68ed7807e790f7b4ec5ce9e047ad727ca3f6c881cd87b1f4b29caa6a5e735982

Analysis

max time kernel
36s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-04-2024 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe
Size

188KB
MD5

e85e42017b2471a224042bad306ab1d1
SHA1

b23f8ddb47478c850f3875ae4c7501f240389df9
SHA256

68ed7807e790f7b4ec5ce9e047ad727ca3f6c881cd87b1f4b29caa6a5e735982
SHA512

6e8f2c3d4ca29d2cbcfa93b1ae0b20e8847466bdbd52b83069e01cdf7e7fa9797992a95ba3165cc4a098de3a945b9cc38ee57f2ef861f21155e44658dcdff46e
SSDEEP

3072:2X8bo2hBrwwQ0Odvf0ilnJOd1532MJvusggxFhE8rglH1pFv:2Xgo4lQ0KfDlnJk52WfglH1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2064	Unicorn-14610.exe
2392	Unicorn-24808.exe
2644	Unicorn-39752.exe
2540	Unicorn-23822.exe
2560	Unicorn-34128.exe
300	Unicorn-10178.exe
2912	Unicorn-48565.exe
1708	Unicorn-34729.exe
2772	Unicorn-53204.exe
2512	Unicorn-38259.exe
1928	Unicorn-22499.exe
1728	Unicorn-20636.exe
1404	Unicorn-53863.exe
2672	Unicorn-12275.exe
624	Unicorn-8191.exe
3012	Unicorn-62031.exe
2284	Unicorn-37526.exe
2300	Unicorn-22582.exe
2856	Unicorn-61476.exe
1268	Unicorn-13427.exe
2068	Unicorn-59099.exe
1632	Unicorn-19458.exe
1816	Unicorn-58030.exe
1836	Unicorn-10220.exe
1124	Unicorn-43661.exe
864	Unicorn-23795.exe
3060	Unicorn-17019.exe
2956	Unicorn-50438.exe
984	Unicorn-8850.exe
2508	Unicorn-2628.exe
2036	Unicorn-31963.exe
2636	Unicorn-19733.exe
2568	Unicorn-21679.exe
2724	Unicorn-1813.exe
2796	Unicorn-34485.exe
2760	Unicorn-17595.exe
2588	Unicorn-62519.exe
2496	Unicorn-30423.exe
2984	Unicorn-45368.exe
2012	Unicorn-33115.exe
2472	Unicorn-16033.exe
2808	Unicorn-56873.exe
2800	Unicorn-41091.exe
328	Unicorn-49260.exe
1576	Unicorn-3588.exe
1080	Unicorn-44621.exe
2648	Unicorn-48705.exe
752	Unicorn-7672.exe
1428	Unicorn-11756.exe
1284	Unicorn-26701.exe
1636	Unicorn-58710.exe
1612	Unicorn-38844.exe
1784	Unicorn-5425.exe
3044	Unicorn-51097.exe
488	Unicorn-54434.exe
1564	Unicorn-14169.exe
2988	Unicorn-22338.exe
980	Unicorn-39420.exe
1156	Unicorn-63370.exe
1660	Unicorn-12778.exe
560	Unicorn-55010.exe
2156	Unicorn-12031.exe
1104	Unicorn-37282.exe
2112	Unicorn-65316.exe

Loads dropped DLL 64 IoCs

pid	Process
2164	e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe
2164	e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe
2064	Unicorn-14610.exe
2064	Unicorn-14610.exe
2164	e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe
2164	e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe
2392	Unicorn-24808.exe
2392	Unicorn-24808.exe
2644	Unicorn-39752.exe
2644	Unicorn-39752.exe
2064	Unicorn-14610.exe
2064	Unicorn-14610.exe
2540	Unicorn-23822.exe
2392	Unicorn-24808.exe
2540	Unicorn-23822.exe
2392	Unicorn-24808.exe
2644	Unicorn-39752.exe
2644	Unicorn-39752.exe
2560	Unicorn-34128.exe
2560	Unicorn-34128.exe
300	Unicorn-10178.exe
300	Unicorn-10178.exe
1708	Unicorn-34729.exe
1708	Unicorn-34729.exe
2560	Unicorn-34128.exe
2512	Unicorn-38259.exe
2560	Unicorn-34128.exe
2512	Unicorn-38259.exe
2912	Unicorn-48565.exe
2912	Unicorn-48565.exe
2540	Unicorn-23822.exe
2540	Unicorn-23822.exe
1928	Unicorn-22499.exe
1928	Unicorn-22499.exe
300	Unicorn-10178.exe
300	Unicorn-10178.exe
2772	Unicorn-53204.exe
2772	Unicorn-53204.exe
1708	Unicorn-34729.exe
1728	Unicorn-20636.exe
1728	Unicorn-20636.exe
1708	Unicorn-34729.exe
2672	Unicorn-12275.exe
2672	Unicorn-12275.exe
2912	Unicorn-48565.exe
2912	Unicorn-48565.exe
1404	Unicorn-53863.exe
1404	Unicorn-53863.exe
1928	Unicorn-22499.exe
2284	Unicorn-37526.exe
1928	Unicorn-22499.exe
2772	Unicorn-53204.exe
2284	Unicorn-37526.exe
3012	Unicorn-62031.exe
2856	Unicorn-61476.exe
2772	Unicorn-53204.exe
2856	Unicorn-61476.exe
3012	Unicorn-62031.exe
2300	Unicorn-22582.exe
2300	Unicorn-22582.exe
2512	Unicorn-38259.exe
2512	Unicorn-38259.exe
1268	Unicorn-13427.exe
1268	Unicorn-13427.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2164	e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe
2064	Unicorn-14610.exe
2392	Unicorn-24808.exe
2644	Unicorn-39752.exe
2540	Unicorn-23822.exe
2560	Unicorn-34128.exe
300	Unicorn-10178.exe
2912	Unicorn-48565.exe
1708	Unicorn-34729.exe
2512	Unicorn-38259.exe
2772	Unicorn-53204.exe
1928	Unicorn-22499.exe
1728	Unicorn-20636.exe
2672	Unicorn-12275.exe
1404	Unicorn-53863.exe
2856	Unicorn-61476.exe
2284	Unicorn-37526.exe
2300	Unicorn-22582.exe
3012	Unicorn-62031.exe
624	Unicorn-8191.exe
2068	Unicorn-59099.exe
1268	Unicorn-13427.exe
1632	Unicorn-19458.exe
1816	Unicorn-58030.exe
1836	Unicorn-10220.exe
1124	Unicorn-43661.exe
2508	Unicorn-2628.exe
3060	Unicorn-17019.exe
864	Unicorn-23795.exe
984	Unicorn-8850.exe
2956	Unicorn-50438.exe
2036	Unicorn-31963.exe
2636	Unicorn-19733.exe
2568	Unicorn-21679.exe
2724	Unicorn-1813.exe
2760	Unicorn-17595.exe
2796	Unicorn-34485.exe
2588	Unicorn-62519.exe
2984	Unicorn-45368.exe
2496	Unicorn-30423.exe
2012	Unicorn-33115.exe
2472	Unicorn-16033.exe
2808	Unicorn-56873.exe
2800	Unicorn-41091.exe
1576	Unicorn-3588.exe
328	Unicorn-49260.exe
1080	Unicorn-44621.exe
2648	Unicorn-48705.exe
752	Unicorn-7672.exe
1428	Unicorn-11756.exe
1284	Unicorn-26701.exe
1612	Unicorn-38844.exe
1636	Unicorn-58710.exe
1784	Unicorn-5425.exe
3044	Unicorn-51097.exe
488	Unicorn-54434.exe
1564	Unicorn-14169.exe
980	Unicorn-39420.exe
1660	Unicorn-12778.exe
560	Unicorn-55010.exe
1104	Unicorn-37282.exe
2988	Unicorn-22338.exe
1708	Unicorn-28922.exe
3040	Unicorn-4418.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2064	2164	e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe	28
PID 2164 wrote to memory of 2064	2164	e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe	28
PID 2164 wrote to memory of 2064	2164	e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe	28
PID 2164 wrote to memory of 2064	2164	e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe	28
PID 2064 wrote to memory of 2392	2064	Unicorn-14610.exe	29
PID 2064 wrote to memory of 2392	2064	Unicorn-14610.exe	29
PID 2064 wrote to memory of 2392	2064	Unicorn-14610.exe	29
PID 2064 wrote to memory of 2392	2064	Unicorn-14610.exe	29
PID 2164 wrote to memory of 2644	2164	e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2644	2164	e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2644	2164	e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe	30
PID 2164 wrote to memory of 2644	2164	e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe	30
PID 2392 wrote to memory of 2540	2392	Unicorn-24808.exe	31
PID 2392 wrote to memory of 2540	2392	Unicorn-24808.exe	31
PID 2392 wrote to memory of 2540	2392	Unicorn-24808.exe	31
PID 2392 wrote to memory of 2540	2392	Unicorn-24808.exe	31
PID 2644 wrote to memory of 2560	2644	Unicorn-39752.exe	32
PID 2644 wrote to memory of 2560	2644	Unicorn-39752.exe	32
PID 2644 wrote to memory of 2560	2644	Unicorn-39752.exe	32
PID 2644 wrote to memory of 2560	2644	Unicorn-39752.exe	32
PID 2064 wrote to memory of 300	2064	Unicorn-14610.exe	33
PID 2064 wrote to memory of 300	2064	Unicorn-14610.exe	33
PID 2064 wrote to memory of 300	2064	Unicorn-14610.exe	33
PID 2064 wrote to memory of 300	2064	Unicorn-14610.exe	33
PID 2540 wrote to memory of 2912	2540	Unicorn-23822.exe	34
PID 2540 wrote to memory of 2912	2540	Unicorn-23822.exe	34
PID 2540 wrote to memory of 2912	2540	Unicorn-23822.exe	34
PID 2540 wrote to memory of 2912	2540	Unicorn-23822.exe	34
PID 2392 wrote to memory of 1708	2392	Unicorn-24808.exe	35
PID 2392 wrote to memory of 1708	2392	Unicorn-24808.exe	35
PID 2392 wrote to memory of 1708	2392	Unicorn-24808.exe	35
PID 2392 wrote to memory of 1708	2392	Unicorn-24808.exe	35
PID 2644 wrote to memory of 2772	2644	Unicorn-39752.exe	36
PID 2644 wrote to memory of 2772	2644	Unicorn-39752.exe	36
PID 2644 wrote to memory of 2772	2644	Unicorn-39752.exe	36
PID 2644 wrote to memory of 2772	2644	Unicorn-39752.exe	36
PID 2560 wrote to memory of 2512	2560	Unicorn-34128.exe	37
PID 2560 wrote to memory of 2512	2560	Unicorn-34128.exe	37
PID 2560 wrote to memory of 2512	2560	Unicorn-34128.exe	37
PID 2560 wrote to memory of 2512	2560	Unicorn-34128.exe	37
PID 300 wrote to memory of 1928	300	Unicorn-10178.exe	38
PID 300 wrote to memory of 1928	300	Unicorn-10178.exe	38
PID 300 wrote to memory of 1928	300	Unicorn-10178.exe	38
PID 300 wrote to memory of 1928	300	Unicorn-10178.exe	38
PID 1708 wrote to memory of 1728	1708	Unicorn-34729.exe	39
PID 1708 wrote to memory of 1728	1708	Unicorn-34729.exe	39
PID 1708 wrote to memory of 1728	1708	Unicorn-34729.exe	39
PID 1708 wrote to memory of 1728	1708	Unicorn-34729.exe	39
PID 2560 wrote to memory of 1404	2560	Unicorn-34128.exe	40
PID 2560 wrote to memory of 1404	2560	Unicorn-34128.exe	40
PID 2560 wrote to memory of 1404	2560	Unicorn-34128.exe	40
PID 2560 wrote to memory of 1404	2560	Unicorn-34128.exe	40
PID 2512 wrote to memory of 624	2512	Unicorn-38259.exe	41
PID 2512 wrote to memory of 624	2512	Unicorn-38259.exe	41
PID 2512 wrote to memory of 624	2512	Unicorn-38259.exe	41
PID 2512 wrote to memory of 624	2512	Unicorn-38259.exe	41
PID 2912 wrote to memory of 2672	2912	Unicorn-48565.exe	42
PID 2912 wrote to memory of 2672	2912	Unicorn-48565.exe	42
PID 2912 wrote to memory of 2672	2912	Unicorn-48565.exe	42
PID 2912 wrote to memory of 2672	2912	Unicorn-48565.exe	42
PID 2540 wrote to memory of 3012	2540	Unicorn-23822.exe	43
PID 2540 wrote to memory of 3012	2540	Unicorn-23822.exe	43
PID 2540 wrote to memory of 3012	2540	Unicorn-23822.exe	43
PID 2540 wrote to memory of 3012	2540	Unicorn-23822.exe	43

C:\Users\Admin\AppData\Local\Temp\e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\e85e42017b2471a224042bad306ab1d1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19458.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        9⤵
        Executes dropped EXE
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
        9⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
        9⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        10⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
        8⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48688.exe
        9⤵
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39969.exe
        9⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57099.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        9⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62031.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56873.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22146.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        8⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41091.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe
        8⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        9⤵
        
        PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20636.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19733.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58710.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16752.exe
        9⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39864.exe
        8⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        9⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24947.exe
        10⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38844.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-991.exe
        8⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        9⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
        8⤵
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1813.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54434.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46108.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52304.exe
        9⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
        10⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
        11⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe
        7⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59099.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21679.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5425.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65137.exe
        7⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33664.exe
        7⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
        8⤵
        
        PID:3308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22499.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22582.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8850.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
        8⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
        9⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28075.exe
        10⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
        8⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        9⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42388.exe
        10⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27420.exe
        7⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
        7⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23524.exe
        8⤵
        
        PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        9⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4536.exe
        10⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50119.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61136.exe
        7⤵
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16031.exe
        7⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        8⤵
        
        PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43661.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13977.exe
        7⤵
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        7⤵
        
        PID:1992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38259.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33115.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65316.exe
        7⤵
        Executes dropped EXE
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        7⤵
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31963.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7672.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
        7⤵
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27420.exe
        6⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        8⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
        7⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
        8⤵
        
        PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        9⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16161.exe
        10⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48116.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        8⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28693.exe
        9⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40525.exe
        10⤵
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
        7⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12031.exe
        6⤵
        Executes dropped EXE
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
        7⤵
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44800.exe
        6⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19171.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21304.exe
        9⤵
        
        PID:3804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2628.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11756.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20644.exe
        7⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4447.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65278.exe
        9⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55730.exe
        10⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
        6⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        7⤵
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26701.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24728.exe
        6⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58905.exe
        8⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        9⤵
        
        PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48705.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
        6⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28184.exe
        7⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-778.exe
        5⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
        6⤵
        
        PID:1448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12275.exe

Filesize
188KB

MD5
7ae47bccc1f3aa7a50ab30dfc064ac24

SHA1
4cd3ed80c5110b62a65612e8ea011413e3eb6991

SHA256
b6895019f68d67af2af4b5cf99960d17c55589498e2df7200447b3736bc21dfb

SHA512
24aaa41dd5eef6b7e64b69fa2459098a3347cb4107877e110f517a878915881158d785c2bf1b7e6bfe083d24c7af5b2fbd928f8fddfbfc9cd0d4e26da0a5d85a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62031.exe

Filesize
188KB

MD5
95a4e4aa8e8ca934f636a19a0d6c168e

SHA1
586fca4d949c7a29249b50fa35828e215ae2c91d

SHA256
ebc84f73c4f88151833ffe34cd9d5e0f5e8d7abc6b22318420b21f8b1489019a

SHA512
4e0a091df7e26e864573ba5d1d24e57d24289364f993f69d08b0db608314aeff59d9b77adac23d4a689257f21c49c52e4b0b8ebec51179d00cc22f6196090fba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8191.exe

Filesize
188KB

MD5
448717b41ebcec2527d4e4e2421561b8

SHA1
80f622de468179a9dfdfd0a4e4138af41a14bbe9

SHA256
e49450df2985264d3384c98a77824d46471385ceaac4a065e8cb35d261bda482

SHA512
64ff638e5f75b5428ebaa5ec1521b50a2113e2637586084229c8eb2cbe8659f9d7e585b7ef6f0d9246dedea6e0ed7b21df8f53f823887016928eb71a42695f19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10178.exe

Filesize
188KB

MD5
1f46fe52eb4b4ec272834c3bde64feba

SHA1
44abc95a3cc5955cb24063f7fa7e2f02ca355bd8

SHA256
e7179f2f607de02ce27d3417e0e4d48e9d9b1483b4d831841bf44ebbf3127b12

SHA512
014c85f34727273b28ab325bc0a1bc784100efc6f238abd35d51d7b7cbceadf29319ca230a6eebcf986f135a5802bf7db8627d5d79125ea049dc7c61811aa9b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14610.exe

Filesize
188KB

MD5
0c17d23b30fd95bcc74c64eb0c334ab8

SHA1
10fb128f3f312c33ca860e5d50e450d04c5abcd4

SHA256
2ed4639810723d07b026522aaf554b56c68c61611c6d5942cb3dfec892e999cd

SHA512
492725a2ea4c9d258ace9fd8e9e4e16f8a9b1678c3621b73e8abd45e848ed508f30a6d33da6979c719e1de29c1539769bd1764e40034d35359fd580cbf786dcc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20636.exe

Filesize
188KB

MD5
0a7d758d3ca225a3344a433d9b9742cd

SHA1
1f9abca8b4d5f182b0c6ca444843830db8bb6e88

SHA256
45a8b8a80a8473a2b1cd5fdbca5c4b1df22163862e81b53a99d63d61c3ae14ee

SHA512
c3f515ca5ddcb1a9ecab0d8bde8a4af1763748c771f647131f68a816938f0f8cc9f80bb55de0218e64880c884fd760d0d0b3f7512ef1c9beba21116cc1bb4da3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22499.exe

Filesize
188KB

MD5
4e59bcebd4fb7041bde74c1b8b159fa4

SHA1
3222ef6d025134b406824ec727d6e40f49e713aa

SHA256
3fe47fff5e20f0b18a4f75d4ec56879f66109c52c1575fb9620878eb2af46818

SHA512
46372fd2d6bb0de394e8aa72a7da504e130e93034eac80121a3c807b7184f55f5e7c7b08ab576addbdd2f073c0807378b59ae6767aeec153b92c1b94f4382cfe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22582.exe

Filesize
188KB

MD5
187d9f0cd0aef5eee203b2c5e5cfa077

SHA1
ca89fb47b93ba3ab98ad0a54b8ff1d2e2316c041

SHA256
b7cb6fe7f636204f1afc80cd7aaaf3d13a6f6d2964da4af4392e43f82f06d13a

SHA512
4481dfa611ab124a703034eecd4e36363da119e62ac895b4b6d2961e8288c5a0f5688c16f90d016d37e3e9d25490b257caf828600d1d55d2e8924884aafda71e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23822.exe

Filesize
188KB

MD5
f3d9ada9850a770676ced297d12814a9

SHA1
3beb8c4f9a00a08cdf7805f0010b14bf9e67aaeb

SHA256
0083bfa6d88e1ecf094fffe47c120741fbe2e8f713eb7477bf04e3887efda0c4

SHA512
bd2787be35ea74361a34f13abda8017249d204e0f0b92dfd70925cfe5addaea679afd1797026527390d0b7b8415cedb1ec407d1ea0aaff76e164c6846d94eddc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe

Filesize
188KB

MD5
37e35f2171cb312dcd597ca8eee3807d

SHA1
fb7a3992c19717197f12abad8057d03eb60f5dc3

SHA256
be645d84fe70ba897253542ac486cedadb248b13e0826de94184cdfb8856f469

SHA512
b90a61cb28f9ca0d9811044f4964d9f67997048a17661aebc52826d0c9b0bb5d561380681dbfa5928c05a1d17506ae2ce19c458b1861803b38c39fb8a98a7497

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34128.exe

Filesize
188KB

MD5
45b3310e8f30293270a0409af285b587

SHA1
60c3c4522b20bc09b914dfa0009f0f7a2cf18375

SHA256
9c66f2bc2c1483f5e04bf2130ac8e316a5abffa2e5231bd2f2127cd31afe0915

SHA512
e344e1ad01364127744def5e352a6ea26083c6c2cb2b0a0a9bda6ffbf6b3f1e4f184f27faa353e7db357d53e7ef4e63952d57105c618cdfc4cfb5c3bf12e6d28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe

Filesize
188KB

MD5
de4f88c768bd25054e9d62c7cdeffb1a

SHA1
88893a547a6092e74e5500069c1f693104bad07f

SHA256
3e134eb11d58acd739c458d9ff760342620b70f700d0749ae9f72bd419b02a6c

SHA512
e8592462040ff53b8366db3454ecac36f259178dccca045eaad2951a388bc5dd2b31000684e3a04083268aa8ef6b0b245f7e641cb982aff5dc870ba423254c10

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe

Filesize
188KB

MD5
8f703283df655f3f7f3f70ac56f2f899

SHA1
f72c8dfc2cf035d211c58408217156483a3f4b1d

SHA256
77b1c3e6fc331626abe4d0bdce020f2e4b16544827079e09e3a7c7128a612922

SHA512
abef60606d78f634efba43ec74c5964cc59e1ebe4347d87e1c76f4a88e1bf9c058c99344f693f99d0201e34346093bac2c6b8ba6713d6f150583209df644abb1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38259.exe

Filesize
188KB

MD5
3a99fa3d2f72b1350ba4197220966d82

SHA1
2264377e02bc47fd8e9034eeabd055259d6b76b0

SHA256
8bc8124a397783afc232050b7a7949d937e3a04e6d1e1bda7995b5a65a9bf2d7

SHA512
0cd7e73c5e2f85a3467d5fb6888abaa7f82d8a1a14ebd76566dfce25320a6cc640e831d54f632fc14d4adb0889ed45c15c348d0223dc39c7fabec090e1c61720

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe

Filesize
188KB

MD5
0a3ca7f99af930a9d1fd60f70fbff047

SHA1
93dec2304daf06d36ec4df7d9a956777def06b52

SHA256
19da015e20f6c83b897c801fb3585e9d5657c90fbfb6c8213a0b9418571ef922

SHA512
34f2014f3d3f08658f90ceab2504825fc10f378076245609189e864d9bac5dd1f991ce0d84b1653fc72c4a3993542e4ad1dcab69e24e71d50963d81e93b2caf9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48565.exe

Filesize
188KB

MD5
1b6ffe1b48642b59ddc71b0a70d26ebf

SHA1
93ecdf778c4480447c16e7d7958e920ec1c43671

SHA256
58ebf2dfba135dbe343b59a02e9623c4ee06c24deb44aaeb543d1ec5bab08321

SHA512
26851f82131c123190dc8b3f900e72086fe8c55f1af8ae814ae2ba8d30c17b89de63886c1b019a2885a4aa3adfaa49a68826b0f94ab780dd3c491797febd6d57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe

Filesize
188KB

MD5
c5809af05d0ba4a0565d3ff42ecdfab1

SHA1
d9babd711ac9061acf3d31122599e938ead08341

SHA256
1c0ec077b439746a04f7abad6e2831032abd68f37d26193c9092359352d8eee7

SHA512
aa7959fea05621cfc876414dfe268f24bf70c5c5fea542a3864074b850abe96be3139128535da28b54f8b5d69a0c9db5ac813501a6d66033873076be61b37d35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe

Filesize
188KB

MD5
dc139bf04fb82167afc9daff109474d0

SHA1
71fefb0f1eedd62e14190a5f412d6b10746bd0f2

SHA256
a1acd896f759dd988c8a27960034b381047275c1aef9f885cdb1a060ebec07c1

SHA512
16806f50affef49f39df77de472353b4c997b11eee194f5b77112d6b79cae9690b4abcbfcbc039d6860e39e19c193161f0b0daa269ca9c88281657baf47530b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe

Filesize
188KB

MD5
43e37471c69ef718a83d8eaef6e47fb0

SHA1
3199b4f24e77077a9a19951e3134045290cbb05b

SHA256
78f0a2b8aa7a8873dddb401541fe3e5cc5a62bf8c0563baf4524d5e2b587998a

SHA512
9d27175d33f2e105a644567d3a430dd3fa4362f29faf58f179e932157c36388e24401a6e7f7061adcbf2b775b418820bdf084c71a66e2e902ff991ce145ab073

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads