5e2bdc1ddde509a566b4e0bd930d788857b8dee51355e1d031a1d0b82e91af6a

Analysis

max time kernel
99s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe
Size

188KB
MD5

d47b9627ca90239860d4e98472dd7881
SHA1

f509f8a0bde621e38fe875e9b6c201ef3aa55eca
SHA256

5e2bdc1ddde509a566b4e0bd930d788857b8dee51355e1d031a1d0b82e91af6a
SHA512

472fbc7a16ad65f697ec32aa5985cd27c3a2f8be9e8d494da286b1ac58246bfc1d337b588b5c71b75d4f0e7cd576cf0a723022611293459792528c19ec8202b5
SSDEEP

3072:OrOYxn4qCMFwLtzuGwagBmcY9gLWs3uUVWkxy5PV/ylx32FZ:OrxxcowL4G7gBmAferylx32F

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2312	Unicorn-5613.exe
2512	Unicorn-51773.exe
2652	Unicorn-23739.exe
2536	Unicorn-23869.exe
2388	Unicorn-51903.exe
1188	Unicorn-60071.exe
2348	Unicorn-61114.exe
2704	Unicorn-1005.exe
2716	Unicorn-38508.exe
1652	Unicorn-47972.exe
1732	Unicorn-10468.exe
2424	Unicorn-29820.exe
1532	Unicorn-13483.exe
2904	Unicorn-50987.exe
2044	Unicorn-31055.exe
1248	Unicorn-60390.exe
2280	Unicorn-14526.exe
1008	Unicorn-2082.exe
2268	Unicorn-10250.exe
432	Unicorn-20317.exe
2228	Unicorn-8065.exe
820	Unicorn-35907.exe
544	Unicorn-19846.exe
2832	Unicorn-49181.exe
1312	Unicorn-56794.exe
1152	Unicorn-56602.exe
856	Unicorn-1096.exe
1108	Unicorn-25046.exe
868	Unicorn-4241.exe
2920	Unicorn-28231.exe
2928	Unicorn-27677.exe
2548	Unicorn-57012.exe
932	Unicorn-53525.exe
2968	Unicorn-240.exe
2824	Unicorn-987.exe
2080	Unicorn-29405.exe
2364	Unicorn-54656.exe
1724	Unicorn-41465.exe
2484	Unicorn-25404.exe
2916	Unicorn-38402.exe
2604	Unicorn-21128.exe
2740	Unicorn-50463.exe
464	Unicorn-53608.exe
2652	Unicorn-49332.exe
1112	Unicorn-12575.exe
1820	Unicorn-62331.exe
896	Unicorn-50079.exe
2620	Unicorn-9835.exe
1488	Unicorn-38232.exe
2700	Unicorn-51231.exe
1520	Unicorn-29872.exe
1192	Unicorn-13535.exe
1784	Unicorn-9814.exe
2180	Unicorn-5175.exe
1252	Unicorn-51252.exe
1672	Unicorn-64251.exe
1564	Unicorn-4874.exe
1348	Unicorn-10857.exe
2760	Unicorn-63587.exe
736	Unicorn-42783.exe
1796	Unicorn-52274.exe
2004	Unicorn-19971.exe
1604	Unicorn-51937.exe
2856	Unicorn-48450.exe

Loads dropped DLL 64 IoCs

pid	Process
2080	d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe
2080	d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe
2312	Unicorn-5613.exe
2312	Unicorn-5613.exe
2080	d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe
2080	d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe
2652	Unicorn-23739.exe
2512	Unicorn-51773.exe
2312	Unicorn-5613.exe
2312	Unicorn-5613.exe
2512	Unicorn-51773.exe
2652	Unicorn-23739.exe
2536	Unicorn-23869.exe
2536	Unicorn-23869.exe
1188	Unicorn-60071.exe
1188	Unicorn-60071.exe
2652	Unicorn-23739.exe
2652	Unicorn-23739.exe
2348	Unicorn-61114.exe
2536	Unicorn-23869.exe
2536	Unicorn-23869.exe
2348	Unicorn-61114.exe
2716	Unicorn-38508.exe
2716	Unicorn-38508.exe
2704	Unicorn-1005.exe
2704	Unicorn-1005.exe
1188	Unicorn-60071.exe
1188	Unicorn-60071.exe
1732	Unicorn-10468.exe
1732	Unicorn-10468.exe
2348	Unicorn-61114.exe
2348	Unicorn-61114.exe
1652	Unicorn-47972.exe
1652	Unicorn-47972.exe
1532	Unicorn-13483.exe
2424	Unicorn-29820.exe
1532	Unicorn-13483.exe
2424	Unicorn-29820.exe
2704	Unicorn-1005.exe
2704	Unicorn-1005.exe
2716	Unicorn-38508.exe
2716	Unicorn-38508.exe
2904	Unicorn-50987.exe
2904	Unicorn-50987.exe
2044	Unicorn-31055.exe
2044	Unicorn-31055.exe
1732	Unicorn-10468.exe
1732	Unicorn-10468.exe
1248	Unicorn-60390.exe
1248	Unicorn-60390.exe
2280	Unicorn-14526.exe
2280	Unicorn-14526.exe
1652	Unicorn-47972.exe
1652	Unicorn-47972.exe
432	Unicorn-20317.exe
432	Unicorn-20317.exe
2268	Unicorn-10250.exe
2268	Unicorn-10250.exe
2424	Unicorn-29820.exe
2424	Unicorn-29820.exe
820	Unicorn-35907.exe
820	Unicorn-35907.exe
2904	Unicorn-50987.exe
2904	Unicorn-50987.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2996	2680	WerFault.exe	100

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2080	d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe
2312	Unicorn-5613.exe
2512	Unicorn-51773.exe
2652	Unicorn-23739.exe
2536	Unicorn-23869.exe
1188	Unicorn-60071.exe
2348	Unicorn-61114.exe
2716	Unicorn-38508.exe
2704	Unicorn-1005.exe
1732	Unicorn-10468.exe
1652	Unicorn-47972.exe
2424	Unicorn-29820.exe
1532	Unicorn-13483.exe
2904	Unicorn-50987.exe
2044	Unicorn-31055.exe
1248	Unicorn-60390.exe
2280	Unicorn-14526.exe
2268	Unicorn-10250.exe
432	Unicorn-20317.exe
2228	Unicorn-8065.exe
1008	Unicorn-2082.exe
820	Unicorn-35907.exe
544	Unicorn-19846.exe
2832	Unicorn-49181.exe
1312	Unicorn-56794.exe
1152	Unicorn-56602.exe
856	Unicorn-1096.exe
868	Unicorn-4241.exe
1108	Unicorn-25046.exe
2920	Unicorn-28231.exe
2928	Unicorn-27677.exe
932	Unicorn-53525.exe
2824	Unicorn-987.exe
2548	Unicorn-57012.exe
2968	Unicorn-240.exe
2080	Unicorn-29405.exe
2364	Unicorn-54656.exe
1724	Unicorn-41465.exe
2484	Unicorn-25404.exe
2916	Unicorn-38402.exe
2740	Unicorn-50463.exe
2620	Unicorn-9835.exe
2652	Unicorn-49332.exe
2604	Unicorn-21128.exe
1112	Unicorn-12575.exe
896	Unicorn-50079.exe
2700	Unicorn-51231.exe
1784	Unicorn-9814.exe
464	Unicorn-53608.exe
1488	Unicorn-38232.exe
1820	Unicorn-62331.exe
1192	Unicorn-13535.exe
2180	Unicorn-5175.exe
1672	Unicorn-64251.exe
1520	Unicorn-29872.exe
1348	Unicorn-10857.exe
1252	Unicorn-51252.exe
2760	Unicorn-63587.exe
1564	Unicorn-4874.exe
736	Unicorn-42783.exe
1796	Unicorn-52274.exe
2004	Unicorn-19971.exe
2856	Unicorn-48450.exe
2520	Unicorn-61065.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2312	2080	d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe	28
PID 2080 wrote to memory of 2312	2080	d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe	28
PID 2080 wrote to memory of 2312	2080	d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe	28
PID 2080 wrote to memory of 2312	2080	d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe	28
PID 2312 wrote to memory of 2512	2312	Unicorn-5613.exe	29
PID 2312 wrote to memory of 2512	2312	Unicorn-5613.exe	29
PID 2312 wrote to memory of 2512	2312	Unicorn-5613.exe	29
PID 2312 wrote to memory of 2512	2312	Unicorn-5613.exe	29
PID 2080 wrote to memory of 2652	2080	d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe	30
PID 2080 wrote to memory of 2652	2080	d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe	30
PID 2080 wrote to memory of 2652	2080	d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe	30
PID 2080 wrote to memory of 2652	2080	d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe	30
PID 2312 wrote to memory of 2536	2312	Unicorn-5613.exe	33
PID 2312 wrote to memory of 2536	2312	Unicorn-5613.exe	33
PID 2312 wrote to memory of 2536	2312	Unicorn-5613.exe	33
PID 2312 wrote to memory of 2536	2312	Unicorn-5613.exe	33
PID 2512 wrote to memory of 2388	2512	Unicorn-51773.exe	32
PID 2512 wrote to memory of 2388	2512	Unicorn-51773.exe	32
PID 2512 wrote to memory of 2388	2512	Unicorn-51773.exe	32
PID 2512 wrote to memory of 2388	2512	Unicorn-51773.exe	32
PID 2652 wrote to memory of 1188	2652	Unicorn-23739.exe	31
PID 2652 wrote to memory of 1188	2652	Unicorn-23739.exe	31
PID 2652 wrote to memory of 1188	2652	Unicorn-23739.exe	31
PID 2652 wrote to memory of 1188	2652	Unicorn-23739.exe	31
PID 2536 wrote to memory of 2348	2536	Unicorn-23869.exe	34
PID 2536 wrote to memory of 2348	2536	Unicorn-23869.exe	34
PID 2536 wrote to memory of 2348	2536	Unicorn-23869.exe	34
PID 2536 wrote to memory of 2348	2536	Unicorn-23869.exe	34
PID 1188 wrote to memory of 2704	1188	Unicorn-60071.exe	35
PID 1188 wrote to memory of 2704	1188	Unicorn-60071.exe	35
PID 1188 wrote to memory of 2704	1188	Unicorn-60071.exe	35
PID 1188 wrote to memory of 2704	1188	Unicorn-60071.exe	35
PID 2652 wrote to memory of 2716	2652	Unicorn-23739.exe	36
PID 2652 wrote to memory of 2716	2652	Unicorn-23739.exe	36
PID 2652 wrote to memory of 2716	2652	Unicorn-23739.exe	36
PID 2652 wrote to memory of 2716	2652	Unicorn-23739.exe	36
PID 2536 wrote to memory of 1652	2536	Unicorn-23869.exe	38
PID 2536 wrote to memory of 1652	2536	Unicorn-23869.exe	38
PID 2536 wrote to memory of 1652	2536	Unicorn-23869.exe	38
PID 2536 wrote to memory of 1652	2536	Unicorn-23869.exe	38
PID 2348 wrote to memory of 1732	2348	Unicorn-61114.exe	37
PID 2348 wrote to memory of 1732	2348	Unicorn-61114.exe	37
PID 2348 wrote to memory of 1732	2348	Unicorn-61114.exe	37
PID 2348 wrote to memory of 1732	2348	Unicorn-61114.exe	37
PID 2716 wrote to memory of 2424	2716	Unicorn-38508.exe	39
PID 2716 wrote to memory of 2424	2716	Unicorn-38508.exe	39
PID 2716 wrote to memory of 2424	2716	Unicorn-38508.exe	39
PID 2716 wrote to memory of 2424	2716	Unicorn-38508.exe	39
PID 2704 wrote to memory of 1532	2704	Unicorn-1005.exe	40
PID 2704 wrote to memory of 1532	2704	Unicorn-1005.exe	40
PID 2704 wrote to memory of 1532	2704	Unicorn-1005.exe	40
PID 2704 wrote to memory of 1532	2704	Unicorn-1005.exe	40
PID 1188 wrote to memory of 2904	1188	Unicorn-60071.exe	41
PID 1188 wrote to memory of 2904	1188	Unicorn-60071.exe	41
PID 1188 wrote to memory of 2904	1188	Unicorn-60071.exe	41
PID 1188 wrote to memory of 2904	1188	Unicorn-60071.exe	41
PID 1732 wrote to memory of 2044	1732	Unicorn-10468.exe	42
PID 1732 wrote to memory of 2044	1732	Unicorn-10468.exe	42
PID 1732 wrote to memory of 2044	1732	Unicorn-10468.exe	42
PID 1732 wrote to memory of 2044	1732	Unicorn-10468.exe	42
PID 2348 wrote to memory of 1248	2348	Unicorn-61114.exe	43
PID 2348 wrote to memory of 1248	2348	Unicorn-61114.exe	43
PID 2348 wrote to memory of 1248	2348	Unicorn-61114.exe	43
PID 2348 wrote to memory of 1248	2348	Unicorn-61114.exe	43

C:\Users\Admin\AppData\Local\Temp\d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\d47b9627ca90239860d4e98472dd7881_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5613.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5613.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe
      4⤵
      Executes dropped EXE
      PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23869.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29405.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        10⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
        11⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
        9⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe
        10⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
        11⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
        10⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1370.exe
        11⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10857.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48040.exe
        9⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        10⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
        9⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        10⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54656.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63587.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64967.exe
        9⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41465.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42783.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
        9⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
        10⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe
        11⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8875.exe
        10⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        11⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
        12⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        9⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
        10⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        11⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        12⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
        13⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56721.exe
        9⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38402.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        8⤵
        
        PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56602.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21128.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40173.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57635.exe
        10⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55902.exe
        11⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
        10⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        11⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        12⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55222.exe
        9⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
        10⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        8⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
        7⤵
        Executes dropped EXE
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
        9⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11401.exe
        10⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56975.exe
        11⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50463.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52809.exe
        7⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
        8⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61828.exe
        7⤵
        
        PID:2560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53525.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29872.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53417.exe
        9⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35553.exe
        10⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9814.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
        8⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-987.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe
        8⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20317.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50987.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35907.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38232.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        9⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        10⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        11⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        12⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11448.exe
        13⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15808.exe
        9⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        10⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
        11⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
        8⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56597.exe
        7⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
        8⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51231.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7116.exe
        7⤵
        
        PID:2680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        8⤵
        Program crash
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        8⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60206.exe
        9⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        7⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49814.exe
        8⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4723.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22516.exe
        10⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        7⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-515.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
        8⤵
        
        PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4241.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5082.exe
        9⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29914.exe
        10⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23250.exe
        11⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37316.exe
        12⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
        7⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57650.exe
        8⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6581.exe
        8⤵
        
        PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8065.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-240.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51252.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22404.exe
        8⤵
        
        PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64251.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        6⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        7⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
        8⤵
        
        PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe

Filesize
188KB

MD5
edc9da57e3f88fcf6d59e883dfdb9e9f

SHA1
51dfc6a99affdba90fb501653db4495f4ad078e1

SHA256
3952fdf0def998f127b8f0d13c48b08d2c0fc4d302e712964a6e2c57abb30657

SHA512
6d483da0a64e1cb2107ce35d0f4ac0dca382798091ee5ee399798be38fbd72f495b9e7febb231c7378a8e8525d435fa424e9ab094b32cbb53b3762b72d95895c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe

Filesize
188KB

MD5
f11735701c20091109c2ee0739fa8e14

SHA1
cd787fadef80bc26396588e50f54b8c8e1d05900

SHA256
f093c25c5cae477d5555a6cd732809733eb76b9ca91f9bc019562b382e0f5369

SHA512
a9840d3e44ab9724949e754b582f8754a829abe23eaaf950bf56e7497e559d8ef5465385373f8e661d44f10a2c6e8f2d70803e0d0043b53dfa7529b3bbb0d0f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe

Filesize
188KB

MD5
6c762350b1f0c67a73afbea79442e0fa

SHA1
c5149eeddf80767950346302cd0de9b453541abd

SHA256
630282322ab6e095d44a6d7c6ef4a6f31a729c7a3ce3658087212de00216feb6

SHA512
8dc44ad3316919081d4c915aaf2a03ea4680ae79652c876565dff6786b5c6c5e337f2df921579abec207f518f2daffafdd145de2f9da663718d732fb2a5017f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23869.exe

Filesize
188KB

MD5
9d03f9e024db9ea0d415a004e50b86e3

SHA1
0de663230218b3c5ed7eff6cc1c9bca0d50478fa

SHA256
85553e9e45793b06abaa25db354fe57f2a194e8f602c63e154407c9896f42f72

SHA512
f7419b470aacd848a0317e56521a22ecc46a4fd47c430f8c3ffe9a04fd4089d239d41f6088781a359324b498a78d9e3ca0c0182c39e8f7b5bf40202415b58909

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe

Filesize
188KB

MD5
475e77b6ca821ab5e71f9fc8fda57608

SHA1
8641ad47a0c4427658ae4237bdbd52a09544b478

SHA256
d15304cd45cf2587534e63e78f322138e8aa4dfe7fabc453ad1534b947d44913

SHA512
2fa4736442494ab2dc04eb53b19a4ad114d7eb43766c6ac7c6f7f2a8d7c549bf6717dd2c95fc131897ddc9e65df86203974459069cdcfb53a8703579d3502270

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe

Filesize
188KB

MD5
c4285c3c63853f11acac11a47dfa86ed

SHA1
175c2779d3015cd36d776b2b3f3aa5dc7cc314e0

SHA256
f9e6b4c1e1f773c0fd8b395cc512f30ae9dff00a66aa098d68f2188d77410160

SHA512
8a284618982c808cdd1a998c42865720d07d5f0cc00f25eeccf7cfa9f5301a37e43f92af39b10d7c0ebd6c7e0cedaf5396b72e6eb33532986b5c5cf123143aa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe

Filesize
188KB

MD5
48e28822ec055bc1efbd35c60d751ff9

SHA1
7989ba5fd860ae1141c456a9064136e8ef7da086

SHA256
74e76c2f15712b81d7d47118cef2316698e710fc95c8bedc850b64856e3c23a6

SHA512
08fa52437717fa11259a10a0f3b37e93240faff6180d2eea99fd3e483ac1bf3da361431709a36798afc2432e9cebcbcb8e3cca046486a03d3752c0a0f07a55cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe

Filesize
188KB

MD5
622d66c7581024095f2fb38c28132854

SHA1
ef68e3f14c5f1c1799bb2869de7b5c76e1fe0480

SHA256
2f41df423046298d78cdf86dcba1712cf6f25a9851cd6072c55522d26ff61f30

SHA512
85a06768c74b1fea4f205dfdb198176fb848d5b6a853cd42089382e43b0af3cd23bd8b4b853069bae4fe34474d9d9b7306d9fcd8fc7afcae9833a375ab998364

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe

Filesize
188KB

MD5
1a64ae9a072bf9302016d340b2da6cd9

SHA1
58bed1d3b63e7589dd9f5e2bb2358e6d2ab346c2

SHA256
b6323e9f6b1220e7c62c45f2fba2678d021db4388b8d085b04a299b79da78f2e

SHA512
4dbd6be9cb0056f9fe2ac209b53fa80d2a920489269d5e09e1d300f0e2b56252f30c36447c442bbdafa6e5d0ca3e6037aa434a859f2ede56138622b22082ba4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5933.exe

Filesize
188KB

MD5
478962f14e3bd55a9616c8da8fcd0f76

SHA1
cb46c5b220cc80bafd1610e70fa09b320004afd2

SHA256
ec2351caf673a150a54d366a921dc0b2bc4359dbdeadea0f5333228791773d1c

SHA512
ddb89985f3d99e02d882ae6326f5dcb317a299c3ec65849958730474cbc6cbd0347bb835a45a4bdc45a40a66e500cb8ef56d739e59227b53e8e659b547e188e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe

Filesize
188KB

MD5
48fa65d08443ca7c9747b7c387cae674

SHA1
a9fe422e844bc5a70c9946932265d69d4dec6d26

SHA256
8ca346f1b55ac7005b6e465ce1c093928965743edbb05e6cd3d03141a83d0e32

SHA512
936b9481e7356c00f4b83ab7654531807aaaaf2baefc91be5cf470b2bc6f1db2d30595d1a5bd4c43a3eded164953c8f8b74c666fd246713952959c7ea0603446

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe

Filesize
188KB

MD5
3a5d6ed067149261940ed4c7f4ee4f12

SHA1
d5a029909be52d4d8e101910527bb459a91f156e

SHA256
e9318e970a779cf729874feff8d978b2d9139d3b7bcf0cda63f4a217d9d8379b

SHA512
bedcb822473c5640fc18b969d78eed2ae4c911a1c381875e17f30c9e9f9bc5cab7104962282616494e5eff8cc7f301484f301da7c1623b3dc00747c9af7dd0a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe

Filesize
188KB

MD5
ea8a07bb5c507c1db360de84bf7e3a7c

SHA1
1df7ec70320bd4039769458c93d2d5704a0071e9

SHA256
1e8d3bb1068b1b7a142a5d0a7b8f68f5d4ec52b3b6a83bbb619a0e9592e229c4

SHA512
217de4ac1d238d78e6f941190fc507c7fd2978313025dfc16be8f293172b559b12eb6fafa64c2aa48d8d79273c2f8f51f16a0fbd81aa2a2146a4c5c9b6c02c32

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2082.exe

Filesize
188KB

MD5
03bf0337732a36167fcc58c362392c0c

SHA1
124bb4a94e65d8e8d8f75efb0e406d7f837aeeee

SHA256
1d7a304d4787bf503873f675393860e9a7b1271de8c846261537f643a8d2aee5

SHA512
3bf549a46030b5139a6bd44d73b7af509e3b10b041a78af60639e0b2902c041a89c7e30acc016e21155a6fda1c5fc1661c322b8a197b052dccddfadf651eda1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe

Filesize
188KB

MD5
3fd56c99c9ee985aab44c673d42dc90e

SHA1
c7e5a44c08aa338555bcabf2c2503aa5ece10744

SHA256
9ce2046dbabaf78c71efa72a967939e5e7c7024766e064d6e9874f043bc5e1ca

SHA512
6bc7f0e74df3143ecd23e0eb08363376e1757e4820909790e6580b283ffad4de9ac7dcd52dc946f21c2caf6c6e40b103a3f46f005f2d10afd36428293d52f3a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe

Filesize
188KB

MD5
58f11cc7bc463fb49f6b1e1b07a23a41

SHA1
320c85835ee3c8b2955c16dfc91ec78cb3e6a881

SHA256
de3d4b841f4a0600a2a7574bf010dbfab8789208745d159419343e326a49d1cd

SHA512
fdba6e4dfeefb13a90d3f2b8d265860eaf79dc12cd71d970f92c0c8d4f9ee0c6179a6c9b68e0e3532e1aa7c84b9b1bb6fba3d58a2c87a1d52fb866a60f804240

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47972.exe

Filesize
188KB

MD5
b084a245a92915f9d10e6125b2fafb4a

SHA1
eb65865ae32cae61fbc10ca890b4c8c4919e8b78

SHA256
b2a7112ff3befde8ac8df958af2b6291103bb62a051ab69644b6fbdd9738a4eb

SHA512
e9eb3a99e60e0fed21aea5389d266c2b3e02dbddce667695e2d50515c1d18b9b79d337f35966d3a80beb50d81b72f8fcb3aa6d256c980c9f72d511809e9a080b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50987.exe

Filesize
188KB

MD5
e249dfd232c694d0c781278e8e698ec7

SHA1
05b95305cff728779671d45658fc209592f19bc6

SHA256
94942fab7b6033f02086c154e05850a6b2da85fa4305130c1a1ae6d18b3ac963

SHA512
745892552cb2a9c2810fd731b14836540e605b3cbd30db19804625972fb7ccad1db3982154fd8bca2c74b0344e2639953c32a82f6c089e99351d34a9da1d550d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51773.exe

Filesize
188KB

MD5
f70b94eca741c106934a5cd89bd74b4d

SHA1
a2fa77cc648ca84d7b5a5ca2a01934c3d8ea03dc

SHA256
67a23aa3422d56f8d4f8d2bcd1d65ada7a5b08d42f2324fd094f3961cef39ab6

SHA512
ef8bb738f0fc2c4744768575e07cd9050dfa5deb69ad7edb708f36ed441c7a11761cdb6cc0b57f5fc4c50e466aa2deddf6c08bd74a2de11deb7eaaee322956b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5613.exe

Filesize
188KB

MD5
d4c3d1f342710e411231f05f25904afb

SHA1
6304c7321b46c66a9d328f43852f902a7ec0d963

SHA256
324631e49c4d856530c8b9d5a53b1b7304c821b993c841add45136ee527ec7f7

SHA512
04a99a21fb75be8b7444b8b387b89e2f486e6f4e48008cc05dd5144290fa120cb9f23932ce5066e99a3dfab9086bc79aca053b4111ecfa2bb3f2f3600934f6b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe

Filesize
188KB

MD5
9bd91005e015afa9aba4f4b735a1d159

SHA1
dce79ac980be95f7cc6bd6a34adb68d07eafab2e

SHA256
306674ec85ad2fdd7b1299cedb49116b4b9924c533b92da2d10914fe3015cb69

SHA512
f1b5a111662415e2a6b6f82760a2f4163fbf20fad7d833fd72af2c96dc09d4d4fb5239db7a1bc14c50907602cbbfa11c8d349f1bbdc7b4f1e80cf04059782556

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe

Filesize
188KB

MD5
052959556fd0ee85710c29010e7140e4

SHA1
73cd0689100f22f7954e045ef6d1cd1c8fd64969

SHA256
4af3bb3867836b44721be7f699bb052ab5e451ae016cacfb2eddf37b5d801ec2

SHA512
c651edd0d62deaa68bd8d39f813ab43a376eb3b2fec0078cdfe28333b6684e641d52330f026f23aeb4c482c8fe18619f1318397d8a12961948d4cac102a832de

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads