545d9117e9f7a6bd47c72aae207540b7fd6a9bc60a743252243e99ece2502a84

Analysis

max time kernel
53s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe
Size

184KB
MD5

f2525ed6798dacdbec8912822eb52338
SHA1

2002edce3062976ad94419a57512db64fcd57919
SHA256

545d9117e9f7a6bd47c72aae207540b7fd6a9bc60a743252243e99ece2502a84
SHA512

5db428baf34b3088bc8eca0fc07a748e31f3607ffd84cb38fa95de880617556857cfdf6b677da3dc5c018079d000690e28713ea1e0dd8ecf26ce247a025a06e5
SSDEEP

3072:Kj9Roz+MRl+K3OjYdTD/tCFbGDz6Ys9I0hGxTqPCm7lPvpFg:KjToDsK3TdP/tCjqD27lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2248	Unicorn-28422.exe
2524	Unicorn-50226.exe
2588	Unicorn-30360.exe
2704	Unicorn-63426.exe
2916	Unicorn-18091.exe
2384	Unicorn-20168.exe
2008	Unicorn-24061.exe
2448	Unicorn-42042.exe
2652	Unicorn-4387.exe
1792	Unicorn-56551.exe
1848	Unicorn-28669.exe
1348	Unicorn-2450.exe
848	Unicorn-51386.exe
2420	Unicorn-62974.exe
2196	Unicorn-61438.exe
2164	Unicorn-62035.exe
268	Unicorn-53950.exe
872	Unicorn-47598.exe
1400	Unicorn-45102.exe
680	Unicorn-57425.exe
2972	Unicorn-42219.exe
1912	Unicorn-13761.exe
1420	Unicorn-21847.exe
1796	Unicorn-58878.exe
1628	Unicorn-52869.exe
2796	Unicorn-61426.exe
284	Unicorn-32968.exe
1656	Unicorn-35499.exe
1308	Unicorn-48889.exe
304	Unicorn-50845.exe
1428	Unicorn-5173.exe
2244	Unicorn-29894.exe
3052	Unicorn-7916.exe
2504	Unicorn-20102.exe
1208	Unicorn-1544.exe
2184	Unicorn-19142.exe
2632	Unicorn-15285.exe
2444	Unicorn-21638.exe
2108	Unicorn-18426.exe
2172	Unicorn-64289.exe
2396	Unicorn-18618.exe
2636	Unicorn-29827.exe
2644	Unicorn-14761.exe
1568	Unicorn-54232.exe
2144	Unicorn-32899.exe
340	Unicorn-62037.exe
352	Unicorn-42432.exe
2736	Unicorn-64881.exe
2096	Unicorn-60693.exe
2208	Unicorn-46047.exe
584	Unicorn-64116.exe
1580	Unicorn-53011.exe
824	Unicorn-31801.exe
1736	Unicorn-51667.exe
2516	Unicorn-25601.exe
448	Unicorn-22585.exe
1104	Unicorn-22585.exe
2220	Unicorn-33598.exe
1228	Unicorn-16612.exe
1544	Unicorn-2435.exe
2988	Unicorn-9124.exe
1940	Unicorn-57796.exe
2016	Unicorn-31922.exe
3048	Unicorn-14552.exe

Loads dropped DLL 64 IoCs

pid	Process
2184	f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe
2184	f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe
2248	Unicorn-28422.exe
2184	f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe
2248	Unicorn-28422.exe
2184	f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe
2524	Unicorn-50226.exe
2524	Unicorn-50226.exe
2248	Unicorn-28422.exe
2248	Unicorn-28422.exe
2588	Unicorn-30360.exe
2588	Unicorn-30360.exe
2916	Unicorn-18091.exe
2916	Unicorn-18091.exe
2704	Unicorn-63426.exe
2704	Unicorn-63426.exe
2524	Unicorn-50226.exe
2524	Unicorn-50226.exe
2384	Unicorn-20168.exe
2384	Unicorn-20168.exe
2588	Unicorn-30360.exe
2588	Unicorn-30360.exe
2008	Unicorn-24061.exe
2008	Unicorn-24061.exe
2916	Unicorn-18091.exe
2916	Unicorn-18091.exe
2652	Unicorn-4387.exe
2652	Unicorn-4387.exe
1792	Unicorn-56551.exe
1792	Unicorn-56551.exe
2448	Unicorn-42042.exe
2448	Unicorn-42042.exe
1848	Unicorn-28669.exe
2704	Unicorn-63426.exe
1848	Unicorn-28669.exe
2704	Unicorn-63426.exe
2384	Unicorn-20168.exe
2384	Unicorn-20168.exe
1348	Unicorn-2450.exe
1348	Unicorn-2450.exe
2008	Unicorn-24061.exe
2008	Unicorn-24061.exe
848	Unicorn-51386.exe
848	Unicorn-51386.exe
2420	Unicorn-62974.exe
2420	Unicorn-62974.exe
2652	Unicorn-4387.exe
2652	Unicorn-4387.exe
2196	Unicorn-61438.exe
2196	Unicorn-61438.exe
1792	Unicorn-56551.exe
1792	Unicorn-56551.exe
2164	Unicorn-62035.exe
2164	Unicorn-62035.exe
2448	Unicorn-42042.exe
2448	Unicorn-42042.exe
268	Unicorn-53950.exe
268	Unicorn-53950.exe
1848	Unicorn-28669.exe
1848	Unicorn-28669.exe
1400	Unicorn-45102.exe
1400	Unicorn-45102.exe
680	Unicorn-57425.exe
680	Unicorn-57425.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2184	f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe
2248	Unicorn-28422.exe
2524	Unicorn-50226.exe
2588	Unicorn-30360.exe
2916	Unicorn-18091.exe
2704	Unicorn-63426.exe
2384	Unicorn-20168.exe
2008	Unicorn-24061.exe
2652	Unicorn-4387.exe
2448	Unicorn-42042.exe
1792	Unicorn-56551.exe
1848	Unicorn-28669.exe
1348	Unicorn-2450.exe
848	Unicorn-51386.exe
2420	Unicorn-62974.exe
2196	Unicorn-61438.exe
2164	Unicorn-62035.exe
268	Unicorn-53950.exe
872	Unicorn-47598.exe
1400	Unicorn-45102.exe
680	Unicorn-57425.exe
2972	Unicorn-42219.exe
1912	Unicorn-13761.exe
1796	Unicorn-58878.exe
1420	Unicorn-21847.exe
1628	Unicorn-52869.exe
2796	Unicorn-61426.exe
284	Unicorn-32968.exe
1656	Unicorn-35499.exe
1308	Unicorn-48889.exe
304	Unicorn-50845.exe
1428	Unicorn-5173.exe
2244	Unicorn-29894.exe
3052	Unicorn-7916.exe
2504	Unicorn-20102.exe
1208	Unicorn-1544.exe
2184	Unicorn-19142.exe
2632	Unicorn-15285.exe
2444	Unicorn-21638.exe
2108	Unicorn-18426.exe
2396	Unicorn-18618.exe
2172	Unicorn-64289.exe
2636	Unicorn-29827.exe
2644	Unicorn-14761.exe
2144	Unicorn-32899.exe
1568	Unicorn-54232.exe
340	Unicorn-62037.exe
352	Unicorn-42432.exe
2736	Unicorn-64881.exe
2096	Unicorn-60693.exe
2208	Unicorn-46047.exe
584	Unicorn-64116.exe
824	Unicorn-31801.exe
1580	Unicorn-53011.exe
1736	Unicorn-51667.exe
2516	Unicorn-25601.exe
448	Unicorn-22585.exe
1104	Unicorn-22585.exe
2220	Unicorn-33598.exe
1228	Unicorn-16612.exe
1544	Unicorn-2435.exe
1940	Unicorn-57796.exe
2988	Unicorn-9124.exe
2016	Unicorn-31922.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2248	2184	f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe	28
PID 2184 wrote to memory of 2248	2184	f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe	28
PID 2184 wrote to memory of 2248	2184	f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe	28
PID 2184 wrote to memory of 2248	2184	f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe	28
PID 2248 wrote to memory of 2524	2248	Unicorn-28422.exe	29
PID 2248 wrote to memory of 2524	2248	Unicorn-28422.exe	29
PID 2248 wrote to memory of 2524	2248	Unicorn-28422.exe	29
PID 2248 wrote to memory of 2524	2248	Unicorn-28422.exe	29
PID 2184 wrote to memory of 2588	2184	f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe	30
PID 2184 wrote to memory of 2588	2184	f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe	30
PID 2184 wrote to memory of 2588	2184	f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe	30
PID 2184 wrote to memory of 2588	2184	f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe	30
PID 2524 wrote to memory of 2704	2524	Unicorn-50226.exe	31
PID 2524 wrote to memory of 2704	2524	Unicorn-50226.exe	31
PID 2524 wrote to memory of 2704	2524	Unicorn-50226.exe	31
PID 2524 wrote to memory of 2704	2524	Unicorn-50226.exe	31
PID 2248 wrote to memory of 2916	2248	Unicorn-28422.exe	32
PID 2248 wrote to memory of 2916	2248	Unicorn-28422.exe	32
PID 2248 wrote to memory of 2916	2248	Unicorn-28422.exe	32
PID 2248 wrote to memory of 2916	2248	Unicorn-28422.exe	32
PID 2588 wrote to memory of 2384	2588	Unicorn-30360.exe	33
PID 2588 wrote to memory of 2384	2588	Unicorn-30360.exe	33
PID 2588 wrote to memory of 2384	2588	Unicorn-30360.exe	33
PID 2588 wrote to memory of 2384	2588	Unicorn-30360.exe	33
PID 2916 wrote to memory of 2008	2916	Unicorn-18091.exe	34
PID 2916 wrote to memory of 2008	2916	Unicorn-18091.exe	34
PID 2916 wrote to memory of 2008	2916	Unicorn-18091.exe	34
PID 2916 wrote to memory of 2008	2916	Unicorn-18091.exe	34
PID 2704 wrote to memory of 2448	2704	Unicorn-63426.exe	35
PID 2704 wrote to memory of 2448	2704	Unicorn-63426.exe	35
PID 2704 wrote to memory of 2448	2704	Unicorn-63426.exe	35
PID 2704 wrote to memory of 2448	2704	Unicorn-63426.exe	35
PID 2524 wrote to memory of 2652	2524	Unicorn-50226.exe	36
PID 2524 wrote to memory of 2652	2524	Unicorn-50226.exe	36
PID 2524 wrote to memory of 2652	2524	Unicorn-50226.exe	36
PID 2524 wrote to memory of 2652	2524	Unicorn-50226.exe	36
PID 2384 wrote to memory of 1848	2384	Unicorn-20168.exe	37
PID 2384 wrote to memory of 1848	2384	Unicorn-20168.exe	37
PID 2384 wrote to memory of 1848	2384	Unicorn-20168.exe	37
PID 2384 wrote to memory of 1848	2384	Unicorn-20168.exe	37
PID 2588 wrote to memory of 1792	2588	Unicorn-30360.exe	38
PID 2588 wrote to memory of 1792	2588	Unicorn-30360.exe	38
PID 2588 wrote to memory of 1792	2588	Unicorn-30360.exe	38
PID 2588 wrote to memory of 1792	2588	Unicorn-30360.exe	38
PID 2008 wrote to memory of 1348	2008	Unicorn-24061.exe	39
PID 2008 wrote to memory of 1348	2008	Unicorn-24061.exe	39
PID 2008 wrote to memory of 1348	2008	Unicorn-24061.exe	39
PID 2008 wrote to memory of 1348	2008	Unicorn-24061.exe	39
PID 2916 wrote to memory of 848	2916	Unicorn-18091.exe	40
PID 2916 wrote to memory of 848	2916	Unicorn-18091.exe	40
PID 2916 wrote to memory of 848	2916	Unicorn-18091.exe	40
PID 2916 wrote to memory of 848	2916	Unicorn-18091.exe	40
PID 2652 wrote to memory of 2420	2652	Unicorn-4387.exe	41
PID 2652 wrote to memory of 2420	2652	Unicorn-4387.exe	41
PID 2652 wrote to memory of 2420	2652	Unicorn-4387.exe	41
PID 2652 wrote to memory of 2420	2652	Unicorn-4387.exe	41
PID 1792 wrote to memory of 2196	1792	Unicorn-56551.exe	42
PID 1792 wrote to memory of 2196	1792	Unicorn-56551.exe	42
PID 1792 wrote to memory of 2196	1792	Unicorn-56551.exe	42
PID 1792 wrote to memory of 2196	1792	Unicorn-56551.exe	42
PID 2448 wrote to memory of 2164	2448	Unicorn-42042.exe	43
PID 2448 wrote to memory of 2164	2448	Unicorn-42042.exe	43
PID 2448 wrote to memory of 2164	2448	Unicorn-42042.exe	43
PID 2448 wrote to memory of 2164	2448	Unicorn-42042.exe	43

C:\Users\Admin\AppData\Local\Temp\f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f2525ed6798dacdbec8912822eb52338_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31853.exe
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44881.exe
        10⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36380.exe
        11⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        10⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38408.exe
        11⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58284.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
        9⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33598.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5738.exe
        9⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe
        10⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25210.exe
        11⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        10⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
        8⤵
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21847.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29827.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2435.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29677.exe
        9⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34320.exe
        10⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
        9⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        10⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24176.exe
        9⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
        10⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        9⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        10⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36079.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        8⤵
        
        PID:808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19142.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25601.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32864.exe
        9⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
        7⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
        8⤵
        
        PID:2480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46047.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55124.exe
        9⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe
        10⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
        11⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46188.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
        9⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        10⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
        9⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        10⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64116.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
        8⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        9⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        10⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
        9⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13036.exe
        7⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        8⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53011.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16316.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23476.exe
        9⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31094.exe
        11⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        8⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        9⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-456.exe
        10⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51811.exe
        7⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31801.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1476.exe
        7⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22760.exe
        8⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        9⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16703.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24739.exe
        9⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        10⤵
        
        PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13761.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12264.exe
        7⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62544.exe
        6⤵
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15285.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45295.exe
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        7⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53228.exe
        8⤵
        
        PID:1128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30360.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30360.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32899.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57796.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2019.exe
        9⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7242.exe
        10⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7838.exe
        11⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        10⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
        11⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        9⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14552.exe
        7⤵
        Executes dropped EXE
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        8⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
        7⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55670.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
        9⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        10⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39038.exe
        9⤵
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34418.exe
        7⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        8⤵
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
        6⤵
        
        PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5173.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54011.exe
        8⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62544.exe
        6⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
        7⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49597.exe
        8⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10037.exe
        9⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53141.exe
        7⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60693.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
        6⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        7⤵
        
        PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52869.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18426.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36079.exe
        7⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
        8⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36712.exe
        9⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        10⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
        9⤵
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23945.exe
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
        7⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        8⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64289.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31922.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
        7⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29677.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
        9⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12237.exe
        10⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48096.exe
        8⤵
        
        PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58232.exe
        6⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        7⤵
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28609.exe
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18992.exe
        7⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22782.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52561.exe
        9⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
        7⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
        8⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5336.exe
        5⤵
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33401.exe
        6⤵
        
        PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe

Filesize
184KB

MD5
469ab373fbdf945c9b4eecb5c876236c

SHA1
865ee4dceb035e65aac13666804820f4a272e463

SHA256
f1252efb77ab8af0ba307b48ec03e181829b3e233b8568d668c8b4ed2657492e

SHA512
6eec2f705b6f7c7bd8f3d3fa33c5b0b7b9ac7324b36fc5014028c3840c840b94cfb48e341e5e7a0613179a74618f23cdacc03fef4dffd2a936ed4a4695a8a053

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe

Filesize
184KB

MD5
8e49b44c5174f00ed22e247fd1539688

SHA1
4a7ca1afbe4be03876524ae50a392c2d2bbe8351

SHA256
6fd10e6c91284f4407c4bf0df1d6b0cb0b5fba245ba77bddd7a489d8ede327b7

SHA512
0f5c880e017e48162b2e522334f0d4a661223e1b819fbe287fd78b39b8786260efb844b890b79c3a56bc244d166287fcaaa611fbccb580d76174dc2593d7c578

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe

Filesize
184KB

MD5
5e80537b8ea0203bfd71a201d888c535

SHA1
09782019cfd84a4036e778e1e7afd3340fe44c83

SHA256
432c7696836801f9808b811c73837b7c90416085694bfd7c5827cc368ce0a8e8

SHA512
fdbe864cee8242e5941115d61a9cff730729dfb7a929e91b85e0015c00bc7b70e39d506471acee6de93690823934a78382dfbcfc885b02b8a536747456532d91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe

Filesize
184KB

MD5
166959a897b3eeb10533514b1ae3bc64

SHA1
5c0ca71b1d92ed76471eaa23ce1661c2de4c6063

SHA256
fc429a0f557bc45d0ae8dc53dd8b4370736e1f0f6554fa4a814ee36d25058181

SHA512
869fa676c482b0254d05e83f0b4f3204a9ebdcb37847dfabc715e014e06a7ff9304e9324eaf46dc198fa2e3a0f2647334dcf262d3a0c8dcf58fcc1b6de5ef424

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5738.exe

Filesize
184KB

MD5
b5b621bdce2ef424990702f63207cb72

SHA1
30ab62a37cefa6ce2a7d4f99cef6c325f4e8a0a0

SHA256
9efb8f60743ac30aeddd25e21e91bb745a04875de81e1bd3a9b1c293e93dc651

SHA512
6ed5e1f2fb787d799bb27e5591a9e39b6e5d475aabb97680291fc1a36e8890f2a234f09387c03936414884d146ed35bc4b2cd72486d4f4a2279e7cac9b1e0633

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe

Filesize
184KB

MD5
a8047c9b7a87fa775f454aaf502a914c

SHA1
f2e591ade66917cd95c88508d74d6904e2add499

SHA256
df3c0cee23968b8209f2aa67694b61971388aea268c94e45c4df6c49ee96e0ae

SHA512
d7fae5ff852a70a241b9cb1d7c434bc55b54072b6efcf8e3d94ce2e6d6adc8b7dec0e2b5b985bc5ab9624da851dc90f4d4a6cfc7074d79ad564b743c44704560

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe

Filesize
184KB

MD5
fdd4ea02166cfdc3006aea18d1473cfd

SHA1
fba32021a41f65e5452a096d1c8a778256b5cf3e

SHA256
ace802f50edd73bd4eade89983496d0242b5982cb70daf1997ab96aa1aa30bb6

SHA512
d200a923c861907d17e49d134748a31d2e291129beb0baa912624b9b62918f967f1a409ed62954e127d5b3be1e714cc18e82a4c96123abb065b33b1f07ae2784

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2450.exe

Filesize
184KB

MD5
f2472d421e2d582889ce02e2a27e4e01

SHA1
fe855e898f89e00f2f4cc6de1a67cb7a930782d4

SHA256
d9ef1221d9ec486cbe2f1a01bd71e52692eb13405e7b10a339c2511bc48125ef

SHA512
9e63a3664d15dce67d6e799b1d0ad78f5f21f657131fcf55b302b289e0edfad2cf1a7843a346bad39d938fdfa16465567357011c892dc3a05b89c3e9816e1641

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe

Filesize
184KB

MD5
0971edd57251df4183f6cacfb5597506

SHA1
3ce1fc821a3ab235ac21c1639eef9d433c02e12d

SHA256
15ea921c7d317d9b99e1ecff06b684446f1e5145198d8f8abc203c67d0b5857a

SHA512
a8aaaaa82d36625055134dafe616207bb39f5c3b10d526e5c54e0ac462716057992bfc7024b26c4cc65c2bcc588831998ed0426885995457bfbd2d3953b0ea37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30360.exe

Filesize
184KB

MD5
39e3ef424867152da9655a571c7d7ff3

SHA1
336351b5b0d2ccebd118a63249c9efa21cff8bba

SHA256
cefd0d01b46d577a994dc2e134699c5f33433d4a0213975da86497de1187f25d

SHA512
9c79e76359400e1c4089c723474ba15b4832323b51c9de2d654f2d25e03fcdb19e0b7b50f2f41e616600a15ef98426f8b05b2224d73952b5bfec73d8c7c26b89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe

Filesize
184KB

MD5
99e7b69890505c03471775fdadef6125

SHA1
2281e910d9e291cea8857b76d57e7f987e8f1049

SHA256
e0e9926b1c067a35e673f822070a2939e506e6b5d35f74268252ca6d00ff25a6

SHA512
bdeb079d6ffcefe03a0e2ddb3a9bebc005efb7801bd483a41ffde5736c9a712b27caad6f416dff864a0ef387b4b1256edca744af5a591a3b14c60e0c28a5f654

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4387.exe

Filesize
184KB

MD5
1de1c703ab677aba36fdd1005f429317

SHA1
7eb07ddbe2949548ee4b75260013a5b03c4072fe

SHA256
1163d6500c60bc77116ff611974f184e014f3df213f0caa383b05d1c4af51ca1

SHA512
50a62053e53a24109dd962ead46340410fcdccf187e047b3bd58e9f491989809328778aac31168d3f604293033f02cf4e5dc08c616c0a27a10ae4882c928e81a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe

Filesize
184KB

MD5
fab34d49f75f3c8f3ef1f5b081b97212

SHA1
bca34a54b2aec089395aa839197b801e1b4efabf

SHA256
557a745d8e432d78633aad67205b1053931aed9a1a1196300b7b7a63fe79193c

SHA512
ca8e7c301afbd155571eab4147489ee2416552f6604b2ad177eca2c77ae502f8ef990e4b2e7b3e0d68559852d40a1780df41e650cd366f8c172a9ca21ab5057e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe

Filesize
184KB

MD5
de9fbc475e352d180579df2c54f823bb

SHA1
65117606cf83298511e956c633f78750ee1e6a31

SHA256
69a360a9e685c030404f4f19dfb63b5dd019bd2f38f6b2ef437306068bb73ed6

SHA512
cbcc076441485da43acf3249087bdcee124d166aa9a3ceae80450c0db1bdf63bb13777e920f172f8a73d7150b02d57e536b9cdced34d2afa67486813ecb28ae3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe

Filesize
184KB

MD5
30179c785feddb2c7ec783d8fe229909

SHA1
453dc35fa49946d2ff2b92c9ba4450ee3b867ec2

SHA256
69128c9a72a755d86200a774b690705426bde371831508a912895ccb7e519779

SHA512
7aaac3f7973050724226f8f8f4c962838e47348085c136f4e653257632b4cce92a2db8ee96fe9740dc1cd94f877266e703150646a745632e297de216124ac101

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe

Filesize
184KB

MD5
efb2c8377dc4884cc093ac56f3ea6fc9

SHA1
820aa00b61c44b5aea53100c06ee2c48e4dde0d6

SHA256
1b085a404c2b0005f5767675192eee2568df325f1efec3a21869742ec693451c

SHA512
79b0f7a36aabd549f507a45c60530818ccbe5f97d8d2ce59bac0f623c5e61673b7e14a9a9101200b03a38fe1c34574c8c02400b13a939ee3a485d6c9960f5f89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56551.exe

Filesize
184KB

MD5
0313fe4eaaa76049d80f71985dfa7117

SHA1
7e84723fdf5a00e7bdc3c247d9460aa31201c9df

SHA256
787a9d564c7e9068ee4bcc14610ea621c0625dcc611f22a720a7af809dca6681

SHA512
be2b4b5638ba9f34cb9f705da95e199353ce5759d4ac02fb88fa512095057273ca23e4aaf331be7bca73f6f0de65402a16348ca5e4ee45ce70c9bc287e7a267c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe

Filesize
184KB

MD5
0dbff370a145be23c5fdf1825efbd93f

SHA1
6018d3b7d8d1ab92af59fbf16269571b9040d219

SHA256
6eaa341b58fd146dadeb4d8fecead432ace67006ea503832302c21322cc506f0

SHA512
1310fd9004a7720d448bb6f6af9476405d7e7870a4cc11ed6847e996c4ec022719129dc15d72c53df004badbac466fcc6dae87ec5f3b6b287ef5e0926d7f4091

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe

Filesize
184KB

MD5
9a01e1d62c11266cb417f7e68667c35f

SHA1
0acfad91d433e08be7024c2357cf6c2d43c5a8e5

SHA256
75d65b372051d2fdc093bc8d231668620d2f8b1cda0b135efc75b77b9dbef57e

SHA512
0968d79c42b219d6c36636e05f11bf6b1ae24cf2027bdf9008a7aac968d7317de6d642b032147c22423ce473b15c59e75fbf7b5e5344005457c563feaebc29c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe

Filesize
184KB

MD5
9a23375f87d24fac59814140a5f94c12

SHA1
00f0c61a06db330df22412d4102539eed8817348

SHA256
1b14dfe0459a1cdba0bf0efdd5c821e00b6475090bf736c6d147ce6851d3afa8

SHA512
fa7b591ca417d3cbd298b889f278be76b13f0ff9cf4629df62b3b88a9165ac68ce5eacce0715e765ff2d06449b56f3d86498cfe5c2830090fcaa7ee1a09c4841

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe

Filesize
184KB

MD5
e2b0eb7b76f17c2a4c80516621e0764b

SHA1
aedbd5a273e89aa43e64b91158e050ccaadfaa2f

SHA256
f3ccdae0ca9489d76e6a3f5bf849d493c99dac5262ddd58d23fc9ce239c35a43

SHA512
29be43d6757a6e14cbb53e3f6b49759e572596ca61e37e9feb4e39c7947fe5ddbeb10f2b9203273f7ec724fa956d51d619d7e593a3dbef884b0ed38250463b7a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads