38a75607fa7f3c61bae9b537dd4e50c2420d9c01f5393ce12aec29412f442280

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-04-2024 07:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe
Size

192KB
MD5

cda092c7891435e945f77fffb5597e15
SHA1

8ff420afc42112094fabf0084b3c5631dcac2bf8
SHA256

38a75607fa7f3c61bae9b537dd4e50c2420d9c01f5393ce12aec29412f442280
SHA512

3d29345cd994b2fc8799ba382997d3dc4ec81812d1d71263fc0b6dd8d4b8d3776e78e898fccefe4e7416c854cb2d76912796833a4f7fe3ee00978d86f58dd671
SSDEEP

3072:6eLColYGg5uibOjRqiQyu7865DSJQtWmpjxR5jVCllv1pFB:6emoU0ibmqnyu7/EYqllv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3032	Unicorn-1617.exe
2856	Unicorn-48208.exe
2604	Unicorn-53039.exe
2620	Unicorn-54425.exe
2476	Unicorn-52624.exe
2412	Unicorn-56153.exe
2952	Unicorn-21927.exe
1484	Unicorn-34240.exe
2352	Unicorn-52762.exe
1196	Unicorn-49233.exe
2632	Unicorn-3561.exe
2300	Unicorn-3447.exe
1980	Unicorn-39606.exe
2144	Unicorn-52731.exe
1252	Unicorn-11698.exe
844	Unicorn-41225.exe
2468	Unicorn-53115.exe
2732	Unicorn-15377.exe
1984	Unicorn-28393.exe
1660	Unicorn-551.exe
1308	Unicorn-61257.exe
1068	Unicorn-49436.exe
892	Unicorn-13426.exe
2908	Unicorn-10515.exe
2024	Unicorn-10899.exe
2168	Unicorn-52124.exe
2088	Unicorn-47251.exe
1732	Unicorn-17698.exe
1208	Unicorn-38864.exe
1596	Unicorn-44506.exe
1620	Unicorn-61034.exe
1700	Unicorn-8688.exe
2576	Unicorn-2897.exe
2600	Unicorn-56929.exe
2408	Unicorn-25586.exe
2416	Unicorn-25778.exe
2404	Unicorn-29539.exe
1168	Unicorn-39893.exe
804	Unicorn-24133.exe
1016	Unicorn-20411.exe
1644	Unicorn-16624.exe
1976	Unicorn-46343.exe
2568	Unicorn-9991.exe
2284	Unicorn-47687.exe
1944	Unicorn-26712.exe
1952	Unicorn-25150.exe
1684	Unicorn-61413.exe
1688	Unicorn-11060.exe
1576	Unicorn-15742.exe
1792	Unicorn-30926.exe
2744	Unicorn-15716.exe
3056	Unicorn-63541.exe
740	Unicorn-37854.exe
2012	Unicorn-43962.exe
2716	Unicorn-31573.exe
3048	Unicorn-39793.exe
3032	Unicorn-13337.exe
2836	Unicorn-13337.exe
556	Unicorn-63773.exe
1472	Unicorn-61848.exe
2768	Unicorn-51511.exe
872	Unicorn-17529.exe
1776	Unicorn-21411.exe
3036	Unicorn-5266.exe

Loads dropped DLL 64 IoCs

pid	Process
2876	cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe
2876	cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe
3032	Unicorn-1617.exe
3032	Unicorn-1617.exe
2876	cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe
2876	cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe
2856	Unicorn-48208.exe
2856	Unicorn-48208.exe
3032	Unicorn-1617.exe
2604	Unicorn-53039.exe
2604	Unicorn-53039.exe
3032	Unicorn-1617.exe
2620	Unicorn-54425.exe
2620	Unicorn-54425.exe
2856	Unicorn-48208.exe
2856	Unicorn-48208.exe
2412	Unicorn-56153.exe
2412	Unicorn-56153.exe
2604	Unicorn-53039.exe
2604	Unicorn-53039.exe
2476	Unicorn-52624.exe
2476	Unicorn-52624.exe
2952	Unicorn-21927.exe
2952	Unicorn-21927.exe
2620	Unicorn-54425.exe
2620	Unicorn-54425.exe
2352	Unicorn-52762.exe
2352	Unicorn-52762.exe
1484	Unicorn-34240.exe
1484	Unicorn-34240.exe
2412	Unicorn-56153.exe
2412	Unicorn-56153.exe
2632	Unicorn-3561.exe
2632	Unicorn-3561.exe
2476	Unicorn-52624.exe
2476	Unicorn-52624.exe
1396	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
1396	WerFault.exe
2300	Unicorn-3447.exe
2300	Unicorn-3447.exe
2952	Unicorn-21927.exe
2952	Unicorn-21927.exe
1980	Unicorn-39606.exe
1980	Unicorn-39606.exe
2144	Unicorn-52731.exe
2144	Unicorn-52731.exe
2352	Unicorn-52762.exe
2352	Unicorn-52762.exe
844	Unicorn-41225.exe
844	Unicorn-41225.exe
2732	Unicorn-15377.exe
2732	Unicorn-15377.exe
2468	Unicorn-53115.exe
2468	Unicorn-53115.exe
2632	Unicorn-3561.exe
2632	Unicorn-3561.exe
1984	Unicorn-28393.exe
1984	Unicorn-28393.exe
2300	Unicorn-3447.exe
2300	Unicorn-3447.exe
1660	Unicorn-551.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1396	1196	WerFault.exe	37

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2876	cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe
3032	Unicorn-1617.exe
2856	Unicorn-48208.exe
2604	Unicorn-53039.exe
2620	Unicorn-54425.exe
2476	Unicorn-52624.exe
2412	Unicorn-56153.exe
2952	Unicorn-21927.exe
1484	Unicorn-34240.exe
2352	Unicorn-52762.exe
1196	Unicorn-49233.exe
2632	Unicorn-3561.exe
2300	Unicorn-3447.exe
1980	Unicorn-39606.exe
2144	Unicorn-52731.exe
844	Unicorn-41225.exe
2732	Unicorn-15377.exe
2468	Unicorn-53115.exe
1984	Unicorn-28393.exe
1308	Unicorn-61257.exe
1660	Unicorn-551.exe
1068	Unicorn-49436.exe
892	Unicorn-13426.exe
2908	Unicorn-10515.exe
2024	Unicorn-10899.exe
2168	Unicorn-52124.exe
2088	Unicorn-47251.exe
1732	Unicorn-17698.exe
1208	Unicorn-38864.exe
1596	Unicorn-44506.exe
1620	Unicorn-61034.exe
1700	Unicorn-8688.exe
2576	Unicorn-2897.exe
2600	Unicorn-56929.exe
2404	Unicorn-29539.exe
2408	Unicorn-25586.exe
804	Unicorn-24133.exe
2568	Unicorn-9991.exe
2416	Unicorn-25778.exe
1644	Unicorn-16624.exe
2284	Unicorn-47687.exe
1944	Unicorn-26712.exe
1976	Unicorn-46343.exe
1168	Unicorn-39893.exe
1016	Unicorn-20411.exe
1684	Unicorn-61413.exe
1688	Unicorn-11060.exe
2744	Unicorn-15716.exe
740	Unicorn-37854.exe
3032	Unicorn-13337.exe
2716	Unicorn-31573.exe
1952	Unicorn-25150.exe
1576	Unicorn-15742.exe
556	Unicorn-63773.exe
1792	Unicorn-30926.exe
2768	Unicorn-51511.exe
3056	Unicorn-63541.exe
2012	Unicorn-43962.exe
3048	Unicorn-39793.exe
2836	Unicorn-13337.exe
1472	Unicorn-61848.exe
872	Unicorn-17529.exe
1776	Unicorn-21411.exe
2740	Unicorn-37939.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 3032	2876	cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe	28
PID 2876 wrote to memory of 3032	2876	cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe	28
PID 2876 wrote to memory of 3032	2876	cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe	28
PID 2876 wrote to memory of 3032	2876	cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe	28
PID 3032 wrote to memory of 2856	3032	Unicorn-1617.exe	29
PID 3032 wrote to memory of 2856	3032	Unicorn-1617.exe	29
PID 3032 wrote to memory of 2856	3032	Unicorn-1617.exe	29
PID 3032 wrote to memory of 2856	3032	Unicorn-1617.exe	29
PID 2876 wrote to memory of 2604	2876	cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe	30
PID 2876 wrote to memory of 2604	2876	cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe	30
PID 2876 wrote to memory of 2604	2876	cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe	30
PID 2876 wrote to memory of 2604	2876	cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe	30
PID 2856 wrote to memory of 2620	2856	Unicorn-48208.exe	31
PID 2856 wrote to memory of 2620	2856	Unicorn-48208.exe	31
PID 2856 wrote to memory of 2620	2856	Unicorn-48208.exe	31
PID 2856 wrote to memory of 2620	2856	Unicorn-48208.exe	31
PID 2604 wrote to memory of 2412	2604	Unicorn-53039.exe	33
PID 2604 wrote to memory of 2412	2604	Unicorn-53039.exe	33
PID 2604 wrote to memory of 2412	2604	Unicorn-53039.exe	33
PID 2604 wrote to memory of 2412	2604	Unicorn-53039.exe	33
PID 3032 wrote to memory of 2476	3032	Unicorn-1617.exe	32
PID 3032 wrote to memory of 2476	3032	Unicorn-1617.exe	32
PID 3032 wrote to memory of 2476	3032	Unicorn-1617.exe	32
PID 3032 wrote to memory of 2476	3032	Unicorn-1617.exe	32
PID 2620 wrote to memory of 2952	2620	Unicorn-54425.exe	34
PID 2620 wrote to memory of 2952	2620	Unicorn-54425.exe	34
PID 2620 wrote to memory of 2952	2620	Unicorn-54425.exe	34
PID 2620 wrote to memory of 2952	2620	Unicorn-54425.exe	34
PID 2856 wrote to memory of 1484	2856	Unicorn-48208.exe	35
PID 2856 wrote to memory of 1484	2856	Unicorn-48208.exe	35
PID 2856 wrote to memory of 1484	2856	Unicorn-48208.exe	35
PID 2856 wrote to memory of 1484	2856	Unicorn-48208.exe	35
PID 2412 wrote to memory of 2352	2412	Unicorn-56153.exe	36
PID 2412 wrote to memory of 2352	2412	Unicorn-56153.exe	36
PID 2412 wrote to memory of 2352	2412	Unicorn-56153.exe	36
PID 2412 wrote to memory of 2352	2412	Unicorn-56153.exe	36
PID 2604 wrote to memory of 1196	2604	Unicorn-53039.exe	37
PID 2604 wrote to memory of 1196	2604	Unicorn-53039.exe	37
PID 2604 wrote to memory of 1196	2604	Unicorn-53039.exe	37
PID 2604 wrote to memory of 1196	2604	Unicorn-53039.exe	37
PID 2476 wrote to memory of 2632	2476	Unicorn-52624.exe	38
PID 2476 wrote to memory of 2632	2476	Unicorn-52624.exe	38
PID 2476 wrote to memory of 2632	2476	Unicorn-52624.exe	38
PID 2476 wrote to memory of 2632	2476	Unicorn-52624.exe	38
PID 2952 wrote to memory of 2300	2952	Unicorn-21927.exe	39
PID 2952 wrote to memory of 2300	2952	Unicorn-21927.exe	39
PID 2952 wrote to memory of 2300	2952	Unicorn-21927.exe	39
PID 2952 wrote to memory of 2300	2952	Unicorn-21927.exe	39
PID 2620 wrote to memory of 1980	2620	Unicorn-54425.exe	40
PID 2620 wrote to memory of 1980	2620	Unicorn-54425.exe	40
PID 2620 wrote to memory of 1980	2620	Unicorn-54425.exe	40
PID 2620 wrote to memory of 1980	2620	Unicorn-54425.exe	40
PID 2352 wrote to memory of 2144	2352	Unicorn-52762.exe	41
PID 2352 wrote to memory of 2144	2352	Unicorn-52762.exe	41
PID 2352 wrote to memory of 2144	2352	Unicorn-52762.exe	41
PID 2352 wrote to memory of 2144	2352	Unicorn-52762.exe	41
PID 1484 wrote to memory of 1252	1484	Unicorn-34240.exe	42
PID 1484 wrote to memory of 1252	1484	Unicorn-34240.exe	42
PID 1484 wrote to memory of 1252	1484	Unicorn-34240.exe	42
PID 1484 wrote to memory of 1252	1484	Unicorn-34240.exe	42
PID 2412 wrote to memory of 844	2412	Unicorn-56153.exe	43
PID 2412 wrote to memory of 844	2412	Unicorn-56153.exe	43
PID 2412 wrote to memory of 844	2412	Unicorn-56153.exe	43
PID 2412 wrote to memory of 844	2412	Unicorn-56153.exe	43

C:\Users\Admin\AppData\Local\Temp\cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\cda092c7891435e945f77fffb5597e15_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54425.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17698.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63773.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21411.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20804.exe
        13⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
        14⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33802.exe
        12⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35381.exe
        13⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57144.exe
        14⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47687.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
        9⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17701.exe
        10⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49626.exe
        11⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18445.exe
        12⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
        10⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
        11⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7527.exe
        12⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38864.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37854.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5266.exe
        11⤵
        Executes dropped EXE
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28588.exe
        12⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
        13⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3419.exe
        14⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
        15⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27315.exe
        16⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24778.exe
        13⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52151.exe
        14⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56330.exe
        12⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41650.exe
        13⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38119.exe
        14⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        15⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
        11⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
        12⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-551.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44506.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59532.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25205.exe
        10⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61848.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30129.exe
        9⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
        10⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61257.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61034.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25150.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        10⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
        11⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7527.exe
        12⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31573.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
        10⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9117.exe
        11⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8510.exe
        12⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28031.exe
        13⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
        11⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
        12⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24674.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
        10⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16430.exe
        11⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
        12⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30926.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
        8⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe
        9⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20299.exe
        10⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13047.exe
        11⤵
        
        PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe
        5⤵
        Executes dropped EXE
        
        PID:1252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3561.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16624.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
        9⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        10⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55332.exe
        11⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38088.exe
        12⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
        11⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48001.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
        8⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        9⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63985.exe
        10⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe
        11⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64332.exe
        7⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
        8⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15861.exe
        8⤵
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47251.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24133.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13337.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9968.exe
        10⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
        11⤵
        
        PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10899.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39893.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48302.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe
        8⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        9⤵
        
        PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20411.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32158.exe
        6⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49351.exe
        7⤵
        
        PID:2732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49436.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
        8⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        9⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49626.exe
        10⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
        11⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
        9⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28441.exe
        10⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56929.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43962.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60684.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        9⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        10⤵
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13426.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25586.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39793.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38022.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9475.exe
        10⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17632.exe
        8⤵
        
        PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41225.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41225.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25778.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22838.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe
        9⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16973.exe
        7⤵
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54825.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
        8⤵
        
        PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49233.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1196
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 244
      4⤵
      Loads dropped DLL
      Program crash
      PID:1396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-34240.exe

Filesize
192KB

MD5
dfa77d8ba49736be406c1712de306fab

SHA1
248846a55e2418294d62aaf6ad3908ccd8bffd4c

SHA256
2fe5488094fac782a1d47409987fbc2a9d2bc6bce86840c107ec31a269596e4d

SHA512
00561c4e219de938197da3b90ab284a10937cb9b5b1eb1869f3c4bdc401d39ef3a71e9d4619ae9bd1609760b36eeaf29be69c561af559e21680da4634529a1ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3561.exe

Filesize
192KB

MD5
c9aa83fa7712ef3f03fcb448f3bf5f1b

SHA1
9ec81a1c68099bb76d76cb0ad2a261613aba9954

SHA256
51d7d3bfb8c70e216f8120241f3fab268081a21db3931c56614f3783750260b8

SHA512
03184c276486dffdf3cfa2d9edd11019652d658a6864a03ac131aefed8c5a2c0fb0f40f8648126a85ec7442bb15b2302dd4a3eefacaabd0236e5dc6436ee75c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe

Filesize
192KB

MD5
75792aa7c1cc05f93f0f85297359d97d

SHA1
8c59d437182bfc9f112422c59ef412d62a9f4407

SHA256
5ff578a76ec917dc26ce8e800282d173db14c346acdf6b338648431a54d81419

SHA512
086e9c8f23604e2b256ca3b5a161925906fdf89eece24650c8bc3bf9b12ed39cd1d597b030a071a21b9c002d1a9969951dd194fc785b97efef706b5bcef5a19e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49233.exe

Filesize
192KB

MD5
7eaf594aff345b44490b2ddf73afec54

SHA1
e5cad92c0b58a8a0eea36db4daab92875139f119

SHA256
1705b058a36ad74059d432cd2cc889e8a14cbb404a5657faa998fb06881a4f09

SHA512
2359a54f17e922e90303949ad75a6c28e1fa5bd62c27381153ec727afe23449402d5d4065eda70529ae2ffc7b3ff5d5fdab769b8d142e13e403f51fd54899e17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe

Filesize
192KB

MD5
ec6d105bb7519c2eefdc073b44dd2438

SHA1
288b72a658bdb610fa1b5e3555c3023345bae063

SHA256
fdcad8c3147884ffa6a666bc77001155ad46fbb533b4315c528892bdb1a57898

SHA512
b3717fb88ad7d7410ea0e439d18c456620c3c5ebc44a502423732bed753759500503b1b534b60e0a3aefc3b13a7dfeedb670317a9c44d6543a5cd5970750859a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58757.exe

Filesize
192KB

MD5
b29b1c8419c26290336326eb8ae28511

SHA1
e9b73a2e0caaf1164edbe598900adbea5c195394

SHA256
0af20eac9c5a14374563fb592ed2328a116a75b86e9ad38b5834781dfee6912c

SHA512
7f0d9f565dfae108a0f934832f4ecf819090e4a4fbfa120336342a6383941a81662f50afcb8286bdb2c61f97edee4824f076d0e8e2e9f88e370daffa09ec55be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11698.exe

Filesize
192KB

MD5
f70f7cb1397beda71a080544136e5d3b

SHA1
43944ef169a180dae3277478d4ad00479d1e15b3

SHA256
cb8efa36c7d749a168f959bf3208f8496c0bdb48b34bf4ac4f6939403bc3b989

SHA512
26f72272dbfee420020be16b23f0478adaa9a57d0768fb00e0aae3a659eb056d700952be957157f9690460dada1593d26a8ad40074d089b0eafb2d3b04be276f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15377.exe

Filesize
192KB

MD5
679be5219d3a6992f905834a44618044

SHA1
caaf5801bb1495124d8620b7e322c14aa6a12330

SHA256
d2dae926f7e4de2b10f192e8ed16de2bc4213ee224da576a1ca6fbe0c9e2b68a

SHA512
366e5f055b69c564e9c05dd44748791bc0345270eec51018d03828892d172bf4c3ab1758eeb747f4c786d36bebdb155b634dbea6fa4e6329c305764e49ee50d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe

Filesize
192KB

MD5
4a7e5d0db9da3bb5e0b5eec58ab056ff

SHA1
19753d4d431ea47c64c215556b865ae0fa4cd72b

SHA256
52955efff9da2ae3959238845f399d43448e4655facbcc3c2fe2a76c6e57d147

SHA512
6136e2cc66b8bb8089f8d1180f43403d77454cde7a92d910d76a1b9200df680ac20c3d2c12a72f530784f43422970f7d11b6cb6a0e48ebeb726829ab25623c0d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe

Filesize
192KB

MD5
5ba9a66744447f3077026c53fdcac8bb

SHA1
34f2575358e3c471cb8db6175301531234ede4b7

SHA256
eb6147945b560ada0ed4486629a455e2696137fc621c2f1dd015f6a55251fbca

SHA512
ffccc1e16cf4a84826157e7b898a7b6019b6d5f0f3056b78b1e58504832e4d2b1a730f190565520774fe5d78d977add4230996e0bc5d224240ebbb8534514827

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe

Filesize
192KB

MD5
d02e82d78c4762b307410be34872fec0

SHA1
431dc18732568b25da2fe66baa2ddf3a928c9c66

SHA256
0edfcf74f0e07fcae8add78b406c088a9d652654dcae597f802f64e5e3e64abc

SHA512
49ddd5ca2af171f290a15dd2ee8471405cc8319cf534b69b20540b6a96f2467278eb3b59fcef0c55cd410060c0669cc3923121094907ceeb04529a6d9ceef891

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe

Filesize
192KB

MD5
cdb969049140b3640a8272e16ea0317e

SHA1
6d2dbe0b049bb3af6b58c207a99b22ad0dadc08f

SHA256
20209a1831f92fd5ae98b7d8ebb96f8683d6d1af99055983d58f7a19037a0689

SHA512
af91c88014fbfee5d8735a52d88320630083ba4e9b4fef3069b18aaff93612dd67a0a41681a0867cbef6678c20090285e16e6a9246c6e9e34e3a287819c8be27

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41225.exe

Filesize
192KB

MD5
6d28b6ddd961bf57562a70bc94e8ef72

SHA1
3fbb6566738e4f3e2ae9ed448c9be029523db7af

SHA256
fd0e4c858004468bfea76f9fd22fe170cec527873ea3691f08d77d858bfd5652

SHA512
163379808593d47dc16c99914b675c363b44860b371b4c82be332be5e4bc22c5f4393dae323d8bc2d238af60148189398145901e96ace239f8d467fe5e71459c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe

Filesize
192KB

MD5
13525da49002dc552bbd2dc353b9b07d

SHA1
b6aeddf27907a0d9a5b838b22782f18839b63a24

SHA256
65bfcccf375a8925333fe1a74af6acaf0366617ca7b35c0c4d6022fd2361578d

SHA512
9168b0ad2725f9541e4ebd5a01a4fb660f40e8f2aa13f95f37930054f1b807907e73946971fdd39fac2c56a57479a5edef539eff18536644909a59f5527a6d04

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe

Filesize
192KB

MD5
8b29070a2a6cffad517e926d0335ba5a

SHA1
ed95782652d1b340347d780726056313cc9ce6d3

SHA256
39f806fd4b8ac1fb8d4a33d3fc6e53f02aaac730b87a8feb76e422924c50dd24

SHA512
98ff784c8ebad51a0360540110aecc543d964740527eca021a3894fbb6270be6481dc8bedadfebbf573c41f442fc16435f1e2de05a04057fcb27e4fc313b9e66

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe

Filesize
192KB

MD5
5d5e6670e438c14b7e79c5c353b53e99

SHA1
aa5e100b3797812322f1078afb5012ac8d8ab850

SHA256
47c4f74330fe318ceaff04cf244bf7ffe15a2a6e5edf8d07179e671e42e3a247

SHA512
7250073e259fab27a2cf767329739c5d21763c54046a9ef7445ee614ed05066ac4b5ce37ad0dfaf919f866d2920679fe4c1180380784b051e2835b7a3893e21a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe

Filesize
192KB

MD5
96fa730cefef8484c243a1da2b669ef1

SHA1
b48bee8f9e9f7f99bca63fa12c55a6959dcbe052

SHA256
d7e2d17855f0ab803144ce7e5735646b6d489cea4b1c277b567ec0e23c3c578e

SHA512
3c347acfce74ceae43e1afd920ecda814ac457d821aa68f01dfb753df73fb9a409b12424cfbd041a884657d2527996102d88372e81a9b471c16f963dd3912750

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53039.exe

Filesize
192KB

MD5
cb64c661af327417cf34c0e567239725

SHA1
b1ad9c502805e6d6d300b614b6bd6f77335b0d38

SHA256
8dd80ee3e74313d40351e91549efe255a44ae85dffcdb442db3136f1674eb4a9

SHA512
ad159f7804a8dffc851dd43549c1b2973c1f5c257afb8881b674776e12b9887178c5f8c66953e7fb558f53a4c537330eb45ab7affe9fe4a5cf8988cc17dd7780

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe

Filesize
192KB

MD5
84476766ecec8387c90d0ca5915d8050

SHA1
0c874018910c978d8e4c09e67ea32df0694ba6c0

SHA256
5db314f57bca4b79cae05384702a0abb425b0d379bb191f9e8733a37c5c42cdf

SHA512
524b7d7f7f38b874fecfa7f046499375684563cb46d35707ea8b45bba5e6603fc13d7b59a202bd2588cad941cc4a1743306cd7d92f4a6466db7ffe30d99f4595

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54425.exe

Filesize
192KB

MD5
577e951ebfd13565f6421ce68d0e2cdb

SHA1
4068ac316d521113845f0c6b20476f450734c8e7

SHA256
d1ea05d3c22e92643575d76895ee23f0531c45fedb9a29e29372ce9ef0b31b30

SHA512
4c52ea44b41931ce78550d1ce5e6e0acaa7c4cded4f5c2ece880a71d89463247a6c173cf9e211d16c792acfc31cc918c4959b06680728663fb5dc72c548ef094

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56153.exe

Filesize
192KB

MD5
a627c4cdbdb96984d3ca99281cf0a017

SHA1
9a15f4fc0477a4623f8e64bccff52486332a3bde

SHA256
b07f4ebaf564b418a8fbaa9f1629a291aa7601316a9b2fb31a01b22a744f26b2

SHA512
bfe4e3be321049bb64672949a95fdc15110bd2bffeeac10a22d89468da84cb6844dbe0cba32ff69072725abcaf506a234ab707bcba14a03238bdb5fc692da8e2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads