679caaadee3e156d8dd5e38a33a0c67f368bba3f4692aa61506d915f4d5a05ee

Analysis

max time kernel
96s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 16:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe
Size

184KB
MD5

ede9d61104317cb1e55468fbac07b156
SHA1

98a0eba84f38d601135598fe9165625a1b27a30f
SHA256

679caaadee3e156d8dd5e38a33a0c67f368bba3f4692aa61506d915f4d5a05ee
SHA512

dd1b5a215b6c3cefb4e2c94fdda0a94839bf09073b0a17f946e229ce3afec033b99b804fd29693e387b5bb073e4017bc04e0ea77548f6e0731b998fb0f3f8bf3
SSDEEP

3072:+4HXoc4ftAJlEjPdTA5tzFb9FA6G/6g0DhxA+Px+7lPOpF8:+43o5aJl6d05tz073P7lPOpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1084	Unicorn-48911.exe
2572	Unicorn-7660.exe
2632	Unicorn-8215.exe
2464	Unicorn-38386.exe
2852	Unicorn-17412.exe
1136	Unicorn-883.exe
588	Unicorn-10561.exe
2192	Unicorn-3462.exe
2880	Unicorn-18154.exe
2812	Unicorn-61386.exe
2776	Unicorn-10540.exe
2692	Unicorn-48325.exe
1328	Unicorn-49840.exe
2332	Unicorn-21251.exe
2748	Unicorn-41117.exe
820	Unicorn-37033.exe
2276	Unicorn-29057.exe
2316	Unicorn-8444.exe
2168	Unicorn-17359.exe
1552	Unicorn-54604.exe
2328	Unicorn-59627.exe
1564	Unicorn-28839.exe
748	Unicorn-38076.exe
1708	Unicorn-1765.exe
916	Unicorn-58579.exe
1572	Unicorn-9378.exe
1468	Unicorn-6041.exe
548	Unicorn-42989.exe
888	Unicorn-17739.exe
1424	Unicorn-63410.exe
1740	Unicorn-62855.exe
1652	Unicorn-62855.exe
1672	Unicorn-3493.exe
1168	Unicorn-59046.exe
2664	Unicorn-17630.exe
3068	Unicorn-42518.exe
2888	Unicorn-23480.exe
2592	Unicorn-59682.exe
2832	Unicorn-44093.exe
3000	Unicorn-35370.exe
2412	Unicorn-10289.exe
2788	Unicorn-39624.exe
2840	Unicorn-14565.exe
2836	Unicorn-3828.exe
760	Unicorn-64918.exe
1832	Unicorn-31478.exe
1316	Unicorn-64020.exe
1208	Unicorn-18349.exe
2716	Unicorn-18349.exe
1956	Unicorn-3527.exe
2800	Unicorn-35261.exe
2524	Unicorn-8016.exe
2876	Unicorn-11524.exe
2124	Unicorn-57196.exe
1660	Unicorn-7715.exe
1592	Unicorn-19968.exe
1804	Unicorn-52811.exe
1136	Unicorn-61171.exe
1148	Unicorn-20330.exe
1336	Unicorn-16460.exe
2004	Unicorn-57492.exe
960	Unicorn-41348.exe
616	Unicorn-29266.exe
1524	Unicorn-50647.exe

Loads dropped DLL 64 IoCs

pid	Process
2972	ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe
2972	ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe
1084	Unicorn-48911.exe
2972	ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe
1084	Unicorn-48911.exe
2972	ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe
1084	Unicorn-48911.exe
2632	Unicorn-8215.exe
2632	Unicorn-8215.exe
2572	Unicorn-7660.exe
1084	Unicorn-48911.exe
2572	Unicorn-7660.exe
2852	Unicorn-17412.exe
2464	Unicorn-38386.exe
2464	Unicorn-38386.exe
2852	Unicorn-17412.exe
2632	Unicorn-8215.exe
2632	Unicorn-8215.exe
1136	Unicorn-883.exe
1136	Unicorn-883.exe
2572	Unicorn-7660.exe
2572	Unicorn-7660.exe
588	Unicorn-10561.exe
588	Unicorn-10561.exe
2464	Unicorn-38386.exe
2464	Unicorn-38386.exe
2852	Unicorn-17412.exe
2192	Unicorn-3462.exe
2852	Unicorn-17412.exe
2192	Unicorn-3462.exe
2776	Unicorn-10540.exe
2776	Unicorn-10540.exe
2812	Unicorn-61386.exe
2880	Unicorn-18154.exe
2880	Unicorn-18154.exe
2812	Unicorn-61386.exe
1136	Unicorn-883.exe
1136	Unicorn-883.exe
2692	Unicorn-48325.exe
2692	Unicorn-48325.exe
588	Unicorn-10561.exe
588	Unicorn-10561.exe
1328	Unicorn-49840.exe
1328	Unicorn-49840.exe
2748	Unicorn-41117.exe
2748	Unicorn-41117.exe
2192	Unicorn-3462.exe
2192	Unicorn-3462.exe
2332	Unicorn-21251.exe
2332	Unicorn-21251.exe
2276	Unicorn-29057.exe
2276	Unicorn-29057.exe
2880	Unicorn-18154.exe
2880	Unicorn-18154.exe
2776	Unicorn-10540.exe
2776	Unicorn-10540.exe
2812	Unicorn-61386.exe
2812	Unicorn-61386.exe
2168	Unicorn-17359.exe
2168	Unicorn-17359.exe
2316	Unicorn-8444.exe
2316	Unicorn-8444.exe
820	Unicorn-37033.exe
820	Unicorn-37033.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2952	2224	WerFault.exe	151

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2972	ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe
1084	Unicorn-48911.exe
2572	Unicorn-7660.exe
2632	Unicorn-8215.exe
2464	Unicorn-38386.exe
2852	Unicorn-17412.exe
1136	Unicorn-883.exe
588	Unicorn-10561.exe
2192	Unicorn-3462.exe
2880	Unicorn-18154.exe
2812	Unicorn-61386.exe
2776	Unicorn-10540.exe
2692	Unicorn-48325.exe
2748	Unicorn-41117.exe
1328	Unicorn-49840.exe
2276	Unicorn-29057.exe
2332	Unicorn-21251.exe
820	Unicorn-37033.exe
2316	Unicorn-8444.exe
2168	Unicorn-17359.exe
1552	Unicorn-54604.exe
2328	Unicorn-59627.exe
1564	Unicorn-28839.exe
748	Unicorn-38076.exe
1708	Unicorn-1765.exe
916	Unicorn-58579.exe
1572	Unicorn-9378.exe
1468	Unicorn-6041.exe
888	Unicorn-17739.exe
548	Unicorn-42989.exe
1424	Unicorn-63410.exe
1740	Unicorn-62855.exe
1652	Unicorn-62855.exe
1672	Unicorn-3493.exe
1168	Unicorn-59046.exe
2664	Unicorn-17630.exe
2888	Unicorn-23480.exe
2592	Unicorn-59682.exe
2832	Unicorn-44093.exe
3068	Unicorn-42518.exe
2412	Unicorn-10289.exe
3000	Unicorn-35370.exe
2788	Unicorn-39624.exe
2836	Unicorn-3828.exe
2840	Unicorn-14565.exe
1316	Unicorn-64020.exe
1832	Unicorn-31478.exe
760	Unicorn-64918.exe
2716	Unicorn-18349.exe
1208	Unicorn-18349.exe
1956	Unicorn-3527.exe
2524	Unicorn-8016.exe
2800	Unicorn-35261.exe
2124	Unicorn-57196.exe
1592	Unicorn-19968.exe
2876	Unicorn-11524.exe
1660	Unicorn-7715.exe
1804	Unicorn-52811.exe
1136	Unicorn-61171.exe
2004	Unicorn-57492.exe
960	Unicorn-41348.exe
1336	Unicorn-16460.exe
616	Unicorn-29266.exe
1148	Unicorn-20330.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 1084	2972	ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe	28
PID 2972 wrote to memory of 1084	2972	ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe	28
PID 2972 wrote to memory of 1084	2972	ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe	28
PID 2972 wrote to memory of 1084	2972	ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe	28
PID 1084 wrote to memory of 2572	1084	Unicorn-48911.exe	29
PID 1084 wrote to memory of 2572	1084	Unicorn-48911.exe	29
PID 1084 wrote to memory of 2572	1084	Unicorn-48911.exe	29
PID 1084 wrote to memory of 2572	1084	Unicorn-48911.exe	29
PID 2972 wrote to memory of 2632	2972	ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe	30
PID 2972 wrote to memory of 2632	2972	ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe	30
PID 2972 wrote to memory of 2632	2972	ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe	30
PID 2972 wrote to memory of 2632	2972	ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe	30
PID 2632 wrote to memory of 2852	2632	Unicorn-8215.exe	32
PID 2632 wrote to memory of 2852	2632	Unicorn-8215.exe	32
PID 2632 wrote to memory of 2852	2632	Unicorn-8215.exe	32
PID 2632 wrote to memory of 2852	2632	Unicorn-8215.exe	32
PID 1084 wrote to memory of 2464	1084	Unicorn-48911.exe	31
PID 1084 wrote to memory of 2464	1084	Unicorn-48911.exe	31
PID 1084 wrote to memory of 2464	1084	Unicorn-48911.exe	31
PID 1084 wrote to memory of 2464	1084	Unicorn-48911.exe	31
PID 2572 wrote to memory of 1136	2572	Unicorn-7660.exe	33
PID 2572 wrote to memory of 1136	2572	Unicorn-7660.exe	33
PID 2572 wrote to memory of 1136	2572	Unicorn-7660.exe	33
PID 2572 wrote to memory of 1136	2572	Unicorn-7660.exe	33
PID 2464 wrote to memory of 588	2464	Unicorn-38386.exe	35
PID 2464 wrote to memory of 588	2464	Unicorn-38386.exe	35
PID 2464 wrote to memory of 588	2464	Unicorn-38386.exe	35
PID 2464 wrote to memory of 588	2464	Unicorn-38386.exe	35
PID 2852 wrote to memory of 2192	2852	Unicorn-17412.exe	34
PID 2852 wrote to memory of 2192	2852	Unicorn-17412.exe	34
PID 2852 wrote to memory of 2192	2852	Unicorn-17412.exe	34
PID 2852 wrote to memory of 2192	2852	Unicorn-17412.exe	34
PID 2632 wrote to memory of 2812	2632	Unicorn-8215.exe	36
PID 2632 wrote to memory of 2812	2632	Unicorn-8215.exe	36
PID 2632 wrote to memory of 2812	2632	Unicorn-8215.exe	36
PID 2632 wrote to memory of 2812	2632	Unicorn-8215.exe	36
PID 1136 wrote to memory of 2880	1136	Unicorn-883.exe	37
PID 1136 wrote to memory of 2880	1136	Unicorn-883.exe	37
PID 1136 wrote to memory of 2880	1136	Unicorn-883.exe	37
PID 1136 wrote to memory of 2880	1136	Unicorn-883.exe	37
PID 2572 wrote to memory of 2776	2572	Unicorn-7660.exe	38
PID 2572 wrote to memory of 2776	2572	Unicorn-7660.exe	38
PID 2572 wrote to memory of 2776	2572	Unicorn-7660.exe	38
PID 2572 wrote to memory of 2776	2572	Unicorn-7660.exe	38
PID 588 wrote to memory of 2692	588	Unicorn-10561.exe	39
PID 588 wrote to memory of 2692	588	Unicorn-10561.exe	39
PID 588 wrote to memory of 2692	588	Unicorn-10561.exe	39
PID 588 wrote to memory of 2692	588	Unicorn-10561.exe	39
PID 2464 wrote to memory of 1328	2464	Unicorn-38386.exe	40
PID 2464 wrote to memory of 1328	2464	Unicorn-38386.exe	40
PID 2464 wrote to memory of 1328	2464	Unicorn-38386.exe	40
PID 2464 wrote to memory of 1328	2464	Unicorn-38386.exe	40
PID 2852 wrote to memory of 2332	2852	Unicorn-17412.exe	41
PID 2852 wrote to memory of 2332	2852	Unicorn-17412.exe	41
PID 2852 wrote to memory of 2332	2852	Unicorn-17412.exe	41
PID 2852 wrote to memory of 2332	2852	Unicorn-17412.exe	41
PID 2192 wrote to memory of 2748	2192	Unicorn-3462.exe	42
PID 2192 wrote to memory of 2748	2192	Unicorn-3462.exe	42
PID 2192 wrote to memory of 2748	2192	Unicorn-3462.exe	42
PID 2192 wrote to memory of 2748	2192	Unicorn-3462.exe	42
PID 2776 wrote to memory of 820	2776	Unicorn-10540.exe	43
PID 2776 wrote to memory of 820	2776	Unicorn-10540.exe	43
PID 2776 wrote to memory of 820	2776	Unicorn-10540.exe	43
PID 2776 wrote to memory of 820	2776	Unicorn-10540.exe	43

C:\Users\Admin\AppData\Local\Temp\ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\ede9d61104317cb1e55468fbac07b156_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-883.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10289.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57492.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13792.exe
        10⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
        11⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        12⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50647.exe
        8⤵
        Executes dropped EXE
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33969.exe
        9⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
        10⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 188
        11⤵
        Program crash
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39624.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58260.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48131.exe
        9⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
        10⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32039.exe
        11⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
        9⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61171.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
        9⤵
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14565.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6532.exe
        8⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        9⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
        10⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17311.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
        9⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39823.exe
        10⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16985.exe
        11⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        12⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51255.exe
        10⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        11⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        9⤵
        
        PID:688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        8⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
        9⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22584.exe
        10⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23212.exe
        11⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12625.exe
        12⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
        11⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        9⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
        10⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9807.exe
        11⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52542.exe
        12⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        11⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
        12⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6278.exe
        10⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3527.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5873.exe
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51125.exe
        9⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
        10⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14467.exe
        11⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-648.exe
        9⤵
        
        PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42989.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64918.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21053.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
        8⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        9⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
        8⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14398.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
        7⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
        9⤵
        
        PID:1752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48325.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59046.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15074.exe
        9⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20330.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51125.exe
        8⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27270.exe
        9⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
        10⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
        11⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3493.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35261.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46548.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        9⤵
        
        PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59627.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8016.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
        9⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
        10⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38256.exe
        11⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57196.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        7⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37213.exe
        10⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6173.exe
        11⤵
        
        PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42518.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46138.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
        9⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        10⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30574.exe
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53642.exe
        9⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
        10⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11524.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
        8⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        9⤵
        
        PID:2432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8215.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8215.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17412.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17412.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38076.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59682.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe
        9⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31935.exe
        10⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
        11⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
        12⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
        8⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        9⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
        10⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29266.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21385.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44229.exe
        10⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16460.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6257.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
        9⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
        10⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56818.exe
        11⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        10⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30341.exe
        11⤵
        
        PID:1320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35370.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7715.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37389.exe
        10⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
        7⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7814.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25277.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        10⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17855.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30145.exe
        9⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        10⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16589.exe
        11⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
        12⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17317.exe
        7⤵
        
        PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58579.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61386.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61386.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8444.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13766.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15193.exe
        8⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19256.exe
        7⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59018.exe
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27530.exe
        9⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        10⤵
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9298.exe
        6⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55422.exe
        8⤵
        
        PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63410.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52355.exe
        6⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57534.exe
        8⤵
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
        6⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55723.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
        8⤵
        
        PID:1628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe

Filesize
184KB

MD5
3d2d1c87b9ab106399935f5b91ac999d

SHA1
441fc74eafc8e88f0a09948926eb2422135524df

SHA256
cbbc2bf7e163cf796fc1e390dc5e3f3bf16d5e734456cb8d91ada0655358d7bb

SHA512
7d0df02290fd435da21fff4c2ba75e13f616ef4293a32f7bad6df22de0744a0701fc4bc22b24058cd94a0e26f3758da6edc9ae37183be2328db208ea203896ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe

Filesize
184KB

MD5
4fcc7de3ed1fe13b4540e712fe169277

SHA1
74560a76781645bbb6651d2effe92ac9a2c16045

SHA256
d9315a1fcaaa533e565bd1742227e84041d8b80ef0616236b678f6c9977dc40f

SHA512
5753770f7ca72b1378c3cc10b924d9b2ef591b1b74b31cbae645063db0f70923b8e6de0fc6a0fa3592a146aaec544d3c8a864301177b14fde9d518731972335a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe

Filesize
184KB

MD5
a789928c51d5ddca5e236ddc254a5c73

SHA1
087a6b3a3aaa314b6aba8f782b6d3f73fed188d8

SHA256
b51693359af2c898030ec5889f39c1d4c00771c833b4494b9afaa40e56cc060d

SHA512
dac40adaba6b23b675eb21522f073223c90fa437f0a6116ad5265a7a2be0bd6ff3dec80b58cf8d563f6857a0b9703b26ed12a9071b2443e16515e3f404cb4471

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6065.exe

Filesize
184KB

MD5
cc93b12f9926584da7a2eaf3fe526de0

SHA1
ae6c20e351d276128f14ae07a72ac1ff87c08525

SHA256
ba01352bd987fd6092f81a6aebde4415909803fb3ddfd0a87ccfa0c0eebc5be4

SHA512
96ed2dd2f113598ee060c66ba42abdd14aa7092d6fc91e4485f7bf47a9ab0f7fc81cc445de1b73d26c307ef3f782d3a8819ce4d99968c8bb799a8c77d43ee27b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe

Filesize
184KB

MD5
064fb96fb64aa8208c4f709f162b8c8d

SHA1
5b245cb3a14c0dfd242163d2bdbd3ed955e863ad

SHA256
79060a442603406a16a73df7ae3ad0c1fadf530db5aaa31b2d2cc1eccc68adc9

SHA512
1fd026944bf45b39d2e595775ed647f14a60cd791c470f5949fd6c68748b7117559a6b3537510cf5671cf06bdf381f2a5bd1bdc68e2c7adf9ce00032b837637a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe

Filesize
184KB

MD5
1fa3a185dc517cc697a4fbbf85f5562d

SHA1
06bdcb0d05a1cdcafc49459d3b4e33a4e89b59f9

SHA256
76e56b2c8298ff57d5ab28f3ae5ca6028c07ddc1ff88b3bd32b8b5948aeec792

SHA512
4a520e2cbb104fbbac22f84d939fa8c0648d654ceba5ff4fa2f8e3b6be6e395f85bc44778069ee72d2752a2d8e4a85701219335df3337c3556d25e49823f8608

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17412.exe

Filesize
184KB

MD5
40436b736d9418b2fdc3b872e8c2bc16

SHA1
e25b4155b11c15c236b3a571c5c5bdb1d7882878

SHA256
af6733015aff5aa60b2b5683a2092e7668a79bc923d64ffe2733fc5f312a3ff5

SHA512
81aa22c0f5eaf84ddb6b3f0b3194223c915502eeb808d4e8c495f66296ecfffbae60ba339fec1a8b959885b136743e1c54b9be14ca4f30a26f99005bbf605242

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18154.exe

Filesize
184KB

MD5
9f8b11fe0d4fdfd93334025777137034

SHA1
3873104805d6f413cd8521c25318d4d0f2d6542b

SHA256
170fef65def694715586db258482c55e5853bb7e29372eac5b7b3a41be7e1e08

SHA512
d30794e37afc331dabc2d43776d49d8f598121750bd3329bf5940478ec78b9ca94a7990ad525cd6ec58e0e24f973550e90b865c80b6b7f7b9e3a00dda839b6be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21251.exe

Filesize
184KB

MD5
936f9fe785fc5b6ec550043c5605dbeb

SHA1
88965b890bb63a02995ed13cc9223a6b91344917

SHA256
c5bbbcf310cf8693371795df97e9406ee754936a122ce23755e7bdcb17ea69ef

SHA512
d0e99c8de0bd85a8f734ea9e325faf61e1e59e7ee14a734fa8474f3cb1a2b3325867610e09e78f1abb85246ebfb085494037e19b73aab8283f682e9ed7a944c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe

Filesize
184KB

MD5
ed316f0ca1d89a76fe35a142319ba1fc

SHA1
e190fc638233995b0f9ca522613eee7165129639

SHA256
3f824b9f6d6fe0ce594e8da2b7c2163c29ae599de31890b1156fb5c1e0bfc429

SHA512
9f9f4f1de2a6bba5b766c420145113846f09e54d99ba9d95b0362ff8a85d8a3815dca7aa9c315c0b569aeb5cfaba3dbf0bd039091ae699d6d0fbe58f2bf25c44

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe

Filesize
184KB

MD5
43e0c45c25e0d491e4e441fce05bc40e

SHA1
535ab857d6ca81159367af69fa2a4dfd7e15cb2b

SHA256
8833745b9cabcd25728ad786bca4797dc22987e07025bdfce8b5bd2d71b5df8e

SHA512
bfcf4aeb162e222286be0efccbab683a8bcfee66c62e91b330d60459726e32df0efda86cbada3b4d36dfd85a4d8c13f98243ef2753f475b9812be06c35f3b8f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe

Filesize
184KB

MD5
cfbabdbd74c7ef0657ec7f09125060f9

SHA1
7fec18fa92a9664ff03de9e1d3b2dc1c8d2b0176

SHA256
cadd42fc1423839f01515779e8f20e572fdd84f989388cc6d64f3f1feabe2b2f

SHA512
0afb921527105ba1e2e99b9964a76b53be4d6bc38ecc4b583331e680d4a872619b3ff139782e123805e12a80ce7ad5d014b1108d0d1ccbdc23c61f5793d1dd91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48325.exe

Filesize
184KB

MD5
3b49b662e5c177f3d7335855306b830a

SHA1
8228cd7df8c461bc9b7001be987aa8868bea7071

SHA256
6dcef78d4557b0bc627275f8bdf6cfb99891fddc567a2072836b666fb3ce6544

SHA512
a086d808dbb58ec733ea7edda219f9b7562f03799fa623323df3b0d9dba62438af3f06a9d0bd7e0350492e46196c8ec31651cdbb23d727f89f7ab58a8614614b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe

Filesize
184KB

MD5
a22f2f8787c3843aa7f14dd73d8383e0

SHA1
8555f50a855d605338b3d36ad226cbf6ae6d0ddb

SHA256
a23e9b121e718a9dea16241df2d201a39349a808628341aa7b6f9ee960370c7b

SHA512
33ce888bbb0ed7f56714b307341be2359556c8e64e24c6dd39509b2b26afd9ab097072667264da35860f3828511414fa75d19b4cc98aa5d649c8ed56af373400

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe

Filesize
184KB

MD5
455677450ec9b9879ded0c7a70c76310

SHA1
4f674b0d39fb03fa1ac6ea7886263e6b83044563

SHA256
fde1e6ab73f1c8b21a52b9450d14655ecbae2e2f73035fd0c7f8e80040f0116d

SHA512
e53278530dabec45852893e228388ebab0d7b0cff9a0e0149a538df14e70f04e65a1fb371297b91fd280436f262784ee5702eac62b1ffcb7d2dd5ed8bec2372f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61386.exe

Filesize
184KB

MD5
35837d89f22bd05889cd689891097eeb

SHA1
4600eb7da2cb4aa211a28901a6d3f500e34d57ee

SHA256
7f147da0fff18a25b7d30b7be87b068e5ff9c646bd986e35769bcdf64205b928

SHA512
5d9fe348e241fb88d47c778d78e7fb0209c41c01d04e19aa8242f9b3b26b463836590c095baed47067bf1230516f724f012be7ac08f0a049e7a04ee07383fac2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe

Filesize
184KB

MD5
7a3da8e23e43e05e827a044f891a20ba

SHA1
755f8a983cdcdea52a642a6c2b49c755c8e709ac

SHA256
9797cd22392196d78f5e63806d9ec1c7d06a082a4b843923e70a9c73e2b9221b

SHA512
5cb178a66ee24b1f7f98df44e9c81c41c9849936baf40a315bef2679bf41028be4c02432f7594ef7565ddd2f9f08e1cfb38ccfe2fdab4df3e05e1dada20b6a7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8215.exe

Filesize
184KB

MD5
3f2c46f330473885ab322d1204f0724b

SHA1
380067e68849d44efb9b617edaca0fd35dff9f14

SHA256
6ae802ac68f5f4f1404fecb1251e4872538fccee91eaeaecba9c1fef03a5b9d6

SHA512
da3a750628f9247f5a7520c4cbda4c5388861bb323972a1ca11c6a4124196f5e265626c8c1ed1b320f3172bd3438a950763c07d6dcd19239cc5ff03bbf51bff7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8444.exe

Filesize
184KB

MD5
13c8e7e6d7749dedf8c5442f625159aa

SHA1
3cac5128b82d36dcf1311ee5fd01080cfdcf2bc5

SHA256
7fb2184d4fa0c4d895349b3b72d70a7bccda141653bff115f8c8d69d9e789882

SHA512
c177cd958eb1defca81ae11f30fbdad48212d59217034ffdaaf87e0fbc4972be7ba60d74e2a9804ea25b7c27cc749cefa358515242495670b82b84bf7491e319

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-883.exe

Filesize
184KB

MD5
e3762301b31d25df5a7c72181287d110

SHA1
7edac3565de432e80876dbd15308bee673d991d3

SHA256
ba6f2456b45244ec14465f5f70d39c228dd1ba970335a1e547ab83eb80f3dcc3

SHA512
b8d6f92b3c6731d4bddc2aebe7699ed98ec2d843bb1906b9d4d773733a40208a53b1fdff1a95a4b4497f8048c0fbda4b60671ffac267576976e39d340ff4f72e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads