e97bf2a144c849a6c11e657b7da4bfdd02dfd9c59d51f90cb8e5a336488935f6

Analysis

max time kernel
32s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/03/2024, 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2139f458312954b92f59beb0824003e2_JaffaCakes118.exe
Size

188KB
MD5

2139f458312954b92f59beb0824003e2
SHA1

021ffe6545ea57f6d6ce94455598cce48e87831b
SHA256

e97bf2a144c849a6c11e657b7da4bfdd02dfd9c59d51f90cb8e5a336488935f6
SHA512

80b1231f6275e960c98a592abd4820ac52a556cf8a12f6c16c1a7b76b5af66c675348707dc69f5a5a589e724ce7598c305ba85839070137e5341d0204e4c28b7
SSDEEP

3072:4BPRomjtsswp1Hjk8yf3TUReDUiMNBfWClxQ7crRdlv1pFZ:4BJoB5p1o843TUPNYSdlv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2952	Unicorn-42673.exe
2632	Unicorn-13134.exe
2564	Unicorn-20748.exe
2584	Unicorn-33684.exe
2528	Unicorn-58703.exe
2928	Unicorn-31027.exe
768	Unicorn-9668.exe
960	Unicorn-62953.exe
2400	Unicorn-63316.exe
1448	Unicorn-10903.exe
1740	Unicorn-33222.exe
2348	Unicorn-40836.exe
1520	Unicorn-57172.exe
1472	Unicorn-37306.exe
2288	Unicorn-28631.exe
3036	Unicorn-20825.exe
1004	Unicorn-21977.exe
432	Unicorn-3825.exe
1540	Unicorn-61749.exe
1516	Unicorn-16078.exe
1388	Unicorn-32222.exe
772	Unicorn-8272.exe
1928	Unicorn-61469.exe
556	Unicorn-17697.exe
2908	Unicorn-10083.exe
2984	Unicorn-50369.exe
1816	Unicorn-62792.exe
1664	Unicorn-17121.exe
2636	Unicorn-4868.exe
2660	Unicorn-51329.exe
2696	Unicorn-43715.exe
2732	Unicorn-59497.exe
2432	Unicorn-51884.exe
2436	Unicorn-6212.exe
588	Unicorn-55844.exe
1856	Unicorn-35978.exe
2688	Unicorn-39508.exe
2480	Unicorn-63820.exe
2756	Unicorn-43955.exe
2360	Unicorn-10343.exe
1964	Unicorn-51931.exe
2356	Unicorn-38932.exe
1824	Unicorn-36746.exe
1136	Unicorn-60696.exe
2900	Unicorn-11495.exe
2800	Unicorn-57167.exe
3028	Unicorn-55351.exe
2632	Unicorn-42907.exe
2804	Unicorn-50883.exe
2104	Unicorn-46799.exe
2128	Unicorn-39185.exe
2156	Unicorn-35101.exe
2044	Unicorn-32937.exe
3060	Unicorn-52803.exe
2220	Unicorn-60971.exe
1728	Unicorn-24023.exe
1444	Unicorn-20301.exe
2728	Unicorn-48335.exe
2620	Unicorn-52886.exe
2484	Unicorn-19830.exe
1688	Unicorn-65501.exe
2820	Unicorn-57141.exe
2920	Unicorn-3301.exe
524	Unicorn-56394.exe

Loads dropped DLL 64 IoCs

pid	Process
1056	2139f458312954b92f59beb0824003e2_JaffaCakes118.exe
1056	2139f458312954b92f59beb0824003e2_JaffaCakes118.exe
2952	Unicorn-42673.exe
1056	2139f458312954b92f59beb0824003e2_JaffaCakes118.exe
1056	2139f458312954b92f59beb0824003e2_JaffaCakes118.exe
2952	Unicorn-42673.exe
2952	Unicorn-42673.exe
2952	Unicorn-42673.exe
2632	Unicorn-13134.exe
2632	Unicorn-13134.exe
2564	Unicorn-20748.exe
2564	Unicorn-20748.exe
2528	Unicorn-58703.exe
2632	Unicorn-13134.exe
2528	Unicorn-58703.exe
2584	Unicorn-33684.exe
2584	Unicorn-33684.exe
2632	Unicorn-13134.exe
2928	Unicorn-31027.exe
2928	Unicorn-31027.exe
2584	Unicorn-33684.exe
960	Unicorn-62953.exe
2584	Unicorn-33684.exe
960	Unicorn-62953.exe
2400	Unicorn-63316.exe
2528	Unicorn-58703.exe
2400	Unicorn-63316.exe
2528	Unicorn-58703.exe
1448	Unicorn-10903.exe
1448	Unicorn-10903.exe
2928	Unicorn-31027.exe
2928	Unicorn-31027.exe
768	Unicorn-9668.exe
768	Unicorn-9668.exe
2348	Unicorn-40836.exe
2348	Unicorn-40836.exe
960	Unicorn-62953.exe
960	Unicorn-62953.exe
1520	Unicorn-57172.exe
1520	Unicorn-57172.exe
1472	Unicorn-37306.exe
1472	Unicorn-37306.exe
2400	Unicorn-63316.exe
2400	Unicorn-63316.exe
1860	WerFault.exe
1860	WerFault.exe
1860	WerFault.exe
1860	WerFault.exe
1860	WerFault.exe
3036	Unicorn-20825.exe
3036	Unicorn-20825.exe
2288	Unicorn-28631.exe
1448	Unicorn-10903.exe
2288	Unicorn-28631.exe
1448	Unicorn-10903.exe
1004	Unicorn-21977.exe
1004	Unicorn-21977.exe
2348	Unicorn-40836.exe
432	Unicorn-3825.exe
2348	Unicorn-40836.exe
432	Unicorn-3825.exe
1540	Unicorn-61749.exe
1540	Unicorn-61749.exe
1516	Unicorn-16078.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1860	1740	WerFault.exe	38
1496	2480	WerFault.exe	66
1504	3008	WerFault.exe	142

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1056	2139f458312954b92f59beb0824003e2_JaffaCakes118.exe
2952	Unicorn-42673.exe
2632	Unicorn-13134.exe
2564	Unicorn-20748.exe
2584	Unicorn-33684.exe
2528	Unicorn-58703.exe
2928	Unicorn-31027.exe
960	Unicorn-62953.exe
768	Unicorn-9668.exe
2400	Unicorn-63316.exe
1448	Unicorn-10903.exe
2348	Unicorn-40836.exe
1520	Unicorn-57172.exe
1740	Unicorn-33222.exe
1472	Unicorn-37306.exe
3036	Unicorn-20825.exe
2288	Unicorn-28631.exe
1004	Unicorn-21977.exe
432	Unicorn-3825.exe
1540	Unicorn-61749.exe
1516	Unicorn-16078.exe
1388	Unicorn-32222.exe
772	Unicorn-8272.exe
1928	Unicorn-61469.exe
556	Unicorn-17697.exe
2908	Unicorn-10083.exe
2984	Unicorn-50369.exe
1816	Unicorn-62792.exe
1664	Unicorn-17121.exe
2636	Unicorn-4868.exe
2696	Unicorn-43715.exe
2432	Unicorn-51884.exe
2436	Unicorn-6212.exe
2732	Unicorn-59497.exe
588	Unicorn-55844.exe
1856	Unicorn-35978.exe
2480	Unicorn-63820.exe
2688	Unicorn-39508.exe
2756	Unicorn-43955.exe
2360	Unicorn-10343.exe
1964	Unicorn-51931.exe
2800	Unicorn-57167.exe
1136	Unicorn-60696.exe
1824	Unicorn-36746.exe
2356	Unicorn-38932.exe
2900	Unicorn-11495.exe
3028	Unicorn-55351.exe
2632	Unicorn-42907.exe
2128	Unicorn-39185.exe
2804	Unicorn-50883.exe
2104	Unicorn-46799.exe
2156	Unicorn-35101.exe
3060	Unicorn-52803.exe
2044	Unicorn-32937.exe
2220	Unicorn-60971.exe
1728	Unicorn-24023.exe
1444	Unicorn-20301.exe
2728	Unicorn-48335.exe
2620	Unicorn-52886.exe
2484	Unicorn-19830.exe
1688	Unicorn-65501.exe
2820	Unicorn-57141.exe
2920	Unicorn-3301.exe
1060	Unicorn-48781.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 2952	1056	2139f458312954b92f59beb0824003e2_JaffaCakes118.exe	28
PID 1056 wrote to memory of 2952	1056	2139f458312954b92f59beb0824003e2_JaffaCakes118.exe	28
PID 1056 wrote to memory of 2952	1056	2139f458312954b92f59beb0824003e2_JaffaCakes118.exe	28
PID 1056 wrote to memory of 2952	1056	2139f458312954b92f59beb0824003e2_JaffaCakes118.exe	28
PID 1056 wrote to memory of 2632	1056	2139f458312954b92f59beb0824003e2_JaffaCakes118.exe	30
PID 1056 wrote to memory of 2632	1056	2139f458312954b92f59beb0824003e2_JaffaCakes118.exe	30
PID 1056 wrote to memory of 2632	1056	2139f458312954b92f59beb0824003e2_JaffaCakes118.exe	30
PID 1056 wrote to memory of 2632	1056	2139f458312954b92f59beb0824003e2_JaffaCakes118.exe	30
PID 2952 wrote to memory of 2564	2952	Unicorn-42673.exe	29
PID 2952 wrote to memory of 2564	2952	Unicorn-42673.exe	29
PID 2952 wrote to memory of 2564	2952	Unicorn-42673.exe	29
PID 2952 wrote to memory of 2564	2952	Unicorn-42673.exe	29
PID 2952 wrote to memory of 2584	2952	Unicorn-42673.exe	31
PID 2952 wrote to memory of 2584	2952	Unicorn-42673.exe	31
PID 2952 wrote to memory of 2584	2952	Unicorn-42673.exe	31
PID 2952 wrote to memory of 2584	2952	Unicorn-42673.exe	31
PID 2632 wrote to memory of 2528	2632	Unicorn-13134.exe	32
PID 2632 wrote to memory of 2528	2632	Unicorn-13134.exe	32
PID 2632 wrote to memory of 2528	2632	Unicorn-13134.exe	32
PID 2632 wrote to memory of 2528	2632	Unicorn-13134.exe	32
PID 2564 wrote to memory of 2928	2564	Unicorn-20748.exe	33
PID 2564 wrote to memory of 2928	2564	Unicorn-20748.exe	33
PID 2564 wrote to memory of 2928	2564	Unicorn-20748.exe	33
PID 2564 wrote to memory of 2928	2564	Unicorn-20748.exe	33
PID 2528 wrote to memory of 768	2528	Unicorn-58703.exe	34
PID 2528 wrote to memory of 768	2528	Unicorn-58703.exe	34
PID 2528 wrote to memory of 768	2528	Unicorn-58703.exe	34
PID 2528 wrote to memory of 768	2528	Unicorn-58703.exe	34
PID 2584 wrote to memory of 960	2584	Unicorn-33684.exe	36
PID 2584 wrote to memory of 960	2584	Unicorn-33684.exe	36
PID 2584 wrote to memory of 960	2584	Unicorn-33684.exe	36
PID 2584 wrote to memory of 960	2584	Unicorn-33684.exe	36
PID 2632 wrote to memory of 2400	2632	Unicorn-13134.exe	35
PID 2632 wrote to memory of 2400	2632	Unicorn-13134.exe	35
PID 2632 wrote to memory of 2400	2632	Unicorn-13134.exe	35
PID 2632 wrote to memory of 2400	2632	Unicorn-13134.exe	35
PID 2928 wrote to memory of 1448	2928	Unicorn-31027.exe	37
PID 2928 wrote to memory of 1448	2928	Unicorn-31027.exe	37
PID 2928 wrote to memory of 1448	2928	Unicorn-31027.exe	37
PID 2928 wrote to memory of 1448	2928	Unicorn-31027.exe	37
PID 2584 wrote to memory of 1740	2584	Unicorn-33684.exe	38
PID 2584 wrote to memory of 1740	2584	Unicorn-33684.exe	38
PID 2584 wrote to memory of 1740	2584	Unicorn-33684.exe	38
PID 2584 wrote to memory of 1740	2584	Unicorn-33684.exe	38
PID 960 wrote to memory of 2348	960	Unicorn-62953.exe	39
PID 960 wrote to memory of 2348	960	Unicorn-62953.exe	39
PID 960 wrote to memory of 2348	960	Unicorn-62953.exe	39
PID 960 wrote to memory of 2348	960	Unicorn-62953.exe	39
PID 2400 wrote to memory of 1520	2400	Unicorn-63316.exe	40
PID 2400 wrote to memory of 1520	2400	Unicorn-63316.exe	40
PID 2400 wrote to memory of 1520	2400	Unicorn-63316.exe	40
PID 2400 wrote to memory of 1520	2400	Unicorn-63316.exe	40
PID 2528 wrote to memory of 1472	2528	Unicorn-58703.exe	41
PID 2528 wrote to memory of 1472	2528	Unicorn-58703.exe	41
PID 2528 wrote to memory of 1472	2528	Unicorn-58703.exe	41
PID 2528 wrote to memory of 1472	2528	Unicorn-58703.exe	41
PID 1448 wrote to memory of 2288	1448	Unicorn-10903.exe	42
PID 1448 wrote to memory of 2288	1448	Unicorn-10903.exe	42
PID 1448 wrote to memory of 2288	1448	Unicorn-10903.exe	42
PID 1448 wrote to memory of 2288	1448	Unicorn-10903.exe	42
PID 2928 wrote to memory of 3036	2928	Unicorn-31027.exe	43
PID 2928 wrote to memory of 3036	2928	Unicorn-31027.exe	43
PID 2928 wrote to memory of 3036	2928	Unicorn-31027.exe	43
PID 2928 wrote to memory of 3036	2928	Unicorn-31027.exe	43

C:\Users\Admin\AppData\Local\Temp\2139f458312954b92f59beb0824003e2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2139f458312954b92f59beb0824003e2_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42673.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42673.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31027.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63820.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 200
        9⤵
        Program crash
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48335.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        9⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
        8⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12817.exe
        10⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
        11⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
        12⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50200.exe
        13⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
        8⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        8⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        9⤵
        
        PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20825.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61469.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55844.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
        8⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32937.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6159.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        10⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
        11⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35978.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        8⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        9⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30955.exe
        8⤵
        
        PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17121.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
        9⤵
        Executes dropped EXE
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13436.exe
        10⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        9⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48781.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30157.exe
        9⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10534.exe
        10⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        11⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41210.exe
        8⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        9⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30664.exe
        9⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56593.exe
        10⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38932.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38517.exe
        9⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        10⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18651.exe
        8⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57141.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4868.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11495.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
        7⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
        9⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52177.exe
        10⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
        7⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25881.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
        9⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
        10⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18267.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18604.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
        9⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
        10⤵
        
        PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1740
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9668.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10343.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52886.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58013.exe
        9⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
        8⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65501.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53737.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        9⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
        10⤵
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19830.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
        8⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        9⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33871.exe
        7⤵
        
        PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50883.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42916.exe
        9⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15522.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
        10⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31778.exe
        11⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
        12⤵
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35101.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16130.exe
        7⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
        9⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42907.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28382.exe
        7⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32788.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14519.exe
        8⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20768.exe
        6⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58636.exe
        7⤵
        
        PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63316.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57172.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16078.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        6⤵
        Executes dropped EXE
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
        7⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62964.exe
        8⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 188
        9⤵
        Program crash
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
        6⤵
        
        PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65330.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38216.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24686.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        7⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53633.exe
        6⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62528.exe
        7⤵
        
        PID:852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39185.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3877.exe
        6⤵
        
        PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe

Filesize
188KB

MD5
51ce2a42d492d57c33ba2f7cb9e9afe2

SHA1
35adc5552c74f09272a746f853b8d9a2e32cc381

SHA256
ea317b6eec550ee3a3b3f0ad5d1fbf137b0727ab79a22f328395b884f99bc61a

SHA512
f0b97b0a6b69ee91567037f5ae32f180c57829cb3afaa4ddcc5c66a8ca13a554d9474f43ab4d463a9d9c99a74aaece9d6b9d1eb6cf8a6343ca0c682429d4c33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20825.exe

Filesize
188KB

MD5
8a4ac0465e65a4221f40ac8f9c9d364e

SHA1
4e8316f1493f2be0eec3efc2bd6bb49ed97a16bc

SHA256
9c637f34a16157a2f2d44414566f82f7bb7bb85d3e29844250342a059ad3ca3b

SHA512
3d99e342da8ede25867bb3912c7287169157e9e8d435fd62ba682fd7ae9abe0b1710d7b50b23e9ca1f6bec25b75ba2cafff18071fa4c6235fa4b2da220ec81f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe

Filesize
188KB

MD5
b899365a745fb25728df1c7242c0c78d

SHA1
bb97f67e4fb016b9b3cf74b2bba780d3ebd26a18

SHA256
e4213ed5251f76f6d3cfadb5edbbca5864f79b9907ace3cd5b7ae2ed00516a33

SHA512
9f9b60146062fb1647f383f86c579ce07366a963423f5f945139d369b6255f4a8040146529cf38977abdeb441e4fba55158ef080195aadbb49dceca2495248fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe

Filesize
188KB

MD5
7348d36530827429d08c35f27530a45c

SHA1
3df1d3ebceef9c59f2a60596f8cf1809c7be7695

SHA256
f36a8da80a4dd3e3d90e6eb3e823697e1786f89d70d10bb63a4e6c78272bd405

SHA512
8a3272724c4635beff05d5e8941b2c6f1edd29f2b048bf365e46234c360640fd01875cc7397cc5a53e2cfc02ecb9e3a3f95f1e6b46e1d60a93c8a7046f8012df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10903.exe

Filesize
188KB

MD5
0a9e57e8beaba8a99ab554bdb00edca8

SHA1
27a909bfc42be333d533323116fe7ba00981bbba

SHA256
7dff6f004810cd420d5cbbc9b5e93b3054f3d8f90980f694ef330373f5e36eb3

SHA512
ef7a1d0a66cdd46052ac55e51611fa7aafd54e3c64655f865f2a84be95eb022ab30a8ac4df0ca86c27abe3694749a79cd08e678f8872e2a021e2fce117515db5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe

Filesize
188KB

MD5
b41238d71eb4b7111fb94fed5e79b91a

SHA1
b2d39a244e8943bfbe5d2273285ccf22e155a25d

SHA256
781efa5f56c77df3ba1131139d58231541d1748313014a764142bfc80b0807a9

SHA512
50b18f64b37ff7bf58d952702b0539e7a0f8ed2ecbacfb551d32d58bbdfe95b4231dfa2752c2da55a05d57b1f8df5c81dcf66f06d77f0a49079b66497828043c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21977.exe

Filesize
188KB

MD5
9201b40461c7acce4bfab97417a2cb17

SHA1
98af6ca67be45319a8f0fafbe057b12748ca25af

SHA256
138d4f20f5aaadd9388528a0cd3463a50760957d540e93db7640ed455de869f4

SHA512
8568620ee17a257f8234f92ea883823efa71a40e9d9ad890fae9a7f39bbdbef913d028c6bc32fc2f432939a5bcbfed5a26b2dc931692db15bf68029acd17a790

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe

Filesize
188KB

MD5
65a21643fea0cb9bc3aa7e4cf915d2d2

SHA1
03a9c691b1ab9278c1c0374ae292be9422f85354

SHA256
f406fcde610550db043445041db8ceafc1563ab98e6816c197934fd969e2b8a7

SHA512
994472b2ca236599af2ff666dff2a024e8de7c017fe11eebd2bf6592f5dc53a538e963bae8a25f8da62576e0f08b4c7829954d4cace45f944669067c38a21350

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31027.exe

Filesize
188KB

MD5
4bc0ff8fedda409e27dac00b9443c0ee

SHA1
0ef41941f61103960d917405f485b500d0fe3457

SHA256
6f47bf42bf85d26f30979b119abfd278d087460bb8c2aab13446905368631d65

SHA512
9ec83cbba410473106919f841d55d11541adc10e28d824967976f7e1bc0a0a31b9e85dd6852698bd1017cad2f2a2c413b3254b6451dc914d26eefa19bd13df6a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33222.exe

Filesize
188KB

MD5
3c251b74d4cf728154eab02a8afc8c31

SHA1
d662dba6165f470d47f8c15128001701610df84a

SHA256
d9f250476c28a14c0742f480494c9dfee9c10544c36ba177f4c3d743db0054d8

SHA512
f4e8362fb95a9076103073c0553278189a3cfb852698c27a75f7e73456803c22a27b63c45ed2501804d954e65d56923ced929f6eeb415276ac260fe938fa4e7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe

Filesize
188KB

MD5
fea931e868a73c0c30879471d309c792

SHA1
8d53c33f3c9d29355860518497be41a497a3c0e9

SHA256
a4f5f1f7f9787866353c16d4418dd69294faf81bf94e4fcc2742bd30a6bf83f9

SHA512
51bc6516af6e804c356996f1aa66442440cb6dcbc7c67012f301a6651b3a861b383996cb54b7918cfc6cf81520cedd9db55c8bd539a4f79c4bf84aacbd7e3e7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37306.exe

Filesize
188KB

MD5
ae95499e8d65855ddf4e567f4c9a9df8

SHA1
9b33c55faf255adf80a38034f78d043a63ef8ef2

SHA256
1a0c120e18d0729565f151de89edc0b88ea59ef5fb1fa634fc811c1168612f2b

SHA512
2a9821b1d574f5d427aa9ac4bb4cda9ef8e7d3b9ed82e000ae4d51d2e86bf5bafb6d09182f1740b9e9b14bce05c9be616b8a503228ea2066b0acede816382819

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40836.exe

Filesize
188KB

MD5
1b197580ff3d5f61727c36afce6c57f2

SHA1
55a0f7b531872c34325d825d4f3daca5c554f979

SHA256
f65bb7225fd06a4aa3b3a1681b65f5d54a36509c7da80e37db600aa7407e04e6

SHA512
4479cc8bdb727aa42249546b9a19c9999ba2ece8ab4f14d43b2fe0377c37bfba219d4fe59dabfb3ab9f0d1d26a821538dad9cbe5f59cedea83b1d539c822d510

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42673.exe

Filesize
188KB

MD5
738516b190633556545fa38503e05a30

SHA1
03e6f7042323184b37f8c15f185876ce57e69aad

SHA256
f9d1323b5e1e529b4e06fe49616d4ae1c032585b37470e0163394907fbf53767

SHA512
6e90aae5c1c9f3dfee6d451f8e7e6706e9aaf6029657c65b06ffd606105c979aa7a5ae9e44f705bc34799a13c5c3465b478a83326b834544a62b59d1e1f1e153

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57172.exe

Filesize
188KB

MD5
925ef780bc6e7a976ee83fd934638f1d

SHA1
e54d646f15b85edeab7ef13e526db541e0f7f391

SHA256
c2f7e6f1bba68fb45b0427abc1ae78e52aba303f5e365b7d141ec507b10dbe66

SHA512
0ee81cf496ee4a37e248a4109319097b1e0cdbb8caf96e2a2cdb92c006f9a902355bd72ef75fdffb096405f87f7a27dfef793b86c15605b539242504ae759045

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62953.exe

Filesize
188KB

MD5
7256a2cf0e1fa42965e76a2997f4b6b7

SHA1
7a97fa745148576874dfe1befbea63a5a0aab853

SHA256
b67143ee8bc1c89fefff8e2644a7eabf1b465d8b916e4a38b7f591118826045e

SHA512
0c5667bf01445f7020b733635ec848d498a1a22b95b45585e17c92b1bcef50396ed480f5f6e51b41ef3c868c8331cec84cf798c7928db520cdfaa11ac4298430

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63316.exe

Filesize
188KB

MD5
d9260b54014709dd500af9bbdb0e5a58

SHA1
ed6e86451f6177057af11848fd45262e4330504d

SHA256
c238a52dc5ad41c63eccf4d6d5335d4a72baf355351e42ff01783679a4e010c4

SHA512
2d8b1ec9e88e04c41422632866d6459be4ab502d0b011e41140ff5fa4847347c5ae6efd38856b21fb4d2df1ebea33a2d73143613f698f20d67fe4f749aa0a153

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9668.exe

Filesize
188KB

MD5
93eeadf67c56bcc7b34ba091a466a031

SHA1
56dd44e2d5498b002ee4bc1151d6b33b744c2d46

SHA256
10ff162d1d4dafb9fb0875e22c6c33d2c4e4774c3185bc200533ecae7234e44d

SHA512
320b78eab764425b2d3763ca3e31aabc9fc80d87a73f5e9c8331753e485a00580ab7af9541d9114feb627d29ffc9299f311aa9be58423e03574b520fa675ef9b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads