b868cac75244b52eb573a503c35e76ae6f1084a719e1490385b7dc1e2c72da3b

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe
Size

188KB
MD5

0cd6728a77c8c555949d30b037c552ad
SHA1

ad7d1a05ff46d58fbcb9c09adbff8891906f718c
SHA256

b868cac75244b52eb573a503c35e76ae6f1084a719e1490385b7dc1e2c72da3b
SHA512

85d8b68f024bfbda30a876e7896d8091a710825bc2f037ff2a488d6a426e0c55673f8bc16b3fe2c2154d3302a74a836a93201273738da6692f6388ab4fbc4669
SSDEEP

3072:+vcbo2hBr7wQ0Odvf0iJnJOdn532MGvusggxFhXk5glH1pFv:+vAo4cQ0KfDJnJyW2W+glH1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1328	Unicorn-36809.exe
1116	Unicorn-15101.exe
1316	Unicorn-64857.exe
2324	Unicorn-44842.exe
2028	Unicorn-24976.exe
572	Unicorn-35605.exe
1500	Unicorn-18247.exe
1540	Unicorn-34583.exe
920	Unicorn-22885.exe
2480	Unicorn-20193.exe
680	Unicorn-35137.exe
2668	Unicorn-17514.exe
2680	Unicorn-37380.exe
2436	Unicorn-24936.exe
2948	Unicorn-2377.exe
2908	Unicorn-52133.exe
2104	Unicorn-41272.exe
2992	Unicorn-37742.exe
2952	Unicorn-57608.exe
1724	Unicorn-27157.exe
632	Unicorn-50270.exe
1056	Unicorn-35325.exe
848	Unicorn-26965.exe
2892	Unicorn-11183.exe
1936	Unicorn-56321.exe
2120	Unicorn-36455.exe
900	Unicorn-58267.exe
1564	Unicorn-39793.exe
2280	Unicorn-43877.exe
1580	Unicorn-32179.exe
1584	Unicorn-21319.exe
1692	Unicorn-36263.exe
1608	Unicorn-26171.exe
2020	Unicorn-34339.exe
872	Unicorn-30809.exe
676	Unicorn-57452.exe
704	Unicorn-15865.exe
1052	Unicorn-26747.exe
1744	Unicorn-43083.exe
2404	Unicorn-27301.exe
1772	Unicorn-24609.exe
2488	Unicorn-43637.exe
1844	Unicorn-6134.exe
2664	Unicorn-45584.exe
2540	Unicorn-42891.exe
2556	Unicorn-61365.exe
2644	Unicorn-6004.exe
2696	Unicorn-6004.exe
1352	Unicorn-25870.exe
2700	Unicorn-25870.exe
2656	Unicorn-25870.exe
1944	Unicorn-6004.exe
2852	Unicorn-25870.exe
2932	Unicorn-60021.exe
2988	Unicorn-60021.exe
2924	Unicorn-60021.exe
2928	Unicorn-60021.exe
1812	Unicorn-14349.exe
1404	Unicorn-14349.exe
1512	Unicorn-14349.exe
2964	Unicorn-14349.exe
3056	Unicorn-60021.exe
2980	Unicorn-14349.exe
3052	Unicorn-14349.exe

Loads dropped DLL 64 IoCs

pid	Process
1776	0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe
1776	0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe
1776	0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe
1328	Unicorn-36809.exe
1328	Unicorn-36809.exe
1776	0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe
1116	Unicorn-15101.exe
1116	Unicorn-15101.exe
1328	Unicorn-36809.exe
1328	Unicorn-36809.exe
1316	Unicorn-64857.exe
1316	Unicorn-64857.exe
2028	Unicorn-24976.exe
2028	Unicorn-24976.exe
2324	Unicorn-44842.exe
2324	Unicorn-44842.exe
1116	Unicorn-15101.exe
1116	Unicorn-15101.exe
572	Unicorn-35605.exe
572	Unicorn-35605.exe
1316	Unicorn-64857.exe
1316	Unicorn-64857.exe
2028	Unicorn-24976.exe
1500	Unicorn-18247.exe
2028	Unicorn-24976.exe
1500	Unicorn-18247.exe
920	Unicorn-22885.exe
920	Unicorn-22885.exe
1540	Unicorn-34583.exe
1540	Unicorn-34583.exe
2324	Unicorn-44842.exe
2324	Unicorn-44842.exe
680	Unicorn-35137.exe
680	Unicorn-35137.exe
572	Unicorn-35605.exe
572	Unicorn-35605.exe
2480	Unicorn-20193.exe
2480	Unicorn-20193.exe
2668	Unicorn-17514.exe
2668	Unicorn-17514.exe
1500	Unicorn-18247.exe
1500	Unicorn-18247.exe
2680	Unicorn-37380.exe
2680	Unicorn-37380.exe
2436	Unicorn-24936.exe
2436	Unicorn-24936.exe
920	Unicorn-22885.exe
920	Unicorn-22885.exe
1540	Unicorn-34583.exe
2948	Unicorn-2377.exe
2948	Unicorn-2377.exe
1540	Unicorn-34583.exe
2908	Unicorn-52133.exe
2908	Unicorn-52133.exe
2992	Unicorn-37742.exe
2992	Unicorn-37742.exe
2104	Unicorn-41272.exe
2104	Unicorn-41272.exe
680	Unicorn-35137.exe
2952	Unicorn-57608.exe
2480	Unicorn-20193.exe
680	Unicorn-35137.exe
2952	Unicorn-57608.exe
2480	Unicorn-20193.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2968	240	WerFault.exe	138

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1776	0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe
1328	Unicorn-36809.exe
1116	Unicorn-15101.exe
1316	Unicorn-64857.exe
2028	Unicorn-24976.exe
2324	Unicorn-44842.exe
572	Unicorn-35605.exe
1500	Unicorn-18247.exe
680	Unicorn-35137.exe
1540	Unicorn-34583.exe
920	Unicorn-22885.exe
2480	Unicorn-20193.exe
2668	Unicorn-17514.exe
2680	Unicorn-37380.exe
2436	Unicorn-24936.exe
2948	Unicorn-2377.exe
2908	Unicorn-52133.exe
2992	Unicorn-37742.exe
2104	Unicorn-41272.exe
2952	Unicorn-57608.exe
1724	Unicorn-27157.exe
632	Unicorn-50270.exe
1056	Unicorn-35325.exe
848	Unicorn-26965.exe
2892	Unicorn-11183.exe
1936	Unicorn-56321.exe
2120	Unicorn-36455.exe
900	Unicorn-58267.exe
1564	Unicorn-39793.exe
1580	Unicorn-32179.exe
2280	Unicorn-43877.exe
1692	Unicorn-36263.exe
1584	Unicorn-21319.exe
1608	Unicorn-26171.exe
2020	Unicorn-34339.exe
872	Unicorn-30809.exe
676	Unicorn-57452.exe
704	Unicorn-15865.exe
1052	Unicorn-26747.exe
1744	Unicorn-43083.exe
2404	Unicorn-27301.exe
1772	Unicorn-24609.exe
1844	Unicorn-6134.exe
2664	Unicorn-45584.exe
2540	Unicorn-42891.exe
2556	Unicorn-61365.exe
2100	Unicorn-53244.exe
2656	Unicorn-25870.exe
3056	Unicorn-60021.exe
1944	Unicorn-6004.exe
2852	Unicorn-25870.exe
2700	Unicorn-25870.exe
2696	Unicorn-6004.exe
2972	Unicorn-60021.exe
2924	Unicorn-60021.exe
2960	Unicorn-53519.exe
2964	Unicorn-14349.exe
3024	Unicorn-14349.exe
1328	Unicorn-7219.exe
2000	Unicorn-33653.exe
2088	Unicorn-49627.exe
1512	Unicorn-14349.exe
1404	Unicorn-14349.exe
2644	Unicorn-6004.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 1328	1776	0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe	30
PID 1776 wrote to memory of 1328	1776	0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe	30
PID 1776 wrote to memory of 1328	1776	0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe	30
PID 1776 wrote to memory of 1328	1776	0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe	30
PID 1328 wrote to memory of 1116	1328	Unicorn-36809.exe	31
PID 1328 wrote to memory of 1116	1328	Unicorn-36809.exe	31
PID 1328 wrote to memory of 1116	1328	Unicorn-36809.exe	31
PID 1328 wrote to memory of 1116	1328	Unicorn-36809.exe	31
PID 1776 wrote to memory of 1316	1776	0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe	32
PID 1776 wrote to memory of 1316	1776	0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe	32
PID 1776 wrote to memory of 1316	1776	0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe	32
PID 1776 wrote to memory of 1316	1776	0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe	32
PID 1116 wrote to memory of 2324	1116	Unicorn-15101.exe	33
PID 1116 wrote to memory of 2324	1116	Unicorn-15101.exe	33
PID 1116 wrote to memory of 2324	1116	Unicorn-15101.exe	33
PID 1116 wrote to memory of 2324	1116	Unicorn-15101.exe	33
PID 1328 wrote to memory of 2028	1328	Unicorn-36809.exe	34
PID 1328 wrote to memory of 2028	1328	Unicorn-36809.exe	34
PID 1328 wrote to memory of 2028	1328	Unicorn-36809.exe	34
PID 1328 wrote to memory of 2028	1328	Unicorn-36809.exe	34
PID 1316 wrote to memory of 572	1316	Unicorn-64857.exe	35
PID 1316 wrote to memory of 572	1316	Unicorn-64857.exe	35
PID 1316 wrote to memory of 572	1316	Unicorn-64857.exe	35
PID 1316 wrote to memory of 572	1316	Unicorn-64857.exe	35
PID 2028 wrote to memory of 1500	2028	Unicorn-24976.exe	36
PID 2028 wrote to memory of 1500	2028	Unicorn-24976.exe	36
PID 2028 wrote to memory of 1500	2028	Unicorn-24976.exe	36
PID 2028 wrote to memory of 1500	2028	Unicorn-24976.exe	36
PID 2324 wrote to memory of 1540	2324	Unicorn-44842.exe	37
PID 2324 wrote to memory of 1540	2324	Unicorn-44842.exe	37
PID 2324 wrote to memory of 1540	2324	Unicorn-44842.exe	37
PID 2324 wrote to memory of 1540	2324	Unicorn-44842.exe	37
PID 1116 wrote to memory of 920	1116	Unicorn-15101.exe	38
PID 1116 wrote to memory of 920	1116	Unicorn-15101.exe	38
PID 1116 wrote to memory of 920	1116	Unicorn-15101.exe	38
PID 1116 wrote to memory of 920	1116	Unicorn-15101.exe	38
PID 572 wrote to memory of 2480	572	Unicorn-35605.exe	39
PID 572 wrote to memory of 2480	572	Unicorn-35605.exe	39
PID 572 wrote to memory of 2480	572	Unicorn-35605.exe	39
PID 572 wrote to memory of 2480	572	Unicorn-35605.exe	39
PID 1316 wrote to memory of 680	1316	Unicorn-64857.exe	40
PID 1316 wrote to memory of 680	1316	Unicorn-64857.exe	40
PID 1316 wrote to memory of 680	1316	Unicorn-64857.exe	40
PID 1316 wrote to memory of 680	1316	Unicorn-64857.exe	40
PID 2028 wrote to memory of 2668	2028	Unicorn-24976.exe	41
PID 2028 wrote to memory of 2668	2028	Unicorn-24976.exe	41
PID 2028 wrote to memory of 2668	2028	Unicorn-24976.exe	41
PID 2028 wrote to memory of 2668	2028	Unicorn-24976.exe	41
PID 1500 wrote to memory of 2680	1500	Unicorn-18247.exe	42
PID 1500 wrote to memory of 2680	1500	Unicorn-18247.exe	42
PID 1500 wrote to memory of 2680	1500	Unicorn-18247.exe	42
PID 1500 wrote to memory of 2680	1500	Unicorn-18247.exe	42
PID 920 wrote to memory of 2436	920	Unicorn-22885.exe	43
PID 920 wrote to memory of 2436	920	Unicorn-22885.exe	43
PID 920 wrote to memory of 2436	920	Unicorn-22885.exe	43
PID 920 wrote to memory of 2436	920	Unicorn-22885.exe	43
PID 1540 wrote to memory of 2948	1540	Unicorn-34583.exe	44
PID 1540 wrote to memory of 2948	1540	Unicorn-34583.exe	44
PID 1540 wrote to memory of 2948	1540	Unicorn-34583.exe	44
PID 1540 wrote to memory of 2948	1540	Unicorn-34583.exe	44
PID 2324 wrote to memory of 2908	2324	Unicorn-44842.exe	45
PID 2324 wrote to memory of 2908	2324	Unicorn-44842.exe	45
PID 2324 wrote to memory of 2908	2324	Unicorn-44842.exe	45
PID 2324 wrote to memory of 2908	2324	Unicorn-44842.exe	45

C:\Users\Admin\AppData\Local\Temp\0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\0cd6728a77c8c555949d30b037c552ad_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2377.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56321.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24609.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53244.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        10⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43919.exe
        11⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        9⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33997.exe
        10⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
        11⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14131.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        7⤵
        Executes dropped EXE
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6134.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35860.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13384.exe
        10⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11267.exe
        11⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41349.exe
        9⤵
        
        PID:240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 148
        10⤵
        Program crash
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33653.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
        9⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49627.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        9⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30489.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12569.exe
        7⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exe
        8⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37884.exe
        9⤵
        
        PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        8⤵
        Executes dropped EXE
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
        9⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26213.exe
        10⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35196.exe
        11⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5024.exe
        10⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62689.exe
        11⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-523.exe
        12⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
        13⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        10⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43642.exe
        11⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14567.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        9⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        10⤵
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27301.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
        7⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23027.exe
        8⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        9⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        10⤵
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11183.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26747.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56088.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56171.exe
        9⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
        10⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5579.exe
        8⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        6⤵
        Executes dropped EXE
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44604.exe
        7⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3929.exe
        8⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25165.exe
        9⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21935.exe
        10⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
        8⤵
        
        PID:1260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18247.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35325.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15865.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        8⤵
        Executes dropped EXE
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        9⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        10⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        11⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27884.exe
        8⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe
        9⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
        10⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        11⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        10⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63332.exe
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
        9⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9793.exe
        8⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
        9⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63678.exe
        10⤵
        
        PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34339.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        8⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
        9⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        6⤵
        Executes dropped EXE
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15330.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39088.exe
        8⤵
        
        PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17514.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26171.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
        8⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
        9⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35196.exe
        10⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37560.exe
        12⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38739.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53218.exe
        8⤵
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60021.exe
        6⤵
        Executes dropped EXE
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54910.exe
        7⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
        8⤵
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57452.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14349.exe
        6⤵
        Executes dropped EXE
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        7⤵
        
        PID:2076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35605.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35605.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57608.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21319.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        8⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35196.exe
        9⤵
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32435.exe
        9⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6347.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
        9⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37884.exe
        10⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18095.exe
        11⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18018.exe
        9⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50990.exe
        10⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        11⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36263.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7219.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39793.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61365.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3571.exe
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26644.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62881.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43015.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46595.exe
        8⤵
        
        PID:2336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34298.exe
        7⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
        8⤵
        
        PID:464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
        6⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62414.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
        8⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        7⤵
        
        PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25870.exe
        5⤵
        Executes dropped EXE
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
        6⤵
        
        PID:2052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17514.exe

Filesize
188KB

MD5
1e1623ff102dfe66cb0c9af5366db5e5

SHA1
7cac02c6a820d0d67666ba27819814575c642b71

SHA256
53312369a38aa3976fc9001d97f0c535dd8cc51189210d11efb46a26993ee30d

SHA512
9fd2e740308769be1778e355667d5bf75cb88b80f85872ab324d1f80fbdce739d7b494b0c217aa4b8956149533e83f216aa179f63abea4ee834ed3d5fbf80a8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe

Filesize
188KB

MD5
f33dc1e745f86bf3a27ed59529a7e1aa

SHA1
8b8f12e8dcdbff2d2bf5a82c6b57a23fb79f594e

SHA256
ee40e24b75d7384ab010b0985c7b450650b552e91a6b74043263360fb3248c11

SHA512
3f33a91a705072b5801e23ecb8220b735a9b266594c41ce33ca22ac12718a0509d3ec2a3a7b409f082dd67ec01aba7752adf2a7d1d888b40fa948dc93c43c820

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe

Filesize
188KB

MD5
8a66b2e79ce9d483ea66a96f34e02b89

SHA1
7d73827174372023eaea469d9260595eff8965f7

SHA256
ecaab2627f647daa133c0bec40ea8ca285c6ef61aa5a377c8ef5d299c4054a3c

SHA512
b502bd49fa55ad7425d67498d04395c2a35d5fd31b90aac009eea8c0b9fbb706769b8e1e78ae194eec1d0459d0244554f582c16caa88cc9dcd213cef24db472b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe

Filesize
188KB

MD5
7069d9ee4a6259c6602e3406275f48bd

SHA1
a7e3bef3ea7275489da1184732616cc6c248b557

SHA256
e83fe34248a3586310262ccd0539bb03bb857d31769b7947cfa959e3f14eec49

SHA512
82b557fb29fbef663bd58470483c7b6bccaf7c4d9dd6832fed708e670866e34c0802a8c90e64297e729f4ffe7a490a3779d1854bdf3da58b3a6efc17671a2f31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35605.exe

Filesize
188KB

MD5
cf0033308ba2e2dbb255eff5d62d1a8f

SHA1
eec8ed6dc13fbb4c4eace90320525783074b6a97

SHA256
83ce9afe32b8a43ff87f26be0b48e11e1345c055dbdaa49b6e2777c8fa96d285

SHA512
36122ffebb81e4788faa291853d3032971b2ec6fe7e07411271c85c8ad87519b547023d6ebcea89993382b8d996cb4638dafeae5502eb321b0a10da5e9c8e980

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44842.exe

Filesize
188KB

MD5
a64e6ed923b075b6fd5a66e57ae8f4b9

SHA1
ca5af984a5df02fced649c0b4c0e550eacbc00d8

SHA256
c902a603ffbaed2443271b5b0fed0792883a9516534c8070973208315403b3e0

SHA512
3749fe1814a1babb04bb216879c253701706b870e769adeca99b2d64252f5e9b726e4fea0cce253450694725508ae0c765e983aeef80ba40d63dd619d70672ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5683.exe

Filesize
188KB

MD5
796fe3a8ee7b2c618b6d5a6d26939f5f

SHA1
bc0d6ea7294fbd07af253cc88fc03ca7228ba0a6

SHA256
42c8bc3a5788cb37ba4498768e77873a79262686b82c1c4443820ebc44efa82e

SHA512
ce7c7fd82bfff5de973392388c80337b6ed9f1dd6a4cbd5e83bc67f9852b0dac480e6d44442c14b751196290c226b87be5d2ba111b86df588f0b548ee70dd460

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6134.exe

Filesize
188KB

MD5
6e3fab08375769fc67ed97448be27f47

SHA1
7e83f6c80123c3e4a28148ee5907cd9d5850f9af

SHA256
85b9b5e3632a1bfd7ce662ba901fa458c1852c83040aaafb5d9850480d8713e2

SHA512
e116708b8521de69d76276ad9ba28f8a345f570d8094e4ed54baee4d3ca02bdb25a85da4454b6603f1573baf17cc32d97a1aedd9020fcc5ea166ecec092949bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe

Filesize
188KB

MD5
b668fd422128a4c1d94705f720e8e74e

SHA1
9e9cdea54b504ad27349597d827d685e79c9d238

SHA256
b4857d77bf05dfaf3026845a5a62088b7ce7fd0662893c941eb79c23cce2a3a7

SHA512
14b6f328a10a8e4e7cfebf761a71ab28f65c7b6ab5554d10e9bf9a3e051463331b9c9b3db99260bbe8a52b10d03a3e3acf0db43b715e8235b3d911223fc63875

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18247.exe

Filesize
188KB

MD5
326d58ae1ad845d73b8803d11d3ee495

SHA1
490bfeef3708935125305bd5d912e9e29d4e2f20

SHA256
77b00774d87cc4c2c53583977bff63d9cbf367c4d4d3960b865ac0f50facbb17

SHA512
7beea5e96d908a017b7cdadb8eed6b4c0ab8e2874a8f41b58ad98c1e6f229b59575f4e656cfb3aabd3772057e1382588f93cbdea74a61cbed3f079b9e83e8403

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2377.exe

Filesize
188KB

MD5
440914cb02f36920f29b6e747620076b

SHA1
c9f1881453811ca79dc3993251478d2d7d57f44c

SHA256
34989de9165f5a549122bcc2f0f21f11b37e811fbb17a6c846277c86c07146c9

SHA512
611cc7ee10a76c0e2c0c0f345ddab9007d1d81a029b4364104347d11127ed0c9dee76062fb06577ddf713896dec72ae747174680a36c4b321439e86f71b5c37d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe

Filesize
188KB

MD5
b4c2c9f1e3641dfb4ce130509f0e1c55

SHA1
f0a725bada99f0cf126dbbd5e4d90a74e0a88c19

SHA256
1745f90357588dcfb2c6c4df76b13ba2f6bf190bc3ce685f264048df7f0dd73c

SHA512
c0da187eb3c1069e06c92d7ceb750bf3ecb1d2df920eeb85c89053727a25fa513402a50bcb44687942f6483d3dd86ab83726d7d04cf3f5520461fa6b3cfaba75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe

Filesize
188KB

MD5
fb227a4be03c3641b0b934ba66ebaa3e

SHA1
c18c612aab88d2b036fe260c34e64e1afa837056

SHA256
2238541641eae3b7f9cbaa55b98f931bfd02a24a1aa37bd1745af55ed5074172

SHA512
265b7bf9ffb1d1ba484b616707b2c5b1353c1f7925e67dc5f61f5363750e921899e4e71e16323846dae8b9bc3929c30fb40e6e12fce791a359f53f81bee645ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe

Filesize
188KB

MD5
0ede9ed966ae1e76e47d23da27e0f491

SHA1
f7232f88f52c35e7dd16e0dfdabeec38c91aa95c

SHA256
890fa823d6cedd138e4a972083feaa7f5fbaf2a6724bf9fa8c5fd9153f93aec3

SHA512
24a7bafc77bfc646ee98c854eda5cd4a5bb8ab01d703da0d27aafa38b18b746588069b68e676cebb93dc847b1d3bac6f2344e885fbce4365a4af426e6a0b28f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe

Filesize
188KB

MD5
abec5de0f2651af32e6063140cc3ba99

SHA1
6dd9bb0719fe888d3320cf0494bf7779d0a1532c

SHA256
cfbeb80f385eb8d4faad275a8bd30f7b15b4f0295a7955a57079b0f9d08d551d

SHA512
81ac2a88b017999be545149af701de3f539da4c7c262333726e87abf0fb2f2bf814876a48256268420a36e8a5e932998d979adbd72f940fbb9a3e739baecd028

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe

Filesize
188KB

MD5
912a67f12a76e9ff5dc72182c05b4d39

SHA1
af5944ba8ec03f4c895c4685db2e8258b71d744e

SHA256
6f87c55f6a8030d31fd5f2c27d39ee652effda7f8a1f7d6e3cc051aa50d1a2f5

SHA512
f6aa608ccbe5b564b7310b22bd2543791cfd7b3f295712902c29841b310ca616f0b9979075e4b736ffcc260a37670022d40e6e19c725f7bd636273d481e187a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe

Filesize
188KB

MD5
6e5a88b968befe1c955e424cf4712c55

SHA1
754cf33ee835aeed6cefe6a64159e778ef284155

SHA256
cba78e386b50c847971cbc04f8896f82f50c55a3a2520ea4ce3feaf5093e6f0e

SHA512
64007984c7b0b6ff17ae3df0cd44b057216b5b31ad8412673080fcdb6528c49d2131d8e335914733b20692a3349547d8ad90513f0003637497fc2216362bcc0b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41272.exe

Filesize
188KB

MD5
569c0e9409bc25a3b804891a7d3404bc

SHA1
3b4cd6e98f7d068058314c862651b3a0a7625a2a

SHA256
e73a745ebbe7491d82c4f0ca780fe4f559032894fbf3028efbe13dec695f01fe

SHA512
abf5f5969667f3f82ccbed4d29b85cc4769cbd4a557b6d4429e0da1053b9135d520a527898815b007eb8154619c37c541202fd163a971a2486c959a95a4dae49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe

Filesize
188KB

MD5
a251db3bb0a52b9dbc791c1f40f103c8

SHA1
99f003189da5b16b77705164ea3fff167c0c1f1b

SHA256
f99a5479ca5c0bb8062297b22f314fb747f547a1e7e08faab276d7b58a23049b

SHA512
cccddd38b322b812298554ec11ad3bbd6183390695acf5c9e90621df2046e92b448e1444548c9159b16d203fe6503406d344bb0a5782723dd80f60fd091d5dae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64857.exe

Filesize
188KB

MD5
4f3ffb2db508f57ecb01f94c9e004ab2

SHA1
2e535f14e65ef433d0dd493a637be943027cb8b8

SHA256
db34dc3b0a13fdc2a3ddebcfb2d37bf249f4e23f41dc90ed08c32fe98fe883f3

SHA512
8950771483398b7e6e84d4d6710469aa6ba7212563aa6f2c110d36379b5d1ee742c8604f66c075a4216bf1034cb4f8c84be6a2744464e999cee49d3aede70f8c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads