12b984c1b128bfe610b5dbe955309b0156ca053ec40132ec68cff96e5c310bc6

Analysis

max time kernel
68s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe
Size

184KB
MD5

ed9eba8abad5e7fa2a30d0143d76791f
SHA1

efd3ceb207906f3da69d5eaf6c64e9a56fb5708d
SHA256

12b984c1b128bfe610b5dbe955309b0156ca053ec40132ec68cff96e5c310bc6
SHA512

3897fa2c802a201e896c594c0796950db224acd7868a2ceb2fcf02a85cbc8b4934d9c7abcb5e3c872f1fe11b7613982cf96ae1362289a5fafb37decc80808fd2
SSDEEP

3072:jvPHomLyo3w/oRj1q3Q6MJSLGwXMztfw60xv+EpnNlvvpFG:jvfoWg/ovqg6MJx1+9NlvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2396	Unicorn-1842.exe
2720	Unicorn-12807.exe
2660	Unicorn-50311.exe
2552	Unicorn-13321.exe
2632	Unicorn-54162.exe
1104	Unicorn-46549.exe
1364	Unicorn-1126.exe
2464	Unicorn-42713.exe
588	Unicorn-34183.exe
304	Unicorn-54603.exe
1152	Unicorn-34737.exe
1744	Unicorn-53856.exe
2248	Unicorn-21162.exe
2508	Unicorn-49196.exe
1800	Unicorn-4079.exe
1260	Unicorn-12439.exe
2132	Unicorn-24692.exe
2880	Unicorn-4826.exe
2284	Unicorn-43804.exe
2004	Unicorn-20774.exe
1552	Unicorn-21328.exe
960	Unicorn-8713.exe
1676	Unicorn-9481.exe
1520	Unicorn-42516.exe
1076	Unicorn-9289.exe
2076	Unicorn-62574.exe
1524	Unicorn-63321.exe
2020	Unicorn-3534.exe
2100	Unicorn-42538.exe
1004	Unicorn-13928.exe
580	Unicorn-54961.exe
2856	Unicorn-61095.exe
2216	Unicorn-62382.exe
2828	Unicorn-29383.exe
2504	Unicorn-24893.exe
1912	Unicorn-29937.exe
1652	Unicorn-56051.exe
572	Unicorn-26389.exe
548	Unicorn-26965.exe
2708	Unicorn-18989.exe
1836	Unicorn-39409.exe
1916	Unicorn-10436.exe
2884	Unicorn-20634.exe
2900	Unicorn-49222.exe
628	Unicorn-12657.exe
2848	Unicorn-11588.exe
2196	Unicorn-7997.exe
2112	Unicorn-48838.exe
2864	Unicorn-7997.exe
1684	Unicorn-25678.exe
3028	Unicorn-39252.exe
840	Unicorn-17702.exe
2820	Unicorn-8957.exe
1052	Unicorn-60727.exe
2552	Unicorn-17126.exe
776	Unicorn-18278.exe
1928	Unicorn-55397.exe
1832	Unicorn-24525.exe
1732	Unicorn-47551.exe
2984	Unicorn-62434.exe
1284	Unicorn-19695.exe
1240	Unicorn-44199.exe
1696	Unicorn-39923.exe
896	Unicorn-36991.exe

Loads dropped DLL 64 IoCs

pid	Process
2312	ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe
2312	ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe
2396	Unicorn-1842.exe
2396	Unicorn-1842.exe
2312	ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe
2312	ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe
2660	Unicorn-50311.exe
2660	Unicorn-50311.exe
2720	Unicorn-12807.exe
2720	Unicorn-12807.exe
2396	Unicorn-1842.exe
2396	Unicorn-1842.exe
2552	Unicorn-13321.exe
2552	Unicorn-13321.exe
2660	Unicorn-50311.exe
2660	Unicorn-50311.exe
2632	Unicorn-54162.exe
2632	Unicorn-54162.exe
1104	Unicorn-46549.exe
1104	Unicorn-46549.exe
2720	Unicorn-12807.exe
2720	Unicorn-12807.exe
1364	Unicorn-1126.exe
1364	Unicorn-1126.exe
2552	Unicorn-13321.exe
2552	Unicorn-13321.exe
2464	Unicorn-42713.exe
2464	Unicorn-42713.exe
1152	Unicorn-34737.exe
1152	Unicorn-34737.exe
304	Unicorn-54603.exe
304	Unicorn-54603.exe
1104	Unicorn-46549.exe
2632	Unicorn-54162.exe
588	Unicorn-34183.exe
588	Unicorn-34183.exe
1104	Unicorn-46549.exe
2632	Unicorn-54162.exe
1744	Unicorn-53856.exe
1744	Unicorn-53856.exe
1364	Unicorn-1126.exe
1364	Unicorn-1126.exe
2248	Unicorn-21162.exe
2248	Unicorn-21162.exe
2880	Unicorn-4826.exe
2880	Unicorn-4826.exe
588	Unicorn-34183.exe
304	Unicorn-54603.exe
2132	Unicorn-24692.exe
2284	Unicorn-43804.exe
2464	Unicorn-42713.exe
1152	Unicorn-34737.exe
1260	Unicorn-12439.exe
1800	Unicorn-4079.exe
588	Unicorn-34183.exe
2132	Unicorn-24692.exe
2284	Unicorn-43804.exe
1800	Unicorn-4079.exe
2464	Unicorn-42713.exe
1152	Unicorn-34737.exe
304	Unicorn-54603.exe
1552	Unicorn-21328.exe
1552	Unicorn-21328.exe
1260	Unicorn-12439.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2320	1176	WerFault.exe	132

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2312	ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe
2396	Unicorn-1842.exe
2660	Unicorn-50311.exe
2720	Unicorn-12807.exe
2552	Unicorn-13321.exe
2632	Unicorn-54162.exe
1104	Unicorn-46549.exe
1364	Unicorn-1126.exe
2464	Unicorn-42713.exe
1152	Unicorn-34737.exe
304	Unicorn-54603.exe
588	Unicorn-34183.exe
1744	Unicorn-53856.exe
2248	Unicorn-21162.exe
2508	Unicorn-49196.exe
1800	Unicorn-4079.exe
2132	Unicorn-24692.exe
2284	Unicorn-43804.exe
1260	Unicorn-12439.exe
2880	Unicorn-4826.exe
2004	Unicorn-20774.exe
1552	Unicorn-21328.exe
960	Unicorn-8713.exe
1676	Unicorn-9481.exe
580	Unicorn-54961.exe
1520	Unicorn-42516.exe
2020	Unicorn-3534.exe
1076	Unicorn-9289.exe
1524	Unicorn-63321.exe
2076	Unicorn-62574.exe
2216	Unicorn-62382.exe
2504	Unicorn-24893.exe
2100	Unicorn-42538.exe
1004	Unicorn-13928.exe
2828	Unicorn-29383.exe
1912	Unicorn-29937.exe
1652	Unicorn-56051.exe
572	Unicorn-26389.exe
548	Unicorn-26965.exe
2708	Unicorn-18989.exe
1836	Unicorn-39409.exe
1916	Unicorn-10436.exe
2884	Unicorn-20634.exe
2900	Unicorn-49222.exe
628	Unicorn-12657.exe
2196	Unicorn-7997.exe
2848	Unicorn-11588.exe
2112	Unicorn-48838.exe
1684	Unicorn-25678.exe
2864	Unicorn-7997.exe
1052	Unicorn-60727.exe
1928	Unicorn-55397.exe
2820	Unicorn-8957.exe
1240	Unicorn-44199.exe
1732	Unicorn-47551.exe
3028	Unicorn-39252.exe
840	Unicorn-17702.exe
1284	Unicorn-19695.exe
1832	Unicorn-24525.exe
2552	Unicorn-17126.exe
896	Unicorn-36991.exe
2700	Unicorn-57774.exe
2568	Unicorn-12102.exe
1704	Unicorn-61090.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2396	2312	ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe	28
PID 2312 wrote to memory of 2396	2312	ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe	28
PID 2312 wrote to memory of 2396	2312	ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe	28
PID 2312 wrote to memory of 2396	2312	ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe	28
PID 2396 wrote to memory of 2720	2396	Unicorn-1842.exe	29
PID 2396 wrote to memory of 2720	2396	Unicorn-1842.exe	29
PID 2396 wrote to memory of 2720	2396	Unicorn-1842.exe	29
PID 2396 wrote to memory of 2720	2396	Unicorn-1842.exe	29
PID 2312 wrote to memory of 2660	2312	ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe	30
PID 2312 wrote to memory of 2660	2312	ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe	30
PID 2312 wrote to memory of 2660	2312	ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe	30
PID 2312 wrote to memory of 2660	2312	ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe	30
PID 2660 wrote to memory of 2552	2660	Unicorn-50311.exe	31
PID 2660 wrote to memory of 2552	2660	Unicorn-50311.exe	31
PID 2660 wrote to memory of 2552	2660	Unicorn-50311.exe	31
PID 2660 wrote to memory of 2552	2660	Unicorn-50311.exe	31
PID 2720 wrote to memory of 2632	2720	Unicorn-12807.exe	32
PID 2720 wrote to memory of 2632	2720	Unicorn-12807.exe	32
PID 2720 wrote to memory of 2632	2720	Unicorn-12807.exe	32
PID 2720 wrote to memory of 2632	2720	Unicorn-12807.exe	32
PID 2396 wrote to memory of 1104	2396	Unicorn-1842.exe	33
PID 2396 wrote to memory of 1104	2396	Unicorn-1842.exe	33
PID 2396 wrote to memory of 1104	2396	Unicorn-1842.exe	33
PID 2396 wrote to memory of 1104	2396	Unicorn-1842.exe	33
PID 2552 wrote to memory of 1364	2552	Unicorn-13321.exe	34
PID 2552 wrote to memory of 1364	2552	Unicorn-13321.exe	34
PID 2552 wrote to memory of 1364	2552	Unicorn-13321.exe	34
PID 2552 wrote to memory of 1364	2552	Unicorn-13321.exe	34
PID 2660 wrote to memory of 2464	2660	Unicorn-50311.exe	35
PID 2660 wrote to memory of 2464	2660	Unicorn-50311.exe	35
PID 2660 wrote to memory of 2464	2660	Unicorn-50311.exe	35
PID 2660 wrote to memory of 2464	2660	Unicorn-50311.exe	35
PID 2632 wrote to memory of 588	2632	Unicorn-54162.exe	36
PID 2632 wrote to memory of 588	2632	Unicorn-54162.exe	36
PID 2632 wrote to memory of 588	2632	Unicorn-54162.exe	36
PID 2632 wrote to memory of 588	2632	Unicorn-54162.exe	36
PID 1104 wrote to memory of 304	1104	Unicorn-46549.exe	37
PID 1104 wrote to memory of 304	1104	Unicorn-46549.exe	37
PID 1104 wrote to memory of 304	1104	Unicorn-46549.exe	37
PID 1104 wrote to memory of 304	1104	Unicorn-46549.exe	37
PID 2720 wrote to memory of 1152	2720	Unicorn-12807.exe	38
PID 2720 wrote to memory of 1152	2720	Unicorn-12807.exe	38
PID 2720 wrote to memory of 1152	2720	Unicorn-12807.exe	38
PID 2720 wrote to memory of 1152	2720	Unicorn-12807.exe	38
PID 1364 wrote to memory of 1744	1364	Unicorn-1126.exe	39
PID 1364 wrote to memory of 1744	1364	Unicorn-1126.exe	39
PID 1364 wrote to memory of 1744	1364	Unicorn-1126.exe	39
PID 1364 wrote to memory of 1744	1364	Unicorn-1126.exe	39
PID 2552 wrote to memory of 2248	2552	Unicorn-13321.exe	40
PID 2552 wrote to memory of 2248	2552	Unicorn-13321.exe	40
PID 2552 wrote to memory of 2248	2552	Unicorn-13321.exe	40
PID 2552 wrote to memory of 2248	2552	Unicorn-13321.exe	40
PID 2464 wrote to memory of 2508	2464	Unicorn-42713.exe	41
PID 2464 wrote to memory of 2508	2464	Unicorn-42713.exe	41
PID 2464 wrote to memory of 2508	2464	Unicorn-42713.exe	41
PID 2464 wrote to memory of 2508	2464	Unicorn-42713.exe	41
PID 1152 wrote to memory of 1800	1152	Unicorn-34737.exe	42
PID 1152 wrote to memory of 1800	1152	Unicorn-34737.exe	42
PID 1152 wrote to memory of 1800	1152	Unicorn-34737.exe	42
PID 1152 wrote to memory of 1800	1152	Unicorn-34737.exe	42
PID 304 wrote to memory of 1260	304	Unicorn-54603.exe	43
PID 304 wrote to memory of 1260	304	Unicorn-54603.exe	43
PID 304 wrote to memory of 1260	304	Unicorn-54603.exe	43
PID 304 wrote to memory of 1260	304	Unicorn-54603.exe	43

C:\Users\Admin\AppData\Local\Temp\ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ed9eba8abad5e7fa2a30d0143d76791f_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9289.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7997.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44199.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3218.exe
        10⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34926.exe
        11⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
        12⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe
        13⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60203.exe
        9⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49184.exe
        10⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42516.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26965.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17702.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        9⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16021.exe
        10⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
        11⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        12⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32470.exe
        13⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21059.exe
        11⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6949.exe
        10⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23696.exe
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        9⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
        10⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        8⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13789.exe
        9⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
        9⤵
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62574.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49222.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60203.exe
        9⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20510.exe
        10⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
        11⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-405.exe
        7⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
        10⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33508.exe
        8⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40925.exe
        9⤵
        
        PID:536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 372
        9⤵
        Program crash
        
        PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42538.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        8⤵
        
        PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54961.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47551.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1189.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        9⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        10⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
        11⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-68.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-68.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25741.exe
        10⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
        11⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        8⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22382.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
        10⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24525.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10286.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
        8⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30187.exe
        7⤵
        
        PID:896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10436.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        8⤵
        Executes dropped EXE
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46088.exe
        9⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7997.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57406.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6894.exe
        10⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18989.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24407.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
        9⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48901.exe
        10⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62860.exe
        9⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61090.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40359.exe
        7⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27194.exe
        9⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41623.exe
        10⤵
        
        PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18278.exe
        7⤵
        Executes dropped EXE
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36467.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60390.exe
        8⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3208.exe
        9⤵
        
        PID:2668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36773.exe
        9⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
        10⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53374.exe
        11⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12657.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19695.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59487.exe
        10⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13041.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
        9⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        10⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        8⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
        9⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21328.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
        6⤵
        Executes dropped EXE
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1147.exe
        7⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24215.exe
        8⤵
        
        PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29383.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36991.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3410.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57458.exe
        10⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
        11⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39729.exe
        12⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-981.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38107.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57762.exe
        9⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29937.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        6⤵
        Executes dropped EXE
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
        7⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
        8⤵
        
        PID:2436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12678.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
        9⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        10⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
        8⤵
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44251.exe
        7⤵
        
        PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25678.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        6⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
        7⤵
        
        PID:2848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13789.exe

Filesize
184KB

MD5
3ed2c17b914d7e9fe03d15e1ffb128c5

SHA1
1d95da2ddd30b6526aedcf5aa9d17325132dda2d

SHA256
f6c2e9fd0db5880f52d5e8742b96a1a62d6f5760c5576260a54ef9b489cb7b2e

SHA512
b0fd3a12a5ef8997948266c1c349e691ffebbe5dcf8d046c6f4e0ca8db5152798ce8ff8bdd121d7085039ccd14798178026de3fa4d031c4b6e85d9f233884f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34183.exe

Filesize
184KB

MD5
a1fbbe1d765e86f88e8f049ec20dfc15

SHA1
0e3fbde2ce131123e55cf5a3da157b1060bed9a8

SHA256
2a8597166d57e5c19669bd0b802a74bd27ddf78ec8cb6e6697a3e0692fea7657

SHA512
275c0c8aae23cad61b6238acec9644e703765faf92e1d7a38ed900982418f98bdf61abc41b8b6c168157e430b519e3f00a7bc48f4f7dbd0f44686736100611fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe

Filesize
184KB

MD5
7b0df7ac683553bcf412d7a5ef1e818a

SHA1
709a45178f4f370165504893bc64715b08f99f0b

SHA256
25bf844f8fb967f2433238cbbc37410fb3fc8bed89e1003945014b7f2d6b4c9a

SHA512
ffd0191b65f316d84a14d0bd299136ed3887e99b713ac5cb40186628ce679d35197e6d8126c59d9982a422ea2de1ba3ce8ac62f5e5e3db9c39fbd69c0abb811b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54603.exe

Filesize
184KB

MD5
a508cd2f64c34887048bade122682854

SHA1
842800a2c4e3c65ab63731233fc1da22084964bf

SHA256
d9281e6868a6046ba46bb35afcf62dfa06125f5bdcd4cf69008ee980cf61b318

SHA512
0c9b813bdfb2ddbf20d92dda7059165cc57a0fb1d7e2f0aec760bf0502fa49a39aa74f551b014b02457ddb1373f920f59f76390944f2814e42539e201190d003

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe

Filesize
184KB

MD5
c324840fa542600f2c67102155ff1068

SHA1
3a105007de5d43deed385a784132581e78ea1b51

SHA256
3aa9a6499d2c5f52d5ae64b6bdc8d38b86c8d839fb853b293e719424c90f3aba

SHA512
96763b60fcdb8e16f1a999507bc29e6f333ae1034f0583f4767c729a9513ca9ef7cdf577048866f45566a935d5ce2e2ca1208e86a11b1ace3c06be65fb4bbd9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12439.exe

Filesize
184KB

MD5
45afbe1f2a9a96a649a0fd2fd2acdf34

SHA1
c7ac110a8784a0f0f37e5c2850334c1b1658661a

SHA256
e44ffe645ef7dca9a2e6d237b170ad346ec493798108fb79144ef7edb81d133b

SHA512
1e40a9fe3a3100d56566fcb303db8a1d4257e832598e36d091f802addf774f30eff21cebc0fb3cdfea7300357e703a7296f0bde5e0f1c7824901063dd25dde69

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12807.exe

Filesize
184KB

MD5
742223d7b2a9b67d23e0280549d15067

SHA1
03b54ec6f9075285cafde3c657ce325b619abd8e

SHA256
617b714d14110137a0c3a0fb2398a74e6a869cdd368e2275ac6d1c0c5831aa7a

SHA512
c02302f75d6b6af43e6498f1929671841a55c92d414a3af0857a5bde9a35805bdb62f1184cfd0ef07d6e7e827987ac14f5e08553432695048d529162e93849f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13321.exe

Filesize
184KB

MD5
976ece5c0e2977b1290c39ab90b99611

SHA1
1a2266ca50f3cd0e72946947dedf39bda588b8c6

SHA256
d14a7525816d440ef8224d0d6425df4c89560d22c65e6c1de90d366ccf18caf8

SHA512
a24fe58f1e09e4bcd55ae9ad6ebdab7dad05771e1771900dd68709224183f7d6b14abf7358bb400555b4408d09090bd3814872bac6c6e82ac2e45f9d259e6e90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe

Filesize
184KB

MD5
8d664b9778bb5446a4a71ff278559b0c

SHA1
b819bd52efa5ff1fa779a722ab43569d344088c9

SHA256
3a69933e2cdb475e46e3ee04bcc2b0e44cacdce2c1f5fbc652ae334600de4bed

SHA512
391d86711357d63dc4eae943c28ef3de5a73a3b387cc2617a29f7d6504157a2d3ceb2a160e53200eb6cbcb464d05da95a07bdfe04c2d7af5f01d7b2cddd1e4a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe

Filesize
184KB

MD5
6841090a6de9083c7ba077009f72e305

SHA1
0b6f457588c6ab5b6243da7184d90c534c4acd27

SHA256
0d208088bd1f79d0e870919090f07d6ebab660671b441fe9de007044dac38ea5

SHA512
b921b71e2f6c9a8d6fb855df58d809fda9d7c7c9e198319e2ce3910dd09009c668f089ccf3ff42a7369434f0c3956d63f13fa70442603422649546ff0e4b9fcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe

Filesize
184KB

MD5
6f3aedb4efdae4c34616c4d1598f116b

SHA1
40fab7186cd0f117a99819ee9d148889dbc51d2f

SHA256
ce39e863bbd97d9e0e766a6fb043da5e9fbce656d708909233c910a29d948ab3

SHA512
b75560ac246f0404f7444b7d65e75b09fcd4ecf54a5fdc515989a9c1c7fc5a940cb57179c83104326c5ac158233e3da9940f27a4b0edd37edcbb202a978b1679

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe

Filesize
184KB

MD5
33a38f5f7ba7c38aa75cec3a48dde9f4

SHA1
2ef5fdcddb04db4eae29680fa5db1b705bf7e3c9

SHA256
e73397b13a436afea469cab5bd7c1440217aa30deeb2e18b7f7b6f1e12acb4a0

SHA512
23d15f4aba9fe593e439782aaa7d99dccb6e213ae9cf47e94d7d2fd15eb0f3126994fe11da4ea6a1396f31926d05148d7bf09562d0ae4d2f9252adeb43a127bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42713.exe

Filesize
184KB

MD5
07d21e705cd454254bb6fab113dd0cb4

SHA1
695bedc50ce247c8e45a8b5955efb1720a128c11

SHA256
3dcf828c557f264c5e6f4cf524a97aed3a00965d49b5b43018d5f8cc39d93449

SHA512
783ada5264f0edfb329cf4d4739a226a2beb903ab224384b2ff3f7e986a7e7cc775edd188dc8c731cefc9541bf9ac1142941c8cfc547abe294cd969e36231de4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43804.exe

Filesize
184KB

MD5
d840d6175b33a05c530046a5e36291dd

SHA1
4761c98bda614bcff99c29c4c1925b7f002655a2

SHA256
245c0df40b0923b57f14d10970dda50b0067ce4cd025e37ce9cb6c611715671d

SHA512
17d53389a8c04f04dffe7f9fbf10b582ca2c269c4d6c12a5dd2a08f68187c6b456f1853115b27eecb3a0e45a1a5fa9b99d9bfba9b90bb37f7eefab7dcf8d565d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe

Filesize
184KB

MD5
ff6b18c48363c71dce8cec084213f83e

SHA1
f8119e1ad2f5035a69f502bcb4600bb101374a6c

SHA256
37b9af83ac031308c851aa2c9fb278db5004d0f499533513aded924690e3df0a

SHA512
361b51e030a0d04dd6c85b6707b9fef32ec1c176391d53b3041f10fd571664d142931f9f97c692864ab9056bb19bf6729da9ef2505a1a3fd116a7226f0d6725a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4826.exe

Filesize
184KB

MD5
b2880d910ed60f4a182aa0d8a5081c10

SHA1
e2692ba2d91a6c41904ea8d4d480b55212cb18cc

SHA256
ea597f884d32467f17168aa1e68a0788da2b2fb3df51f7bbf88efb8499532ec9

SHA512
05b5e0d19ef9a779340e3abc18230272b4c14ac8eda27516c086ecc4cf33b644ec4ff72f30e941f853717c693f9758f0023118877b0fe2054f9400ddaa46f403

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe

Filesize
184KB

MD5
f0d55c83c6daf612ce0857bdff29172c

SHA1
1447baf5fa77c530775bd37e2a69f5e9478d3806

SHA256
c89ed344f4fa13628c5c9f2e87b130dde29001f0d27e92a892bdb95cf97caa53

SHA512
85c92e1e044cd4cc9fb0153e0b630b167423f9166a318996134a87e554f277665cc31eafb0b1ab0cd9cbb13882ef83cdbd1fb49fc050c9b81f607a229217ff90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe

Filesize
184KB

MD5
3f054a13dc4fe6687d89322dfb517147

SHA1
e93f0a2ee050d7d16e57eb027a703ddb1a89432a

SHA256
f8449f17f1f5466db9ba08d2a5e5798526db9a626267ad9d07d95fd1b8782f88

SHA512
ad83508ff472327891bb95490be96341df523211d60fcbc06610d46ecad7c403ba2f5a7fd93383243278c45d606c186260aaec68c87e1103a1abeaee5fa992f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53856.exe

Filesize
184KB

MD5
1a3ef68cf4393c0c916e12fdff90e329

SHA1
8d651c3521f7f83b7876bf0d9e897eba272caeb3

SHA256
0f1e350eb47c3dcda36085cbf60d7387f0ac7b95aa484f6a8ffce8b40d38e18e

SHA512
d8eacd56142e77bd0ada9ebc3d0881ec6da8b30af5601c0fe8f3c2b3ca69ad6554f51a943f186f132f9a58bf6ad7a543840733ef4874251df6915313f9b11fad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe

Filesize
184KB

MD5
df2cfc7ff62fc776d3860c6aa6c15e76

SHA1
76e5e47438be05914ff8d2acf908af0eb6de7cf3

SHA256
70444ead010aa71f5dbeeb218bc46cac7cb551938492064a35373470d261ba2c

SHA512
1b7af13884733ac88fe8afe232f6aa50672e75c9ff95b4a9e36f3df8dc82c9b71440da346d90ed2e01fbdc521a3f577d3429d435b8af0e6de24bfb0a9e0b5369

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads