60ca70ce491a5de6528f2d468a5cd71c76d891601d963377e47d7

SHA512
237a48830c4f0e71fdbf4c11b70c35ec1eab9fe82ca18247e91cc9290ba5aadf2406c7a9797bdadcab3404234927a0f3275cf8c39e5a98edbf1adcfc6cd6971d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33221.exe

Filesize
188KB

MD5
05e66ca879f4cea4890857d6c102fe41

SHA1
f9dd8ca52602fa7526db55121b5fa2a6e179223a

SHA256
77a3cb03583f3d47989427ca3626c2b50ecc9fb2322690e192287f562e86b187

SHA512
e2424b1dc72472dc0945d5694967b4cb4cce702d4a56936d6903d0e77dcfad84cf0485bbdcf133b7756cec0bd4cfc50937a1fa215b6a6cc50e357e7dc03b5338

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38074.exe

Filesize
188KB

MD5
531d8cfe3bc2854b8df3fa2e98e0b13d

SHA1
06fd6c252722b6f4b3ce2a863178f3aa875a828a

SHA256
b8a1c73e6b9b6c10330ad8500f6c1456d65892d2b161ccb908fc1271fbab2798

SHA512
e709c0cde4273e2e8a0cf83fa873bdc1d85947bd92b2e573c7cf0333c13bc2cec7a757026ba9eac8e9a8bcdde6bde7514c4f512d5429737e0e492ab2f0e88bfb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39470.exe

Filesize
188KB

MD5
570350d938e29c539295281b876d8ec7

SHA1
a2744ce2881b26972c8477ac6ac7fa36538bef5b

SHA256
b513e72e3d1fddc0ee171e0bc9ea23ae447d22e7ced1f7d10309104c8e71a2d7

SHA512
bf6f303d3155ec18ca04c7bd490fbf7dcfd58cb14bcf444a3b240829f465171f43a8564bb179a4d2d3f9c87a1a91aa4ebfde3100a51ce6542e1ff7b76457ef95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48811.exe

Filesize
188KB

MD5
d7cbaf4573cac88b65d29bcfdcd79700

SHA1
0ad32bc2dcfd377a1a3212304da3bf0b1e7a9d36

SHA256
efea01fbca3337c9fa921be92578f566cb766b0e9e9cc66f77b0976071ce42e4

SHA512
97f49d89e7002d827ef91a3510e2235a807196e23a93732dd1725951338708d3439d7559f9b531266edacf1616b77a8955b5dda5fbb56eb305baf0facdc677a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe

Filesize
188KB

MD5
c729e3261d7a5fc89d23272fcc0ac51f

SHA1
147ccec139dd2190f209c201d9791b98ede0a74b

SHA256
1297f5732ae71616e5e8f3ede84d7e34ec55f80cf7313e36ee3fb769d3912d80

SHA512
8ac8d6f3047f566f2972ba36249a64c1786a8ea808c70b9d1c3744e92b812606d228abcc67f0dc9249877b6da2b68a2688f486f5f469982e9e51c9a7cd73a245

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe

Filesize
188KB

MD5
0e07657a10a0fa683bb1f41839307ce6

SHA1
9c6e06f24ee46977d25d846e10ed387a991184b6

SHA256
ff69e41bfaef98ee93fdb7dc6b40b25219d474ab3345ad98b3969d4f54a26b65

SHA512
0e3f8642278a8484cb36b88a36a7b86b89c6fbddf966ea5b9247a9b78fec2240f724e5597c0f75363515ca5fd9f9b02e5221c91dc1c930be9210bbbe90b5af02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe

Filesize
188KB

MD5
f98e4b4d4de98e6888191824e71ec9da

SHA1
ecc34654a76c12fb4061f8478db453b8971ebe05

SHA256
3f3fb2f0b5e9091fa3102d97a79912441b6fc2591fed13932c84f2f0e2fcd741

SHA512
7ac31859626618ae934da51704f8d2cc5401c838c297247da8687275fa072194a760fca171b70adbbb8ef772c0fc2ad09628b06b4b8e0a9f4cf703c4b21c7611

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62324.exe

Filesize
188KB

MD5
50b486578e36778829d34ca198c05787

SHA1
6c5a5423432d6099a0920fc204e92f4a708222d3

SHA256
78cb4685cab86782de5b5ff91b18c76a19d8f145d64d3fa734f8ae558cbb45a0

SHA512
c28460e4ceda61b5006fdd5a00f2a686cdb8de02d37aec577c42d89a9da3c0ba5c3cef537d22e5cefcfb03b890eb061993497b8bef06827251a41c8b89dbdf2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe

Filesize
188KB

MD5
3d86388e85c55b134a28765b61bff68c

SHA1
3d189863bd58c203182f810a71df6a83988e4b97

SHA256
7d6bd54008c801e92e64f398ecfe783aeaea6366734bb2540fd32f8764c0b536

SHA512
a19323a91a30906ae1dfac06383dde7cd6d59867ec470efd1502c27bcfa160ebddfe9f83e07ef995b31c25a3921369fa438de770565ee69cf1d000d9461b7536

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe

Filesize
188KB

MD5
bc32e391cecb162e4197bb1b3c3aaf76

SHA1
ec94db7cf6541e63a56aff4996a47097e7b39fd7

SHA256
92e61774abe2e40d7bc36818664fea65d72912bbb76e36ef111bed4f3c8e0105

SHA512
845ee49e9af36cb28ac2f83d6ad929823d4eb2189b0299987b07225cb64a928fdd616e75d8ea77b3398be36cb9a28118788d6419f063a882540ddb9ce7452da6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads