77f84244692e20e019e6e2654ec595d8502edeafd856026e682731ffe900d185

Analysis

max time kernel
116s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe
Size

184KB
MD5

f284d059640d9a8fa197e11d5eb24899
SHA1

55fd546373c81e243a919e3302f52fd8f8c0ff21
SHA256

77f84244692e20e019e6e2654ec595d8502edeafd856026e682731ffe900d185
SHA512

872fa12a8d00e8d5e7e43bd2b447288d514cb73da50f1d822af8730de0c9940d2d25c1768b51128ee05cf7e1384348d4fa1c71f630917da30a8d2e55d7d5f0de
SSDEEP

3072:qzSdozI3sYATrmACdCn4F8NQxvO6+19VokEx8gPz76lPvpF7:qzEo35Trmd84F8V3Lq6lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3028	Unicorn-32890.exe
2980	Unicorn-52931.exe
3044	Unicorn-7259.exe
2724	Unicorn-35790.exe
2608	Unicorn-55656.exe
2716	Unicorn-55656.exe
2480	Unicorn-30026.exe
2984	Unicorn-13113.exe
1972	Unicorn-9776.exe
2676	Unicorn-42256.exe
2740	Unicorn-62122.exe
1336	Unicorn-59494.exe
2328	Unicorn-39628.exe
2188	Unicorn-26054.exe
2176	Unicorn-42582.exe
1340	Unicorn-25596.exe
2800	Unicorn-12405.exe
604	Unicorn-38725.exe
2852	Unicorn-28742.exe
1096	Unicorn-48747.exe
2420	Unicorn-28881.exe
2200	Unicorn-16075.exe
1604	Unicorn-39147.exe
1548	Unicorn-35809.exe
2192	Unicorn-55099.exe
2044	Unicorn-55099.exe
2344	Unicorn-35233.exe
568	Unicorn-38872.exe
1316	Unicorn-22536.exe
2288	Unicorn-21886.exe
2304	Unicorn-58088.exe
1596	Unicorn-38222.exe
2940	Unicorn-59515.exe
2372	Unicorn-13843.exe
2892	Unicorn-33060.exe
2588	Unicorn-13002.exe
2632	Unicorn-32868.exe
2660	Unicorn-16532.exe
2996	Unicorn-49012.exe
2600	Unicorn-12810.exe
2484	Unicorn-61819.exe
2728	Unicorn-58228.exe
3028	Unicorn-12556.exe
2452	Unicorn-12556.exe
2508	Unicorn-47917.exe
848	Unicorn-28051.exe
2696	Unicorn-31690.exe
2108	Unicorn-31690.exe
2792	Unicorn-31690.exe
2760	Unicorn-10755.exe
1736	Unicorn-10755.exe
2248	Unicorn-62214.exe
2092	Unicorn-41711.exe
2116	Unicorn-14741.exe
2428	Unicorn-23765.exe
592	Unicorn-29599.exe
600	Unicorn-46812.exe
1800	Unicorn-46428.exe
856	Unicorn-59043.exe
2912	Unicorn-41829.exe
1776	Unicorn-13371.exe
1352	Unicorn-9650.exe
1556	Unicorn-46236.exe
1868	Unicorn-29516.exe

Loads dropped DLL 64 IoCs

pid	Process
2944	f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe
2944	f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe
2944	f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe
3028	Unicorn-32890.exe
2944	f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe
3028	Unicorn-32890.exe
3028	Unicorn-32890.exe
3028	Unicorn-32890.exe
2980	Unicorn-52931.exe
3044	Unicorn-7259.exe
2980	Unicorn-52931.exe
3044	Unicorn-7259.exe
2724	Unicorn-35790.exe
2724	Unicorn-35790.exe
2608	Unicorn-55656.exe
2608	Unicorn-55656.exe
2980	Unicorn-52931.exe
2980	Unicorn-52931.exe
2716	Unicorn-55656.exe
2716	Unicorn-55656.exe
3044	Unicorn-7259.exe
3044	Unicorn-7259.exe
2480	Unicorn-30026.exe
2480	Unicorn-30026.exe
2724	Unicorn-35790.exe
2724	Unicorn-35790.exe
1972	Unicorn-9776.exe
1972	Unicorn-9776.exe
2984	Unicorn-13113.exe
2984	Unicorn-13113.exe
2608	Unicorn-55656.exe
2608	Unicorn-55656.exe
2676	Unicorn-42256.exe
2676	Unicorn-42256.exe
2740	Unicorn-62122.exe
2740	Unicorn-62122.exe
2716	Unicorn-55656.exe
2716	Unicorn-55656.exe
1336	Unicorn-59494.exe
2480	Unicorn-30026.exe
1336	Unicorn-59494.exe
2480	Unicorn-30026.exe
2328	Unicorn-39628.exe
2328	Unicorn-39628.exe
2188	Unicorn-26054.exe
2188	Unicorn-26054.exe
1972	Unicorn-9776.exe
1972	Unicorn-9776.exe
2800	Unicorn-12405.exe
1340	Unicorn-25596.exe
1340	Unicorn-25596.exe
2676	Unicorn-42256.exe
2676	Unicorn-42256.exe
604	Unicorn-38725.exe
604	Unicorn-38725.exe
2176	Unicorn-42582.exe
2176	Unicorn-42582.exe
2984	Unicorn-13113.exe
2984	Unicorn-13113.exe
2852	Unicorn-28742.exe
2740	Unicorn-62122.exe
2852	Unicorn-28742.exe
2740	Unicorn-62122.exe
1096	Unicorn-48747.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3316	1744	WerFault.exe	101
2884	3144	WerFault.exe	136

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2944	f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe
3028	Unicorn-32890.exe
3044	Unicorn-7259.exe
2980	Unicorn-52931.exe
2724	Unicorn-35790.exe
2608	Unicorn-55656.exe
2716	Unicorn-55656.exe
2480	Unicorn-30026.exe
2984	Unicorn-13113.exe
1972	Unicorn-9776.exe
2676	Unicorn-42256.exe
2740	Unicorn-62122.exe
1336	Unicorn-59494.exe
2328	Unicorn-39628.exe
2188	Unicorn-26054.exe
2176	Unicorn-42582.exe
1340	Unicorn-25596.exe
2800	Unicorn-12405.exe
604	Unicorn-38725.exe
2852	Unicorn-28742.exe
1096	Unicorn-48747.exe
2420	Unicorn-28881.exe
2200	Unicorn-16075.exe
1604	Unicorn-39147.exe
1548	Unicorn-35809.exe
2192	Unicorn-55099.exe
2344	Unicorn-35233.exe
568	Unicorn-38872.exe
1316	Unicorn-22536.exe
1596	Unicorn-38222.exe
2304	Unicorn-58088.exe
2940	Unicorn-59515.exe
2588	Unicorn-13002.exe
2372	Unicorn-13843.exe
2996	Unicorn-49012.exe
2892	Unicorn-33060.exe
2600	Unicorn-12810.exe
848	Unicorn-28051.exe
3028	Unicorn-12556.exe
2660	Unicorn-16532.exe
2632	Unicorn-32868.exe
2484	Unicorn-61819.exe
2452	Unicorn-12556.exe
2760	Unicorn-10755.exe
2792	Unicorn-31690.exe
2728	Unicorn-58228.exe
2508	Unicorn-47917.exe
2696	Unicorn-31690.exe
1736	Unicorn-10755.exe
2108	Unicorn-31690.exe
2248	Unicorn-62214.exe
2092	Unicorn-41711.exe
2116	Unicorn-14741.exe
2428	Unicorn-23765.exe
592	Unicorn-29599.exe
600	Unicorn-46812.exe
1800	Unicorn-46428.exe
856	Unicorn-59043.exe
1868	Unicorn-29516.exe
3044	Unicorn-11485.exe
2120	Unicorn-19532.exe
1804	Unicorn-48675.exe
1708	Unicorn-39860.exe
1556	Unicorn-46236.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 3028	2944	f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe	28
PID 2944 wrote to memory of 3028	2944	f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe	28
PID 2944 wrote to memory of 3028	2944	f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe	28
PID 2944 wrote to memory of 3028	2944	f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe	28
PID 2944 wrote to memory of 2980	2944	f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe	29
PID 2944 wrote to memory of 2980	2944	f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe	29
PID 2944 wrote to memory of 2980	2944	f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe	29
PID 2944 wrote to memory of 2980	2944	f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe	29
PID 3028 wrote to memory of 3044	3028	Unicorn-32890.exe	30
PID 3028 wrote to memory of 3044	3028	Unicorn-32890.exe	30
PID 3028 wrote to memory of 3044	3028	Unicorn-32890.exe	30
PID 3028 wrote to memory of 3044	3028	Unicorn-32890.exe	30
PID 3028 wrote to memory of 2724	3028	Unicorn-32890.exe	31
PID 3028 wrote to memory of 2724	3028	Unicorn-32890.exe	31
PID 3028 wrote to memory of 2724	3028	Unicorn-32890.exe	31
PID 3028 wrote to memory of 2724	3028	Unicorn-32890.exe	31
PID 2980 wrote to memory of 2608	2980	Unicorn-52931.exe	32
PID 2980 wrote to memory of 2608	2980	Unicorn-52931.exe	32
PID 2980 wrote to memory of 2608	2980	Unicorn-52931.exe	32
PID 2980 wrote to memory of 2608	2980	Unicorn-52931.exe	32
PID 3044 wrote to memory of 2716	3044	Unicorn-7259.exe	33
PID 3044 wrote to memory of 2716	3044	Unicorn-7259.exe	33
PID 3044 wrote to memory of 2716	3044	Unicorn-7259.exe	33
PID 3044 wrote to memory of 2716	3044	Unicorn-7259.exe	33
PID 2724 wrote to memory of 2480	2724	Unicorn-35790.exe	34
PID 2724 wrote to memory of 2480	2724	Unicorn-35790.exe	34
PID 2724 wrote to memory of 2480	2724	Unicorn-35790.exe	34
PID 2724 wrote to memory of 2480	2724	Unicorn-35790.exe	34
PID 2608 wrote to memory of 2984	2608	Unicorn-55656.exe	35
PID 2608 wrote to memory of 2984	2608	Unicorn-55656.exe	35
PID 2608 wrote to memory of 2984	2608	Unicorn-55656.exe	35
PID 2608 wrote to memory of 2984	2608	Unicorn-55656.exe	35
PID 2980 wrote to memory of 1972	2980	Unicorn-52931.exe	36
PID 2980 wrote to memory of 1972	2980	Unicorn-52931.exe	36
PID 2980 wrote to memory of 1972	2980	Unicorn-52931.exe	36
PID 2980 wrote to memory of 1972	2980	Unicorn-52931.exe	36
PID 2716 wrote to memory of 2740	2716	Unicorn-55656.exe	37
PID 2716 wrote to memory of 2740	2716	Unicorn-55656.exe	37
PID 2716 wrote to memory of 2740	2716	Unicorn-55656.exe	37
PID 2716 wrote to memory of 2740	2716	Unicorn-55656.exe	37
PID 3044 wrote to memory of 2676	3044	Unicorn-7259.exe	38
PID 3044 wrote to memory of 2676	3044	Unicorn-7259.exe	38
PID 3044 wrote to memory of 2676	3044	Unicorn-7259.exe	38
PID 3044 wrote to memory of 2676	3044	Unicorn-7259.exe	38
PID 2480 wrote to memory of 1336	2480	Unicorn-30026.exe	39
PID 2480 wrote to memory of 1336	2480	Unicorn-30026.exe	39
PID 2480 wrote to memory of 1336	2480	Unicorn-30026.exe	39
PID 2480 wrote to memory of 1336	2480	Unicorn-30026.exe	39
PID 2724 wrote to memory of 2328	2724	Unicorn-35790.exe	40
PID 2724 wrote to memory of 2328	2724	Unicorn-35790.exe	40
PID 2724 wrote to memory of 2328	2724	Unicorn-35790.exe	40
PID 2724 wrote to memory of 2328	2724	Unicorn-35790.exe	40
PID 1972 wrote to memory of 2188	1972	Unicorn-9776.exe	41
PID 1972 wrote to memory of 2188	1972	Unicorn-9776.exe	41
PID 1972 wrote to memory of 2188	1972	Unicorn-9776.exe	41
PID 1972 wrote to memory of 2188	1972	Unicorn-9776.exe	41
PID 2984 wrote to memory of 2176	2984	Unicorn-13113.exe	42
PID 2984 wrote to memory of 2176	2984	Unicorn-13113.exe	42
PID 2984 wrote to memory of 2176	2984	Unicorn-13113.exe	42
PID 2984 wrote to memory of 2176	2984	Unicorn-13113.exe	42
PID 2608 wrote to memory of 1340	2608	Unicorn-55656.exe	43
PID 2608 wrote to memory of 1340	2608	Unicorn-55656.exe	43
PID 2608 wrote to memory of 1340	2608	Unicorn-55656.exe	43
PID 2608 wrote to memory of 1340	2608	Unicorn-55656.exe	43

C:\Users\Admin\AppData\Local\Temp\f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f284d059640d9a8fa197e11d5eb24899_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32890.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32890.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58088.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        9⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48675.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        9⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29516.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        9⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38222.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        8⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7146.exe
        9⤵
        
        PID:3144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 240
        10⤵
        Program crash
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60369.exe
        9⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32722.exe
        7⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 188
        8⤵
        Program crash
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38725.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38872.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47917.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe
        9⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        10⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59534.exe
        8⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
        9⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14741.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37582.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17090.exe
        8⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15508.exe
        9⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24681.exe
        10⤵
        
        PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12405.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
        6⤵
        Executes dropped EXE
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29599.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
        9⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        10⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
        7⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe
        8⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35233.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19532.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46866.exe
        8⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29323.exe
        6⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        7⤵
        
        PID:3616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48747.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13843.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41711.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60276.exe
        9⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53845.exe
        10⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        11⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37582.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        9⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39113.exe
        9⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31319.exe
        10⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
        9⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46236.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
        8⤵
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13371.exe
        7⤵
        Executes dropped EXE
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9650.exe
        6⤵
        Executes dropped EXE
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13124.exe
        7⤵
        
        PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39628.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
        7⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55833.exe
        8⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
        6⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
        7⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13002.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62214.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57448.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        8⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37582.exe
        6⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52730.exe
        7⤵
        
        PID:2592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42582.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22536.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31690.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46812.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        9⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38262.exe
        10⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
        11⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        9⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        7⤵
        Executes dropped EXE
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
        8⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11505.exe
        9⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10755.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46044.exe
        7⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        8⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21886.exe
        5⤵
        Executes dropped EXE
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe
        6⤵
        
        PID:2168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62380.exe
        7⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
        6⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14193.exe
        7⤵
        
        PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26309.exe
        6⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
        7⤵
        
        PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26054.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39147.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16532.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
        8⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
        6⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23099.exe
        7⤵
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
        6⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59140.exe
        7⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6762.exe
        8⤵
        
        PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3387.exe
        6⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12595.exe
        8⤵
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        5⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60322.exe
        6⤵
        
        PID:1284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe

Filesize
184KB

MD5
382d31a65b942c2fa600c8b77db610d5

SHA1
953ef8c58b75cfbe6a3f4ebefcbc94e3da8efce4

SHA256
09644eb9735ab70f4054096e55b57fff5f6fed787ef1bfb2264d4b9827d0546e

SHA512
69c71c9b438ac844be017a2b3e36c7140c41ca483ac0a7080a42b0b77fa3273c9b126f2cbd3bd0752a7c67299578cf559a24b33dcde3c57df4a8ae93a4917c70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6762.exe

Filesize
184KB

MD5
088626415bef7fa271233a674d1153bd

SHA1
ac5cc71969e3bf4c20b2150dcd14ecfd5826ffc0

SHA256
de278dfe10ee692411cb2f02d2a48c1ab5afb807285ac640a1ba6eb62ee3ba82

SHA512
e7a34d29ebdde3f06503747cf93a7a1a2c6d47330117e2480c39a644fefac736d40243433bb5900f7063c49425f21d8fe77a9d9fc96dfe044738cbefbfef0c85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12405.exe

Filesize
184KB

MD5
a6c7c5308043b802e8f03e46afd6ffa1

SHA1
950388a77fc6e674cd88303e7237c0f08fb7e88b

SHA256
c6ae3b7eebadddae79d83d8ab438e6d68a72a1416acdd7a215be1cb777fa44a5

SHA512
965a915de5ffa48543968c66bc72b5be8866471b5acb1bdd244d89718c776186f9b0af865f54e838808eca2815bc7e5b17f73f1c2ac90f73dd8ee9e4d495080c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe

Filesize
184KB

MD5
db091ae3f1c18ff638514eb1b28e2fdd

SHA1
efbf26e2864eb9033a7e6e518e13c7fbf82f8a06

SHA256
7b2a534c3d6c4e8e8286a7754524c71ea2327137da173c0ea195a74df8c3f8dd

SHA512
d2159b2088c7a4491170afff6f4f50858a8561b7b6acbbfb68fae19579186f90d48f914f4f4b788f01654d94189135358e809e0531a731a4e1fb62ad3f63f3b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe

Filesize
184KB

MD5
ec4f2fb5fdacf56ced15a1119566ed54

SHA1
81406de42558ed55f11571c14a4fbb62bbcff316

SHA256
3c4ef5f4dbb1d1adf001a5b8d44cdda1b4827ac8b8dcebff5be353eba6762848

SHA512
1a10068a9cdd9a5937244509c17a18fb66c000f939a904ad3cd9ffa0320004f9799a315002e1aaa1a7001b96971282f701b006c345bef205e653ef4f01e78313

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26054.exe

Filesize
184KB

MD5
5a1f9d0b3b8506244b5454d0f25e1bc4

SHA1
24268d43054aaf0887decb83bc1efdbb5354bb4e

SHA256
f136ab4e7707e052a9a941a9aae65bdcbfc464550d896016ba00e4ac427a8670

SHA512
88c981a80b4da67fee7f2c1737064e110fab913001b7de1906dfbec7b348353dd858f6ab1f47a2d84a8989656910be2569e4e67afc922421560dc27656954531

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28742.exe

Filesize
184KB

MD5
a6aa869faf20474a1012de43ba2e7e59

SHA1
d994fe39095d95a16836810ba1195d6638dd68e0

SHA256
ea9b3bbabadc5107340718906a7d0e7f5a9e62871a8093a5e109097fa3af8dae

SHA512
a61c575398edc6367d2f1f6fe9f0968edae27cb209c23bb0a3287a7594b14f78f0831f08033683c97c32b4ccb22f7393ff530ffc822c1ca15096f4a161a593c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30026.exe

Filesize
184KB

MD5
13edd69260f466703266de14719ec973

SHA1
2f319d9a62d812a5ea9cd96790a1929e79c7b26c

SHA256
a03e8aea672fe93f846e333ece4c2201974818e86ed5f073ce3d378644ed6701

SHA512
335a1f2bd4920c7e3e212d695be1ff0d35c3fb9a21d72acedbe1a27e842201f3e48a24c77a9b9ad796bfd6e5eb5c4af12c0b5171a7f7a95c54b497abd06eca85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32890.exe

Filesize
184KB

MD5
3a1301ce9236505cf6c75190b2ec794f

SHA1
30d62e2e1b3ff41e8bf94c0742f97171791d7bde

SHA256
f91e5a15f2d9b2c7cd6764774ff3f6d8c8ebb145fafd7d268d4cb6a37c001964

SHA512
95713afceca25a633d484e6d3b1de42434f994c9320266547bceb4073a988ce00b42e81ec86a5d81a42346cda490d920e2c6cab421b52ed02f3ac5aef20b1624

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35790.exe

Filesize
184KB

MD5
8ad05bbccffb253fa29677c83ce9970f

SHA1
af3a9e5f6e62e95d5cd243a6a05a552b3a8cdb61

SHA256
75fe032edbf62158af657bc30a9ef3e61d1b5fd632f31d9ae1ca9a8ce816fc9b

SHA512
fcb160d27ba9214842f0ce6216e2d93294590c5f862855468e5ae300be121892fd7f4416d3d58af81ec75885d4b59394eb667ef4acdf078be6dbf2d338c13c5d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38725.exe

Filesize
184KB

MD5
a26cae81bcc8e98a4b48467fd1167ff1

SHA1
b5f477634fc522159070dda14b979f5609816217

SHA256
a10a3f48096b446dbd3b9a11c6af6ea0b9ba5d92211e385bdbbb04ddfd675346

SHA512
92120b967a0b884c7393d3c463bab1c05d7a7024b72ae0406e8eefe27ae942ce07533652408c3c1af1bc03975f591b823dd2e525feffc743b728e73f176dfd7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39628.exe

Filesize
184KB

MD5
994cee06b9f50b2a68c33d29513d5a81

SHA1
4e9062dd1591f64fd4c2bcb6ecda39aa1e4e8730

SHA256
ddc6f2c5e93c0e3591fdffd4a7e29b9a352a89123df7bd70b980dac2fc728f2e

SHA512
ce594f9d5ef6cfffcf6fe16e87f7bf8e816cbb4547781ad461b33a64a591c2cc90d20a27d95767fb5dc38de0906eba43e6f2a88fc958da37c16de8432a654630

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe

Filesize
184KB

MD5
5b4d2b898c7dd24b4dc34ff49322a473

SHA1
e4ab6a4f11aad0f7e3641fbb4c475f9a09033f38

SHA256
3556c98f2ab919d9f39353b3f92bfaf06a1a44226d601a26427878ae738c2b82

SHA512
b9f838c3ce5fd46778013d036d00aa4d9c39ea2e5717b9c54963464c891816c2c40194df36cbf75110aac71f025b0da82961347d822edcc3af1e654bd79da744

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42582.exe

Filesize
184KB

MD5
873b901000046647839af4aa37b1ce0e

SHA1
8cec2849090460782ccc93c2c5ced29eb8fef8c2

SHA256
2f678b26aab6e061caa82a595362b0944a1cc83b761b72064aed04441c760ed9

SHA512
683f26482d6c526708a60cc77168c2ca1e80003dac760b10b8e66a696aec83f53e745619b7e2e027e555f3ba21fd1da2d7063d573e0a4bf640fb4e4564fec1a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe

Filesize
184KB

MD5
4603719b2eda654d9e7ac6c9d31c0cbc

SHA1
800b59293ccb5139e48fca9a43b8c02f6f1ed716

SHA256
732a38e5eeb0df647bd86327916442a2eb700f5ae0abaeaddf58d35a44329e51

SHA512
c4e843f7977cc37d5b70644efc9974aaf377368108d25ec5470fec90a6bd860522040be7e7083a99f3904f3fbbd7fe2c481a9b3760550ab66f2eb4ce62c98ae0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe

Filesize
184KB

MD5
eaaf99b8787b324a08e4a26fafb67de2

SHA1
72da80c12c25da67ad3243c8f9d045e4b29ed292

SHA256
fe88c2c7ff2e426a4e6c9869e5320eb44e4bdc92a7efb9e1ff69b28da82f4fd6

SHA512
4c8ca34521f5fe5bab52b8e1a3ddf7116256cf70fa94643314e63d2d40e9931e860a0e5ea731f27de3638e3f9f7a24fde108e60c14d9949f6e54e43755547f76

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe

Filesize
184KB

MD5
4b29f18bd50734ef33ad81a7fead5d50

SHA1
4d6321ea86cc90dce08de93031f7ab8df521fa10

SHA256
491400de58532c16b33aabd9344e4c5cfbd373bef46aed7e19e81edf2ecfa162

SHA512
29ec7aa00f7b8938f8ef46e3924933e20411573d4cc4c42680d0f7afb008a4a20f3e116b96d5de09ff1121466bec1bc1900255500928903a6e01fe80b31ca649

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe

Filesize
184KB

MD5
dd8afcba2125e54a4d4a1600ed5b4397

SHA1
c667666e2d62355f319a2e787aec4746174d6e67

SHA256
fac347f7feeb796979e944daeadcd8a4ba5885eafd26ee00bd91989a43fea537

SHA512
d26afa981bce4adf581000a5720c7e8ae592237c9d21b89ed4035439ed662c146f3a78b121cea08c1639a15026ffc876426d828bdf146ea865de251d00434445

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7259.exe

Filesize
184KB

MD5
2bf610dec3ca8603821c92f66106ccbd

SHA1
89e1ecf77257e6a4aa227da3fb2a6bcfab7710b1

SHA256
746104af7985e8df1c6a4f4611faf8fdfa32edeebb7d0d6d172982f153275946

SHA512
d7d01baf0698d4f5253d45637e2733b7b252225992b212c03fc8915e9fadd698095afe329ccbd02b57ea6a1cd9782af203e5ad5c33830ceafc7ff1446048cd73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9776.exe

Filesize
184KB

MD5
609d5f9d34c989ef68777dc5efd25aa0

SHA1
083828c634c64b4415e858cec01b389da457c7a4

SHA256
9ad7d5b344ddef78d16d98f180b3566fcefa8945abda80585b42777c22b8dafd

SHA512
2aeef776f30723b671750c547320509d2d38a33a04545b560d2f54fdffbdbc11a62b21607d2aa7e3f081436c050b28019490fecef7eff4df2a595f61067dabd7

Download Submit
memory/2056-671-0x0000000002890000-0x00000000029EC000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads