fd4f91526adedd755131816a12c4bd9fdd9901f9b85d513b997f8a25aa3b5bbc

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/04/2024, 07:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe
Size

188KB
MD5

f9cff8a2b0fb817ac97da5264c7f7714
SHA1

e04653770ccd462fe5154ac73e31a98a9d44d400
SHA256

fd4f91526adedd755131816a12c4bd9fdd9901f9b85d513b997f8a25aa3b5bbc
SHA512

b6efc2230e2da4dc01f373e292617d65aa25bca98cb76161bac50f4a6b94d679820976f47fc9633359adaaaba7f803df6d78fe154cac55e6c0e1323f9a785ff4
SSDEEP

3072:48toNmjp+zxwQnHj58qrHKURi52vMyBfJflx3n+aHVlw1pFT:48qN3KQnd8MHKU7N5lVlw1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2024	Unicorn-7944.exe
1720	Unicorn-31462.exe
2912	Unicorn-10487.exe
2580	Unicorn-51359.exe
2696	Unicorn-26663.exe
2692	Unicorn-28032.exe
2464	Unicorn-60544.exe
2352	Unicorn-14872.exe
2940	Unicorn-47737.exe
1476	Unicorn-12796.exe
2332	Unicorn-39761.exe
2200	Unicorn-26736.exe
800	Unicorn-17416.exe
2060	Unicorn-63279.exe
1652	Unicorn-42304.exe
1468	Unicorn-26160.exe
1952	Unicorn-65391.exe
2124	Unicorn-61629.exe
2052	Unicorn-41763.exe
844	Unicorn-12846.exe
1988	Unicorn-1149.exe
1176	Unicorn-53194.exe
1580	Unicorn-33328.exe
1684	Unicorn-4185.exe
612	Unicorn-55114.exe
2900	Unicorn-51777.exe
2740	Unicorn-63666.exe
2192	Unicorn-60329.exe
3008	Unicorn-5145.exe
1512	Unicorn-28581.exe
2932	Unicorn-34480.exe
2248	Unicorn-13505.exe
2540	Unicorn-43184.exe
2848	Unicorn-31486.exe
2596	Unicorn-18872.exe
2576	Unicorn-28960.exe
2840	Unicorn-9094.exe
2620	Unicorn-37320.exe
2488	Unicorn-41958.exe
2368	Unicorn-25814.exe
2780	Unicorn-45680.exe
764	Unicorn-36443.exe
1480	Unicorn-23977.exe
2320	Unicorn-43843.exe
1944	Unicorn-13090.exe
2768	Unicorn-43843.exe
1956	Unicorn-25897.exe
804	Unicorn-45955.exe
1112	Unicorn-26089.exe
1444	Unicorn-45955.exe
1452	Unicorn-9753.exe
948	Unicorn-29619.exe
2672	Unicorn-42961.exe
2692	Unicorn-968.exe
1688	Unicorn-35727.exe
1044	Unicorn-57278.exe
664	Unicorn-27943.exe
2748	Unicorn-59847.exe
2996	Unicorn-18623.exe
2812	Unicorn-7117.exe
1752	Unicorn-2670.exe
2348	Unicorn-61767.exe
2032	Unicorn-27175.exe
2460	Unicorn-869.exe

Loads dropped DLL 64 IoCs

pid	Process
1084	f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe
1084	f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe
1084	f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe
1084	f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe
2024	Unicorn-7944.exe
2024	Unicorn-7944.exe
1720	Unicorn-31462.exe
1720	Unicorn-31462.exe
2912	Unicorn-10487.exe
2912	Unicorn-10487.exe
2024	Unicorn-7944.exe
2024	Unicorn-7944.exe
2580	Unicorn-51359.exe
1720	Unicorn-31462.exe
1720	Unicorn-31462.exe
2580	Unicorn-51359.exe
2692	Unicorn-28032.exe
2692	Unicorn-28032.exe
2912	Unicorn-10487.exe
2912	Unicorn-10487.exe
2696	Unicorn-26663.exe
2696	Unicorn-26663.exe
2464	Unicorn-60544.exe
2464	Unicorn-60544.exe
2352	Unicorn-14872.exe
2352	Unicorn-14872.exe
2580	Unicorn-51359.exe
2580	Unicorn-51359.exe
1476	Unicorn-12796.exe
1476	Unicorn-12796.exe
2332	Unicorn-39761.exe
2332	Unicorn-39761.exe
2696	Unicorn-26663.exe
2696	Unicorn-26663.exe
2940	Unicorn-47737.exe
2940	Unicorn-47737.exe
2692	Unicorn-28032.exe
2692	Unicorn-28032.exe
2200	Unicorn-26736.exe
2464	Unicorn-60544.exe
2464	Unicorn-60544.exe
2200	Unicorn-26736.exe
800	Unicorn-17416.exe
800	Unicorn-17416.exe
2352	Unicorn-14872.exe
2352	Unicorn-14872.exe
2060	Unicorn-63279.exe
2060	Unicorn-63279.exe
1652	Unicorn-42304.exe
1652	Unicorn-42304.exe
1476	Unicorn-12796.exe
1476	Unicorn-12796.exe
1468	Unicorn-26160.exe
1468	Unicorn-26160.exe
2332	Unicorn-39761.exe
2332	Unicorn-39761.exe
2124	Unicorn-61629.exe
2124	Unicorn-61629.exe
2940	Unicorn-47737.exe
2940	Unicorn-47737.exe
2052	Unicorn-41763.exe
2052	Unicorn-41763.exe
1952	Unicorn-65391.exe
1952	Unicorn-65391.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2416	1580	WerFault.exe	50

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1084	f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe
2024	Unicorn-7944.exe
1720	Unicorn-31462.exe
2912	Unicorn-10487.exe
2580	Unicorn-51359.exe
2692	Unicorn-28032.exe
2696	Unicorn-26663.exe
2464	Unicorn-60544.exe
2352	Unicorn-14872.exe
2940	Unicorn-47737.exe
1476	Unicorn-12796.exe
2332	Unicorn-39761.exe
2200	Unicorn-26736.exe
800	Unicorn-17416.exe
2060	Unicorn-63279.exe
1652	Unicorn-42304.exe
1468	Unicorn-26160.exe
2124	Unicorn-61629.exe
2052	Unicorn-41763.exe
1952	Unicorn-65391.exe
844	Unicorn-12846.exe
1988	Unicorn-1149.exe
1176	Unicorn-53194.exe
1580	Unicorn-33328.exe
1684	Unicorn-4185.exe
612	Unicorn-55114.exe
2900	Unicorn-51777.exe
2740	Unicorn-63666.exe
2192	Unicorn-60329.exe
3008	Unicorn-5145.exe
1512	Unicorn-28581.exe
2932	Unicorn-34480.exe
2248	Unicorn-13505.exe
2848	Unicorn-31486.exe
2596	Unicorn-18872.exe
2840	Unicorn-9094.exe
2576	Unicorn-28960.exe
2488	Unicorn-41958.exe
2620	Unicorn-37320.exe
764	Unicorn-36443.exe
2320	Unicorn-43843.exe
1444	Unicorn-45955.exe
2768	Unicorn-43843.exe
1480	Unicorn-23977.exe
2368	Unicorn-25814.exe
1452	Unicorn-9753.exe
1956	Unicorn-25897.exe
804	Unicorn-45955.exe
2780	Unicorn-45680.exe
1112	Unicorn-26089.exe
948	Unicorn-29619.exe
1944	Unicorn-13090.exe
2672	Unicorn-42961.exe
2692	Unicorn-968.exe
1688	Unicorn-35727.exe
1044	Unicorn-57278.exe
664	Unicorn-27943.exe
2748	Unicorn-59847.exe
2812	Unicorn-7117.exe
2996	Unicorn-18623.exe
1752	Unicorn-2670.exe
2516	Unicorn-37263.exe
2016	Unicorn-17205.exe
2460	Unicorn-869.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 2024	1084	f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe	28
PID 1084 wrote to memory of 2024	1084	f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe	28
PID 1084 wrote to memory of 2024	1084	f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe	28
PID 1084 wrote to memory of 2024	1084	f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe	28
PID 1084 wrote to memory of 1720	1084	f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe	29
PID 1084 wrote to memory of 1720	1084	f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe	29
PID 1084 wrote to memory of 1720	1084	f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe	29
PID 1084 wrote to memory of 1720	1084	f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe	29
PID 2024 wrote to memory of 2912	2024	Unicorn-7944.exe	30
PID 2024 wrote to memory of 2912	2024	Unicorn-7944.exe	30
PID 2024 wrote to memory of 2912	2024	Unicorn-7944.exe	30
PID 2024 wrote to memory of 2912	2024	Unicorn-7944.exe	30
PID 1720 wrote to memory of 2580	1720	Unicorn-31462.exe	31
PID 1720 wrote to memory of 2580	1720	Unicorn-31462.exe	31
PID 1720 wrote to memory of 2580	1720	Unicorn-31462.exe	31
PID 1720 wrote to memory of 2580	1720	Unicorn-31462.exe	31
PID 2912 wrote to memory of 2696	2912	Unicorn-10487.exe	32
PID 2912 wrote to memory of 2696	2912	Unicorn-10487.exe	32
PID 2912 wrote to memory of 2696	2912	Unicorn-10487.exe	32
PID 2912 wrote to memory of 2696	2912	Unicorn-10487.exe	32
PID 2024 wrote to memory of 2692	2024	Unicorn-7944.exe	33
PID 2024 wrote to memory of 2692	2024	Unicorn-7944.exe	33
PID 2024 wrote to memory of 2692	2024	Unicorn-7944.exe	33
PID 2024 wrote to memory of 2692	2024	Unicorn-7944.exe	33
PID 1720 wrote to memory of 2464	1720	Unicorn-31462.exe	35
PID 1720 wrote to memory of 2464	1720	Unicorn-31462.exe	35
PID 1720 wrote to memory of 2464	1720	Unicorn-31462.exe	35
PID 1720 wrote to memory of 2464	1720	Unicorn-31462.exe	35
PID 2580 wrote to memory of 2352	2580	Unicorn-51359.exe	34
PID 2580 wrote to memory of 2352	2580	Unicorn-51359.exe	34
PID 2580 wrote to memory of 2352	2580	Unicorn-51359.exe	34
PID 2580 wrote to memory of 2352	2580	Unicorn-51359.exe	34
PID 2692 wrote to memory of 2940	2692	Unicorn-28032.exe	36
PID 2692 wrote to memory of 2940	2692	Unicorn-28032.exe	36
PID 2692 wrote to memory of 2940	2692	Unicorn-28032.exe	36
PID 2692 wrote to memory of 2940	2692	Unicorn-28032.exe	36
PID 2912 wrote to memory of 1476	2912	Unicorn-10487.exe	37
PID 2912 wrote to memory of 1476	2912	Unicorn-10487.exe	37
PID 2912 wrote to memory of 1476	2912	Unicorn-10487.exe	37
PID 2912 wrote to memory of 1476	2912	Unicorn-10487.exe	37
PID 2696 wrote to memory of 2332	2696	Unicorn-26663.exe	38
PID 2696 wrote to memory of 2332	2696	Unicorn-26663.exe	38
PID 2696 wrote to memory of 2332	2696	Unicorn-26663.exe	38
PID 2696 wrote to memory of 2332	2696	Unicorn-26663.exe	38
PID 2464 wrote to memory of 2200	2464	Unicorn-60544.exe	39
PID 2464 wrote to memory of 2200	2464	Unicorn-60544.exe	39
PID 2464 wrote to memory of 2200	2464	Unicorn-60544.exe	39
PID 2464 wrote to memory of 2200	2464	Unicorn-60544.exe	39
PID 2352 wrote to memory of 800	2352	Unicorn-14872.exe	40
PID 2352 wrote to memory of 800	2352	Unicorn-14872.exe	40
PID 2352 wrote to memory of 800	2352	Unicorn-14872.exe	40
PID 2352 wrote to memory of 800	2352	Unicorn-14872.exe	40
PID 2580 wrote to memory of 2060	2580	Unicorn-51359.exe	41
PID 2580 wrote to memory of 2060	2580	Unicorn-51359.exe	41
PID 2580 wrote to memory of 2060	2580	Unicorn-51359.exe	41
PID 2580 wrote to memory of 2060	2580	Unicorn-51359.exe	41
PID 1476 wrote to memory of 1652	1476	Unicorn-12796.exe	42
PID 1476 wrote to memory of 1652	1476	Unicorn-12796.exe	42
PID 1476 wrote to memory of 1652	1476	Unicorn-12796.exe	42
PID 1476 wrote to memory of 1652	1476	Unicorn-12796.exe	42
PID 2332 wrote to memory of 1468	2332	Unicorn-39761.exe	43
PID 2332 wrote to memory of 1468	2332	Unicorn-39761.exe	43
PID 2332 wrote to memory of 1468	2332	Unicorn-39761.exe	43
PID 2332 wrote to memory of 1468	2332	Unicorn-39761.exe	43

C:\Users\Admin\AppData\Local\Temp\f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f9cff8a2b0fb817ac97da5264c7f7714_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10487.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26663.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43843.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27175.exe
        9⤵
        Executes dropped EXE
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        10⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14456.exe
        11⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21193.exe
        12⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17205.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
        9⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        10⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        11⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23977.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59847.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
        9⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        10⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        9⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60329.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43843.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
        8⤵
        
        PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13505.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
        8⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28567.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        9⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-869.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        8⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4003.exe
        9⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44270.exe
        10⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        11⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
        10⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26089.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
        7⤵
        
        PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55114.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45680.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
        9⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29361.exe
        10⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58779.exe
        8⤵
        
        PID:852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51777.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32593.exe
        8⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35142.exe
        9⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        10⤵
        
        PID:1660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7117.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17824.exe
        7⤵
        
        PID:1120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47737.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47737.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5145.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45955.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37263.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
        9⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47155.exe
        10⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38380.exe
        11⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        10⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21580.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        9⤵
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9753.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57320.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        9⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43566.exe
        10⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        11⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
        8⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18998.exe
        9⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37454.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        9⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65514.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
        8⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21385.exe
        9⤵
        
        PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41763.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28581.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13090.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23697.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45422.exe
        9⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        10⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        9⤵
        
        PID:800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20735.exe
        6⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        7⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        8⤵
        
        PID:1652
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28960.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2670.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8747.exe
        9⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46081.exe
        10⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
        7⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        8⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        9⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        8⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        9⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61348.exe
        10⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        7⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43886.exe
        8⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28567.exe
        9⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        8⤵
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
        6⤵
        Program crash
        
        PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63279.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35727.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34653.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62463.exe
        9⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43502.exe
        10⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
        11⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14787.exe
        7⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44078.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28567.exe
        10⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8701.exe
        9⤵
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57278.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57813.exe
        7⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45614.exe
        8⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18474.exe
        9⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54364.exe
        10⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        8⤵
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61767.exe
        6⤵
        Executes dropped EXE
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56246.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22087.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43528.exe
        10⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23662.exe
        9⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51949.exe
        6⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
        7⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
        8⤵
        
        PID:2372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26736.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
        6⤵
        Executes dropped EXE
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        7⤵
        
        PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31486.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42961.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49946.exe
        7⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36984.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45396.exe
        9⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54585.exe
        6⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
        8⤵
        
        PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8913.exe
        6⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
        7⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
        8⤵
        
        PID:568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10487.exe

Filesize
188KB

MD5
8c8b373d75915c995f3c2e8d6793408b

SHA1
4e0498c0706769b77dc18a3c2ba7d0e4229867c8

SHA256
191081b8cb28ff2dc1f1134f87684a1fce570cc2a6ec0ab9287d36269d10521d

SHA512
04ecb7112b79a734d81cae15bcad849585f97e4b99d02b9dad579cf55d2648770a65ce583bb87de8fd94c57ae4ec70762eb6ec9ccfc6ed99225e4cb1df01b97b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe

Filesize
188KB

MD5
571199e5701d4cbb66146d9f8d30e52b

SHA1
5998b94979ab38b5bbd2ac11d92a744ff6c51800

SHA256
7fc87bc9ce4682da5559ef383031ed6b8a5d14ed4538e9ba6ecd5e23cb844670

SHA512
872bf01f37e8934e7029e267dcbe53c2c2e14b67f6e68c70b647472bdf8f77fd707d085707510f78ff38c7fcd4329910674702a09c311d8d6536f4e68d4cf60b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60544.exe

Filesize
188KB

MD5
4aed65e3bc3307b6b42d698065c4360e

SHA1
1fb01ad8a2d42540887e1fe024e22360c78c3a83

SHA256
fcbef14036fc57ddd801a3ce9e3be080aa6bb0da79202826802134d9bdce0ad3

SHA512
2336e7ddf9a5fb12f91414e3b3866407c93c41d4eca690728d7524ca3636d9581743cd47bc5079859f53a45f87754bd6212acee2525f03018a052cf044aa0217

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12796.exe

Filesize
188KB

MD5
7aa8d667190a0c7a089e4a24970f88aa

SHA1
16d79eab2486bb9297c729207298446c625ec5ad

SHA256
d6baa496554806c95ef124a7ac3caa48be340bd349253a880d91d0a65e8a173e

SHA512
bf701130f96e26dc654d5e9692beb018a496dc449c125e44255553f038d785a192b5f89a9187a5cd3e6d6ced606ea61389af153e8cc917db8bc5a7da64ad702c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14872.exe

Filesize
188KB

MD5
4d56879e7564dc43e015c480b150e820

SHA1
4a4966a6d0fec8db7914bcda19d3943d03fb946d

SHA256
c92cdfb41f75df3fc43656da2b91564fe93103455cb5984e52387ed2e2b7f7fe

SHA512
31d78f9a72581e119d8781aa4488cebe38855dd59567a80e0787f1e5bcd17c18b8ef78010dfcd1079484f3a2bc1f56f28dcf8d3120632067fa59d8b291bbdac2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17416.exe

Filesize
188KB

MD5
a60823d107186a366956125b835fd23b

SHA1
2037af9b2a44b67f2c846ee1ab42271447721f88

SHA256
16dcacf17aef4f71760b2b84f460dbf7817eec9545bf1e1d5c409a1484e9957a

SHA512
e96a555ab3af1b978a2514f3f3d2da06441d5832e9dc78ec7d0c25716dacff85dda0759579cbb7ea580d2c1472f14907a29393dc0861b083a6b47fec5b75cd9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26160.exe

Filesize
188KB

MD5
f47932281107703a36012867ab3bf118

SHA1
9aa9be274abeda1032f41ce85ca1a32f8110cd27

SHA256
a8b7e9210e86832cbb49c13f5e68bbc77e9255f27946cc8eb1f9a12532180e09

SHA512
1246e27d81d6f46804d4258d59207e017d46dbc22a802765a63fe29302ef9369dc730002575fbf44b3682890acce1c241a7304281ad262a3bf3c5b03e9cd3bc9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26663.exe

Filesize
188KB

MD5
cc748f0e16a525e58e2672cd67c26d15

SHA1
6e8965d13472b72df25932bdac8f41046f48d8ce

SHA256
b612589df742f50bc9b9bba88a2cc1604ac310d5dd5315d713990bdf4a0ba7aa

SHA512
ceee020e9b82c12be1919b94603fa7a8c03c69b280b5aaa0116f5d43b9c973abdaac4c0258ecb6f7b67b394ae37a0f240afbb1a638b957498140db291f745634

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26736.exe

Filesize
188KB

MD5
21d0d7f6ba073043965a51f7e37fd0d4

SHA1
d5769ab89852aaf35675cd7f88e979b198082362

SHA256
3a1275fad8fd6a2dab2ff3cb0c4e203ba0e194ce240e8311879d4fd7590201dd

SHA512
58d102da7e934d37fb820f36de9baee9ee3e5a91d4e0aed1518b3fcd339739806def8babef2a310c7d77e9873151bf8e7a53a99bddca96b29636764f7543a1f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28032.exe

Filesize
188KB

MD5
2ee8f4a61e30435f53bd9e23844b8330

SHA1
c2c517e4bc84f88a5345c37ba5dd8dbf46803710

SHA256
7569f1055b643250830b270a43d2a76920e8d559fcd62b03a527ee78aefa4258

SHA512
8c435dc80cfb34ff413be05001d2cca6ad1c24257cd7403ced3cf3c4f4e7930710fb0f1869eb66e38f5b862e8009227db6a79e013b9d790fad7934c4fac5f417

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe

Filesize
188KB

MD5
94c8898306233769a0026f4697689168

SHA1
ca1aa95ab750f9a24328dbb949dfc42642a46233

SHA256
1b5b5824d0dc02ba1fd69a5832584b37df3eb84b66c5e6d6ee3cb3ad168bfe4b

SHA512
e6f460392655efba20b1aab44cff2da98e911a1502607fdcd2fa757c16185cfa384a1a341c3915daceec9161bf22b06ab0436e91a6609b7d06e337dbbf3e9959

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39761.exe

Filesize
188KB

MD5
d5c98e5dc8a41d5fb485a488aa348f69

SHA1
3c7605194da74a873b20c7551a5b6c02746d4f00

SHA256
7f0fe0390c07d9bcd7e5da0ac901085f0679bf97845a0b2fb233ac57fe2a0bd2

SHA512
172f80da7012e6600206c7bd1e5aaff3bcf6bb5dbc3c5e56ce5b05ec9bfb346fa238f66dc70011e06daf7c5d9318605965da5739d6ffb401a53411ce3568569e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe

Filesize
188KB

MD5
66ed775e5ead72de8cdeaa9bfef7588f

SHA1
f3957bcbc5a77afc1f93bfddbfec8f36148cdf88

SHA256
b4e71238aaaebcb3158fea3bd243d3a68f76034aa6d14cb2fa273402f59a5f67

SHA512
bb7c2012ac084462b99fe44f17ea32911545f3336c03cc3210a08fcfdca1663937facd85081236e33c95ba881e8279b777c53f2d3af210ddbb6cdc8493a2dbf0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47737.exe

Filesize
188KB

MD5
689514552aa6ac4921d6ab2c023e0d7e

SHA1
7216f89400ec228b2027138c42fa5a84076f3d6d

SHA256
fa709cc167776ee43befa0753118c0526c484fb0cec131202039404919c1373b

SHA512
f4875a798948054e6dd45fb583a035166ba32c6d38278658465afdd1a1c54ebefb169b915707e9dd095d47b811a2ddc7f350fb89fd1f16e30cbb40bda35870e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe

Filesize
188KB

MD5
fe47aedca50be89844d3718a017df74e

SHA1
33a1e3ab728d8070e49d03a879f9eb22d1cffce1

SHA256
56a915390008214c0fcb10f338b44eb47a24bcadd74c7abc24c5e60230ac53b9

SHA512
3a235f71c4a4e3375b7d455222c38cca96629e8cdce39d1d8d5aa05b2208e5af26e0d3eb5786221bf14194a7ac1f5d9a24503a4a5d2859aa0f632028358b77dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63279.exe

Filesize
188KB

MD5
85344585aa03b2cab956aa4812fa0e69

SHA1
df3e154fd7f22b0dfe3685c6c975495b29785a42

SHA256
47c04ebeb4ba2495acbb4d9c1b90e75861a51ce8d903a55521743a4715d87433

SHA512
70318dadcac3754c13b212ed53993ea8b9c3ecd65c54951380b084fc26b69537312bfc4d7b99276b6c9ec8b176c1045e8327f5fc14590156f972396e2c20d729

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65391.exe

Filesize
188KB

MD5
80cafc9d2515ddf1e90c259c842123db

SHA1
99514adf124e9e876304dc5866131914e47567cb

SHA256
fc47ff37b6e4fcb511fd17ddfea18fd8b0017eb0dc1343ccece8510917d26e08

SHA512
d053879de818c6a20fc74471de7784fefa41aada799d5e116a11c4ef482cdc20da822841087c5fb3e69335ffe559b8c20ac6db635a5c1cdaa930f3844cca56b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe

Filesize
188KB

MD5
ce7c318a72a5896ca97bc30671791ae1

SHA1
4ba089263c0ab60be99ca92f28d3e8df95d80927

SHA256
b4365fc40b1774938bd59da2f603b0e8ab711a7feac377bd424d5f68fba48bdd

SHA512
6df25c69bc2e8b17afd15bc9e87cf35b47a66502e15188943cfa211a2f676910cb65d2866cc0996aa727763aab9a11bf349d65c5006f9851331cf9bca0471c33

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads