ae3a33cc64745de17149a0aaae3b1311bdec3f37d9808711be9846f1306a54b0

Analysis

max time kernel
152s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 11:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe
Size

184KB
MD5

ed4dfd445157775b4a5b7733245c5705
SHA1

6f44d654e59921c32dc96ff48e3d703059d89a2b
SHA256

ae3a33cc64745de17149a0aaae3b1311bdec3f37d9808711be9846f1306a54b0
SHA512

9bd3dd3e81457a35a6109992a6558d9bb0b2309b54aa1f261ceeb60a0d7262a07839b1997d791727d990a550ca49e73566f8d6d05bc54295ca4bd027d242ed09
SSDEEP

3072:YPdXoVImf/t2oePaH8LI3fcZChJLMLvclSQqxKELnK0lP6pif:YPRoTV2oFHL3fc7sp70lP6pi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3012	Unicorn-29550.exe
2540	Unicorn-54967.exe
2572	Unicorn-17464.exe
2468	Unicorn-26133.exe
2716	Unicorn-17965.exe
2544	Unicorn-59552.exe
1656	Unicorn-725.exe
2780	Unicorn-25784.exe
2992	Unicorn-16870.exe
2088	Unicorn-50289.exe
2180	Unicorn-26107.exe
580	Unicorn-21120.exe
536	Unicorn-4783.exe
2752	Unicorn-33926.exe
1004	Unicorn-35270.exe
1976	Unicorn-55136.exe
828	Unicorn-63859.exe
2404	Unicorn-18188.exe
2336	Unicorn-24265.exe
2884	Unicorn-46776.exe
2328	Unicorn-58473.exe
1512	Unicorn-63112.exe
948	Unicorn-50668.exe
1292	Unicorn-33393.exe
1928	Unicorn-9443.exe
696	Unicorn-21141.exe
2012	Unicorn-12972.exe
2384	Unicorn-4612.exe
876	Unicorn-59521.exe
1196	Unicorn-393.exe
3004	Unicorn-41234.exe
2692	Unicorn-25452.exe
2704	Unicorn-12453.exe
2588	Unicorn-58125.exe
2592	Unicorn-1078.exe
2464	Unicorn-54726.exe
2460	Unicorn-13138.exe
1044	Unicorn-45811.exe
2476	Unicorn-56070.exe
2960	Unicorn-14482.exe
2644	Unicorn-31373.exe
2672	Unicorn-51239.exe
2656	Unicorn-38795.exe
2660	Unicorn-14845.exe
1748	Unicorn-26543.exe
2728	Unicorn-45448.exe
1388	Unicorn-21498.exe
564	Unicorn-8499.exe
2204	Unicorn-20560.exe
1716	Unicorn-2038.exe
1636	Unicorn-25988.exe
1720	Unicorn-17820.exe
1868	Unicorn-26350.exe
608	Unicorn-54384.exe
2292	Unicorn-17990.exe
1780	Unicorn-17436.exe
1528	Unicorn-63107.exe
1792	Unicorn-35993.exe
2916	Unicorn-23549.exe
2236	Unicorn-3683.exe
1764	Unicorn-60860.exe
2240	Unicorn-7020.exe
2780	Unicorn-2936.exe
1048	Unicorn-55344.exe

Loads dropped DLL 64 IoCs

pid	Process
2408	ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe
2408	ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe
2408	ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe
3012	Unicorn-29550.exe
2408	ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe
3012	Unicorn-29550.exe
2540	Unicorn-54967.exe
2540	Unicorn-54967.exe
3012	Unicorn-29550.exe
3012	Unicorn-29550.exe
2572	Unicorn-17464.exe
2572	Unicorn-17464.exe
2468	Unicorn-26133.exe
2468	Unicorn-26133.exe
2540	Unicorn-54967.exe
2540	Unicorn-54967.exe
2544	Unicorn-59552.exe
2544	Unicorn-59552.exe
2572	Unicorn-17464.exe
2572	Unicorn-17464.exe
2716	Unicorn-17965.exe
2716	Unicorn-17965.exe
2780	Unicorn-25784.exe
2780	Unicorn-25784.exe
1656	Unicorn-725.exe
1656	Unicorn-725.exe
2468	Unicorn-26133.exe
2468	Unicorn-26133.exe
2992	Unicorn-16870.exe
2544	Unicorn-59552.exe
2544	Unicorn-59552.exe
2992	Unicorn-16870.exe
2716	Unicorn-17965.exe
2088	Unicorn-50289.exe
2716	Unicorn-17965.exe
2088	Unicorn-50289.exe
580	Unicorn-21120.exe
580	Unicorn-21120.exe
2780	Unicorn-25784.exe
2780	Unicorn-25784.exe
536	Unicorn-4783.exe
536	Unicorn-4783.exe
1656	Unicorn-725.exe
1656	Unicorn-725.exe
2180	Unicorn-26107.exe
2180	Unicorn-26107.exe
1876	WerFault.exe
1876	WerFault.exe
1876	WerFault.exe
1876	WerFault.exe
2404	Unicorn-18188.exe
2404	Unicorn-18188.exe
1876	WerFault.exe
2088	Unicorn-50289.exe
2088	Unicorn-50289.exe
1004	Unicorn-35270.exe
1004	Unicorn-35270.exe
828	Unicorn-63859.exe
828	Unicorn-63859.exe
1976	Unicorn-55136.exe
1976	Unicorn-55136.exe
2992	Unicorn-16870.exe
2992	Unicorn-16870.exe
2336	Unicorn-24265.exe

Program crash 15 IoCs

pid	pid_target	Process	procid_target
1876	2752	WerFault.exe	41
772	536	WerFault.exe	40
1440	2328	WerFault.exe	48
1544	1656	WerFault.exe	34
2892	1196	WerFault.exe	58
768	608	WerFault.exe	83
560	2704	WerFault.exe	61
2052	2292	WerFault.exe	84
2376	2588	WerFault.exe	62
2280	1636	WerFault.exe	79
2100	2728	WerFault.exe	75
3836	1660	WerFault.exe	120
3364	1964	WerFault.exe	118
2156	4068	WerFault.exe	146
3916	1984	WerFault.exe	168

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2408	ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe
3012	Unicorn-29550.exe
2540	Unicorn-54967.exe
2572	Unicorn-17464.exe
2468	Unicorn-26133.exe
2544	Unicorn-59552.exe
2716	Unicorn-17965.exe
1656	Unicorn-725.exe
2780	Unicorn-25784.exe
2992	Unicorn-16870.exe
2088	Unicorn-50289.exe
2180	Unicorn-26107.exe
580	Unicorn-21120.exe
536	Unicorn-4783.exe
2752	Unicorn-33926.exe
1976	Unicorn-55136.exe
1004	Unicorn-35270.exe
2404	Unicorn-18188.exe
828	Unicorn-63859.exe
2336	Unicorn-24265.exe
2884	Unicorn-46776.exe
2328	Unicorn-58473.exe
948	Unicorn-50668.exe
1292	Unicorn-33393.exe
1928	Unicorn-9443.exe
696	Unicorn-21141.exe
2012	Unicorn-12972.exe
2384	Unicorn-4612.exe
876	Unicorn-59521.exe
1196	Unicorn-393.exe
2692	Unicorn-25452.exe
3004	Unicorn-41234.exe
2592	Unicorn-1078.exe
2588	Unicorn-58125.exe
2704	Unicorn-12453.exe
1044	Unicorn-45811.exe
2464	Unicorn-54726.exe
2960	Unicorn-14482.exe
2460	Unicorn-13138.exe
2476	Unicorn-56070.exe
2644	Unicorn-31373.exe
2660	Unicorn-14845.exe
2672	Unicorn-51239.exe
2656	Unicorn-38795.exe
1748	Unicorn-26543.exe
2728	Unicorn-45448.exe
1388	Unicorn-21498.exe
564	Unicorn-8499.exe
2204	Unicorn-20560.exe
1636	Unicorn-25988.exe
1720	Unicorn-17820.exe
1716	Unicorn-2038.exe
1868	Unicorn-26350.exe
608	Unicorn-54384.exe
1780	Unicorn-17436.exe
2292	Unicorn-17990.exe
2916	Unicorn-23549.exe
2764	Unicorn-40247.exe
1792	Unicorn-35993.exe
1724	Unicorn-19273.exe
2432	Unicorn-52521.exe
3036	Unicorn-2739.exe
2796	Unicorn-32655.exe
2236	Unicorn-3683.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 3012	2408	ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe	28
PID 2408 wrote to memory of 3012	2408	ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe	28
PID 2408 wrote to memory of 3012	2408	ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe	28
PID 2408 wrote to memory of 3012	2408	ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe	28
PID 2408 wrote to memory of 2540	2408	ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe	29
PID 2408 wrote to memory of 2540	2408	ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe	29
PID 2408 wrote to memory of 2540	2408	ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe	29
PID 2408 wrote to memory of 2540	2408	ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe	29
PID 3012 wrote to memory of 2572	3012	Unicorn-29550.exe	30
PID 3012 wrote to memory of 2572	3012	Unicorn-29550.exe	30
PID 3012 wrote to memory of 2572	3012	Unicorn-29550.exe	30
PID 3012 wrote to memory of 2572	3012	Unicorn-29550.exe	30
PID 2540 wrote to memory of 2468	2540	Unicorn-54967.exe	31
PID 2540 wrote to memory of 2468	2540	Unicorn-54967.exe	31
PID 2540 wrote to memory of 2468	2540	Unicorn-54967.exe	31
PID 2540 wrote to memory of 2468	2540	Unicorn-54967.exe	31
PID 3012 wrote to memory of 2544	3012	Unicorn-29550.exe	32
PID 3012 wrote to memory of 2544	3012	Unicorn-29550.exe	32
PID 3012 wrote to memory of 2544	3012	Unicorn-29550.exe	32
PID 3012 wrote to memory of 2544	3012	Unicorn-29550.exe	32
PID 2572 wrote to memory of 2716	2572	Unicorn-17464.exe	33
PID 2572 wrote to memory of 2716	2572	Unicorn-17464.exe	33
PID 2572 wrote to memory of 2716	2572	Unicorn-17464.exe	33
PID 2572 wrote to memory of 2716	2572	Unicorn-17464.exe	33
PID 2468 wrote to memory of 1656	2468	Unicorn-26133.exe	34
PID 2468 wrote to memory of 1656	2468	Unicorn-26133.exe	34
PID 2468 wrote to memory of 1656	2468	Unicorn-26133.exe	34
PID 2468 wrote to memory of 1656	2468	Unicorn-26133.exe	34
PID 2540 wrote to memory of 2780	2540	Unicorn-54967.exe	35
PID 2540 wrote to memory of 2780	2540	Unicorn-54967.exe	35
PID 2540 wrote to memory of 2780	2540	Unicorn-54967.exe	35
PID 2540 wrote to memory of 2780	2540	Unicorn-54967.exe	35
PID 2544 wrote to memory of 2992	2544	Unicorn-59552.exe	36
PID 2544 wrote to memory of 2992	2544	Unicorn-59552.exe	36
PID 2544 wrote to memory of 2992	2544	Unicorn-59552.exe	36
PID 2544 wrote to memory of 2992	2544	Unicorn-59552.exe	36
PID 2572 wrote to memory of 2088	2572	Unicorn-17464.exe	37
PID 2572 wrote to memory of 2088	2572	Unicorn-17464.exe	37
PID 2572 wrote to memory of 2088	2572	Unicorn-17464.exe	37
PID 2572 wrote to memory of 2088	2572	Unicorn-17464.exe	37
PID 2716 wrote to memory of 2180	2716	Unicorn-17965.exe	38
PID 2716 wrote to memory of 2180	2716	Unicorn-17965.exe	38
PID 2716 wrote to memory of 2180	2716	Unicorn-17965.exe	38
PID 2716 wrote to memory of 2180	2716	Unicorn-17965.exe	38
PID 2780 wrote to memory of 580	2780	Unicorn-25784.exe	39
PID 2780 wrote to memory of 580	2780	Unicorn-25784.exe	39
PID 2780 wrote to memory of 580	2780	Unicorn-25784.exe	39
PID 2780 wrote to memory of 580	2780	Unicorn-25784.exe	39
PID 1656 wrote to memory of 536	1656	Unicorn-725.exe	40
PID 1656 wrote to memory of 536	1656	Unicorn-725.exe	40
PID 1656 wrote to memory of 536	1656	Unicorn-725.exe	40
PID 1656 wrote to memory of 536	1656	Unicorn-725.exe	40
PID 2468 wrote to memory of 2752	2468	Unicorn-26133.exe	41
PID 2468 wrote to memory of 2752	2468	Unicorn-26133.exe	41
PID 2468 wrote to memory of 2752	2468	Unicorn-26133.exe	41
PID 2468 wrote to memory of 2752	2468	Unicorn-26133.exe	41
PID 2544 wrote to memory of 1004	2544	Unicorn-59552.exe	43
PID 2544 wrote to memory of 1004	2544	Unicorn-59552.exe	43
PID 2544 wrote to memory of 1004	2544	Unicorn-59552.exe	43
PID 2544 wrote to memory of 1004	2544	Unicorn-59552.exe	43
PID 2992 wrote to memory of 1976	2992	Unicorn-16870.exe	42
PID 2992 wrote to memory of 1976	2992	Unicorn-16870.exe	42
PID 2992 wrote to memory of 1976	2992	Unicorn-16870.exe	42
PID 2992 wrote to memory of 1976	2992	Unicorn-16870.exe	42

C:\Users\Admin\AppData\Local\Temp\ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ed4dfd445157775b4a5b7733245c5705_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29550.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29550.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17965.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1078.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        9⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        10⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        9⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2038.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
        8⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
        9⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12972.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7020.exe
        8⤵
        Executes dropped EXE
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60860.exe
        7⤵
        Executes dropped EXE
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe
        8⤵
        
        PID:3200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14845.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
        9⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        10⤵
        
        PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13138.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3683.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
        7⤵
        Executes dropped EXE
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        8⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        8⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1165.exe
        9⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        7⤵
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
        6⤵
        Executes dropped EXE
        
        PID:1528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55136.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4612.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51239.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
        9⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64944.exe
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
        8⤵
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31373.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        7⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59521.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26543.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
        9⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58794.exe
        10⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10434.exe
        11⤵
        
        PID:4064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48608.exe
        6⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
        7⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        8⤵
        
        PID:3432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35270.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21141.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2936.exe
        7⤵
        Executes dropped EXE
        
        PID:2780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
        7⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-620.exe
        8⤵
        
        PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65481.exe
        7⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
        8⤵
        Program crash
        
        PID:3916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54967.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54967.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12453.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54384.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58794.exe
        10⤵
        
        PID:3744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 380
        9⤵
        Program crash
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        8⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35924.exe
        9⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        10⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6101.exe
        11⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
        12⤵
        
        PID:832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 380
        8⤵
        Program crash
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17990.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        8⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 380
        8⤵
        Program crash
        
        PID:2052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 380
        7⤵
        Program crash
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25988.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42682.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe
        9⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        10⤵
        
        PID:1592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 384
        10⤵
        Program crash
        
        PID:2156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 368
        9⤵
        Program crash
        
        PID:3364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 368
        8⤵
        Program crash
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22816.exe
        7⤵
        
        PID:2572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 376
        7⤵
        Program crash
        
        PID:2376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 368
        6⤵
        Program crash
        
        PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63112.exe
        5⤵
        Executes dropped EXE
        
        PID:1512
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 380
        5⤵
        Program crash
        
        PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33926.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25784.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21120.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24265.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-393.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45448.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
        9⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32204.exe
        10⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16718.exe
        11⤵
        
        PID:2064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
        9⤵
        Program crash
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        8⤵
        Program crash
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1930.exe
        8⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57668.exe
        9⤵
        
        PID:1392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
        7⤵
        Program crash
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28182.exe
        8⤵
        
        PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
        9⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32655.exe
        6⤵
        
        PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41234.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        7⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26511.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
        9⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19116.exe
        6⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26350.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
        6⤵
        
        PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17464.exe

Filesize
184KB

MD5
685d32784228ebc10245087a2fbe41ab

SHA1
66e3beb9bea9ee6d3fe5155b3b0e0a558aa6856b

SHA256
7b8412c9590bbfe2b882032d7d56fc3f71fc3528d3e1aaf46d9a1111aa2c7638

SHA512
10359bc00cf99334784344ba883e6f457e0f3d3be3cf986ca40d73ab946f6c295ff9a5dfe580bdeb4a68b03f0909f6a6304e4906dc370261d5b129c02b53d390

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17965.exe

Filesize
184KB

MD5
9fbb20c2624474fae08a30d2fb4eb7e6

SHA1
f2e5caff8eaf4b2ebd1a7a0ad387a84b8b6645c1

SHA256
30a85ffe59c3373c9ef8f76497f45efc72b2e937213da93dfc7bdfc62ad3605b

SHA512
b77ce5537d32ad92b2ed74b28bc1be6aac5eadd5c10ed9ded30b8d3fc29b00235a5072fdc8008bb9cbeac68fddab3a992982cc7186e226dfaf78a451d6fa3f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33926.exe

Filesize
184KB

MD5
dd58971b55a7c47df86ac090df6059e9

SHA1
2897bc74f49ce83b260cec3b3cb93d643c32a4c1

SHA256
bf3d2d4db648ded22b16e78bb37706cfa89490613d8f6c35400a75d69091d36b

SHA512
52c428fadaf074d3f61245e55624c1ec4193e7f081518a2ea94d2967f230963b98083fdb6e5f68be5d8db1aa70fd89ff7390b028a26d76c2617763fc1cee2384

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35270.exe

Filesize
184KB

MD5
993bab410fb7c6a58a7ce066193a9716

SHA1
515a56b258390eda898b0d5faea1509ce77c2d73

SHA256
5bec8c06ce8d53d1078149273251ad8b9ba5ab551ac5339ffb1ce31d7b094873

SHA512
0adce30125674eb0c6c1fda822ac69b837e9d491f4530b2fe04b261acf6f32cd2ea8dbdab46c2ca2ba08b1a678ecab6ac45fe5c8e67bd9f70ac8c8fc349d9398

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40247.exe

Filesize
184KB

MD5
0eb315768a20ab15ea5b8076841f9e29

SHA1
b2c7164690cef804dbf3f9cdb50de9f0d92b058f

SHA256
a7420cbe6583ccc4355311f3a242039149f5054f1fbf2f7f13d17529a85950ef

SHA512
a52cf895b2e94777c5de629fa4594c257115df3a10e12c5ed05cdc1809e632c35a459272015c184a06a8b9a756104b18e153c17ac1d2fed0169c866c8c0a146d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54967.exe

Filesize
184KB

MD5
a754fa8ca9dca1a515453fc8d849e5da

SHA1
19dcaf9c5a53bb263c72d9735ae6768c781ff0e5

SHA256
e0a2a9470ba361ff86b8d00976f0a2769c2068368f6f709d96e828b4f77c7741

SHA512
32f191d75b6fd4e515eef39271ed33e695dd68603dd3437e0a003b0ed8dd0837010942038ddd671e04af0594682634c17706f6733864c5a72e02f56447eb2d65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe

Filesize
184KB

MD5
736a748d76bbda5b9dd17b871d3e4064

SHA1
f7ffc7e1addc5bff754612a2eeb28a725a362295

SHA256
95f347290e1ee160a8afda0c54f6246e9487df25db0b45ff2451c81c0aa3f8c9

SHA512
a288e9528ba7a0e205ece5e4654ed30bebf9053c6c262c38ccbb04764dc838ab803063b06fcd9d93eee88db881874477bf529a74d5e062f5e47f03f2e52e0b20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe

Filesize
184KB

MD5
ff3005e8574d6cbc5e413a9a854c5240

SHA1
2707dc549f8adc66c04baeb1d8e439c4152d65b0

SHA256
c311b2f9da7260f3d30dd40d40b01ad9df3056ef4784693e3507f734f98c0185

SHA512
1704b20ee9b13310937ec55a58de0863e21158c7ffc762396830a25be416dec10e503915fec4746cbbae220648593ffb57ed6c6e423604255341b39ed8334c0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe

Filesize
184KB

MD5
366454d876b2d46723469a3f796e6f91

SHA1
967957ced613b27c946cbd2d8918024f59956308

SHA256
5819265d480700153d7fa46b1ae27df0cb0874e350b5789d28366a320e79fdfc

SHA512
1bbcd8c2a75a658e5529418298dd333ccd133f63f8160826a54e787d05167a6b35dd3d6b201d38288cba595eb28b7bc0be1f2b6e4cafe81eadba6df60bc8aa73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18188.exe

Filesize
184KB

MD5
196473172848304cb4b7e9dd7258fb39

SHA1
89fce46f11d3956d54644fa44f6bda4f2aac9204

SHA256
f61a555fc642e52f2e422678ebc065dc12639978489b584ee3f7c46267006215

SHA512
de10ec62c449afb92d8ef58ca23e4542005b27c40febfd9540c209671fd2a630cff89605521ee9d0c6dcf070e6eb592c1e5df05cd469bb994640305c1ecdfe61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21120.exe

Filesize
184KB

MD5
7dbfc3ed3bc229cc73ea47e8961f4024

SHA1
76bb7111775bea6678a7454f4b6c15a4bcaa7ab7

SHA256
94f88e2912b4b143b35388981219878afdf5fbfd7ccfdffcf9530c785d98c5c3

SHA512
74dd1d576eeb01b3d51093b4b493b155b8b330f5a8044cbfb53a80d1e2b0c065de71a65a54fe7b00ca57cee1e7319b506ba01b512d6b07742ef9d6c91c7847db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25784.exe

Filesize
184KB

MD5
5896020c956e6a4f113654dcf8bc54a8

SHA1
e592464dd63d19f37250a9ce969af2e8a7cdc2a0

SHA256
a695d7ff1280191e9de9d06a4fe65d159c3b9655324a5f11c1cabbcf6ddc05cb

SHA512
fe794ceb9634b3a4836bcb912e937198269d6e221fb206eb7f4fcfab7ff71254bf9c702e5c6ca84ae50046c114c620c7ab1339f5aa14406c9c77b68920725a9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26107.exe

Filesize
184KB

MD5
5cf28b5aa2462c23aea1e41578de52fb

SHA1
6c5bfdbaaa3f7fb98fa7edfeb5afe3f5dea7ca17

SHA256
7b4a5933e936bdd36b68d7a031cb05a451d125918392563c2ccb3cf77b543784

SHA512
8a8d9c6b527a3b677cb7f474c43802055fd86c14099f10577008726ed411b73ccc0910cf772b6185e697d07cbe0f34ae5f11e5164f16fed8352de23cdc2de977

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe

Filesize
184KB

MD5
55e8773cdb61e6824f26e575bbb3fc03

SHA1
170c2e342b2f9927dc72672baa8d77c5e34a81bf

SHA256
7fd6a8c2fa46551b4d8feb4cf3e57dde3286c1af6e808cc219c1cc21f8cb9356

SHA512
a42d170c8729975919d7c5549c2f78cb2cdbca71a1f1e3ffa783d44439290b73dda6169fa1bf8c3357c0fafbe2a106dd36bac83c2937c10724a9df928d1c39c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29550.exe

Filesize
184KB

MD5
c879b031327d164e437278984330583b

SHA1
b3017e62fbbd96ccf424adf13a0a2376f18b389b

SHA256
d1aaab13a5577fc312b100c830fa792e790775120d490b55d84cf4bb1f54d928

SHA512
85975794ea479079ce667051cd53792711068db91bf2b705f1147b43b6531e40d3b83f64b79a6612adc23e216a90ef1ed397944a6f9729f38ffc23879343c1ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4783.exe

Filesize
184KB

MD5
bfa62bd923e5dded4813660b96c6b85f

SHA1
df056d7708ba58acf44568754cfe37103b739c04

SHA256
a3fa7c3dbb25cedaa67d0c81f8f787d583471c0e86294de6610acb3c1e0f9835

SHA512
eb81ecf50465c91de9794579d57f6a05ee0da279373a27f618ad9f816629ab9b0b528399d8c00eba92db4d94336360f5ae9f9f838d9753c44292258af84bff9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50289.exe

Filesize
184KB

MD5
2b843833687ac074e63be5afa55b8192

SHA1
0b51f5149c44c01b4d4b4d489807f16f4a5a3b1a

SHA256
ade337030e2dd892a25fa896a1509d7fe9c04282a3d707a583e03ed14fbb5e94

SHA512
594abebf38e3debbba52ce0ce816af5bfeb7b4c35696319047e3f866a44abb4864323b4eb7e7c9612bb70d1bb49ac5dc581cbd93b98fc4f123be2a6c5c7a0bf0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55136.exe

Filesize
184KB

MD5
43af4491dd7112a2ba2354f9c36e2fe9

SHA1
e5f8510408b533f1f64c614d3eb78d77b46c040a

SHA256
8172e7895dedda00b1294d0f73873b2eff6b8c254354f0ebfc10f3f266bbb3c0

SHA512
732938d818ca8b2831b81a7b0c1cd342bfdfd16b5e4c7d988efcfd1bd123008ae3bf9cbc52e307c4e6a1481d28496a466da2c527cd9044844b0a2a048387a504

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63859.exe

Filesize
184KB

MD5
b98dcd2d2499bcaddc8db8bd840ffd81

SHA1
3603bc36c026674281b69617aef1cd9859f09bcc

SHA256
9cdecae95e327338bfaa865591cfcff5fb4874f30ef166026e3688ce70e8484c

SHA512
631c96e23c38d43cf7ffcc85c1caa5d36eecc2fce93dfcb9ba4373b7864ae65370e8f2e1c110bbd85531773c1476dd783edaab1027a56200a498cf185f639e12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-725.exe

Filesize
184KB

MD5
5e32d8ea7492dcec7a02b28902216d4c

SHA1
e11fa67f69fd8ef46b2f18aeb30b9e3ec17eae1a

SHA256
80eeca3a3764b3d9f23c29e03d380c1b8a57d0143ac11453df1fca5cd0ecde9b

SHA512
a2edee4fae3c7a584552307ce7ae099bec2e0a4b591ae8d822777a6b9f08a361387ac023995999799b6aaba98d9010afd19c148a4bb4cc31e1212471e225908b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads