3c5e88aff4ec77c709347e107224494ad2c20848d4f41b8d8b230ba546d77886

Analysis

max time kernel
148s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

168b1859b24ffb57f57dbe7b2171c413.exe
Size

184KB
MD5

168b1859b24ffb57f57dbe7b2171c413
SHA1

cab8145fcf05e900c83d23d556012284a3406adf
SHA256

3c5e88aff4ec77c709347e107224494ad2c20848d4f41b8d8b230ba546d77886
SHA512

eba10ac480653b0d66f95f278e16637fe2f47c80aa454f2e4ea47952fb678052298224abfd149c7b0f39f97060a3a6608d3f7c1f9f645c390254a900608560f3
SSDEEP

3072:v0CYomu+Nsr3tOjRo3yK6J+LQXTMC2ZeZxxvLFvg9lvvpFJ:v0poyW3tGoiK6JrKc69lvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
2960	Unicorn-17260.exe
2876	Unicorn-14410.exe
2740	Unicorn-35577.exe
2972	Unicorn-18817.exe
2076	Unicorn-3035.exe
2840	Unicorn-63165.exe
2720	Unicorn-57988.exe

Loads dropped DLL 15 IoCs

pid	Process
2156	168b1859b24ffb57f57dbe7b2171c413.exe
2156	168b1859b24ffb57f57dbe7b2171c413.exe
2960	Unicorn-17260.exe
2960	Unicorn-17260.exe
2156	168b1859b24ffb57f57dbe7b2171c413.exe
2156	168b1859b24ffb57f57dbe7b2171c413.exe
2876	Unicorn-14410.exe
2876	Unicorn-14410.exe
2960	Unicorn-17260.exe
2960	Unicorn-17260.exe
2740	Unicorn-25492.exe
2740	Unicorn-25492.exe
2972	Unicorn-18817.exe
2972	Unicorn-18817.exe
2876	Unicorn-47061.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1624	2776	WerFault.exe	68
1960	2868	WerFault.exe	231
1792	1028	WerFault.exe	232
2608	2464	WerFault.exe	313
2420	1740	WerFault.exe	292
1872	2968	WerFault.exe	306

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2156	168b1859b24ffb57f57dbe7b2171c413.exe
2960	Unicorn-17260.exe
2876	Unicorn-14410.exe
2740	Unicorn-35577.exe
2972	Unicorn-18817.exe
2076	Unicorn-3035.exe
2840	Unicorn-63165.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2960	2156	168b1859b24ffb57f57dbe7b2171c413.exe	28
PID 2156 wrote to memory of 2960	2156	168b1859b24ffb57f57dbe7b2171c413.exe	28
PID 2156 wrote to memory of 2960	2156	168b1859b24ffb57f57dbe7b2171c413.exe	28
PID 2156 wrote to memory of 2960	2156	168b1859b24ffb57f57dbe7b2171c413.exe	28
PID 2960 wrote to memory of 2876	2960	Unicorn-17260.exe	30
PID 2960 wrote to memory of 2876	2960	Unicorn-17260.exe	30
PID 2960 wrote to memory of 2876	2960	Unicorn-17260.exe	30
PID 2960 wrote to memory of 2876	2960	Unicorn-17260.exe	30
PID 2156 wrote to memory of 2740	2156	168b1859b24ffb57f57dbe7b2171c413.exe	29
PID 2156 wrote to memory of 2740	2156	168b1859b24ffb57f57dbe7b2171c413.exe	29
PID 2156 wrote to memory of 2740	2156	168b1859b24ffb57f57dbe7b2171c413.exe	29
PID 2156 wrote to memory of 2740	2156	168b1859b24ffb57f57dbe7b2171c413.exe	29
PID 2876 wrote to memory of 2972	2876	Unicorn-14410.exe	33
PID 2876 wrote to memory of 2972	2876	Unicorn-14410.exe	33
PID 2876 wrote to memory of 2972	2876	Unicorn-14410.exe	33
PID 2876 wrote to memory of 2972	2876	Unicorn-14410.exe	33
PID 2960 wrote to memory of 2076	2960	Unicorn-17260.exe	32
PID 2960 wrote to memory of 2076	2960	Unicorn-17260.exe	32
PID 2960 wrote to memory of 2076	2960	Unicorn-17260.exe	32
PID 2960 wrote to memory of 2076	2960	Unicorn-17260.exe	32
PID 2740 wrote to memory of 2840	2740	Unicorn-25492.exe	31
PID 2740 wrote to memory of 2840	2740	Unicorn-25492.exe	31
PID 2740 wrote to memory of 2840	2740	Unicorn-25492.exe	31
PID 2740 wrote to memory of 2840	2740	Unicorn-25492.exe	31
PID 2972 wrote to memory of 2720	2972	Unicorn-18817.exe	255
PID 2972 wrote to memory of 2720	2972	Unicorn-18817.exe	255
PID 2972 wrote to memory of 2720	2972	Unicorn-18817.exe	255
PID 2972 wrote to memory of 2720	2972	Unicorn-18817.exe	255

C:\Users\Admin\AppData\Local\Temp\168b1859b24ffb57f57dbe7b2171c413.exe
"C:\Users\Admin\AppData\Local\Temp\168b1859b24ffb57f57dbe7b2171c413.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14410.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14410.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43980.exe
        5⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3771.exe
        6⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3060.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
        8⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49804.exe
        9⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
        10⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43162.exe
        11⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        12⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        13⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19715.exe
        8⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
        9⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47236.exe
        10⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53785.exe
        11⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20452.exe
        7⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55170.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        9⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65461.exe
        11⤵
        
        PID:2968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 244
        12⤵
        Program crash
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8659.exe
        6⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        8⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48331.exe
        9⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42618.exe
        10⤵
        
        PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
      4⤵
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
        5⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54966.exe
        6⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47941.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52539.exe
        10⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22877.exe
        11⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30137.exe
        12⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        13⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
        14⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58248.exe
        15⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39383.exe
        10⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27532.exe
        11⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57988.exe
        12⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
        9⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55736.exe
        10⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64319.exe
        11⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
        12⤵
        Program crash
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51278.exe
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43292.exe
        9⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        10⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-879.exe
        11⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1777.exe
        12⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        11⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
        5⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41160.exe
        6⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45188.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43709.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2025.exe
        9⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
        10⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26582.exe
        11⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
        12⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
        13⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe
        14⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64517.exe
        15⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16394.exe
        11⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5632.exe
        12⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47428.exe
        13⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        14⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
        15⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
        10⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49628.exe
        11⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
        12⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57988.exe
        13⤵
        Executes dropped EXE
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        14⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
        12⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16998.exe
        13⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe
        14⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65264.exe
        15⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65351.exe
        9⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        10⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25679.exe
        11⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61553.exe
        12⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        10⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35679.exe
        11⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19198.exe
        12⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59540.exe
        13⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        9⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        10⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        11⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8424.exe
        12⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46707.exe
        13⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9648.exe
        9⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34039.exe
        10⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55741.exe
        11⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31424.exe
        12⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        13⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34246.exe
        14⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        15⤵
        Program crash
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55554.exe
        12⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14366.exe
        13⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15675.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
        8⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61501.exe
        9⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60375.exe
        10⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
        11⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
        12⤵
        
        PID:3016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
      4⤵
      PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
        5⤵
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        6⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25349.exe
        7⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40720.exe
        8⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
        9⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
        10⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50894.exe
        11⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
        12⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
        13⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12742.exe
        14⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53535.exe
        11⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30137.exe
        12⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42441.exe
        13⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48896.exe
        10⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17693.exe
        11⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
        12⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
        13⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25576.exe
        14⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46702.exe
        15⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43364.exe
        14⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21103.exe
        8⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14142.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60349.exe
        10⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        11⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10863.exe
        12⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
        13⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7811.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        10⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
        11⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        12⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
        13⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
        14⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26363.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        11⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19011.exe
        12⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
        13⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
        14⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
        15⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7313.exe
        11⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        12⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        5⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3449.exe
        6⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12899.exe
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58683.exe
        9⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59809.exe
        10⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60214.exe
        11⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe
        12⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        13⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        14⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40841.exe
        10⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27392.exe
        11⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        12⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
        13⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
        14⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
        9⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61901.exe
        11⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22203.exe
        12⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8851.exe
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24283.exe
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
        9⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8948.exe
        10⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
        11⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        12⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48741.exe
        13⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60106.exe
        14⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
        11⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20034.exe
        12⤵
        
        PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
      4⤵
      PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
        5⤵
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe
        6⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        7⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25492.exe
        9⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51465.exe
        10⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40547.exe
        11⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
        12⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46136.exe
        13⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
        14⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
        12⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9374.exe
        13⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        8⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11179.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2643.exe
        10⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26816.exe
        11⤵
        
        PID:2888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35577.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35577.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31728.exe
      4⤵
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
        5⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
        6⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62582.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61140.exe
        8⤵
        
        PID:2776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
        9⤵
        Program crash
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37439.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19680.exe
        9⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        10⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24211.exe
        11⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
        12⤵
        
        PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3279.exe
        5⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24305.exe
        6⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
        7⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13667.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1389.exe
        9⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe
        10⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47941.exe
        11⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        12⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1911.exe
        13⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
        14⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16453.exe
        15⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        16⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4905.exe
        12⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
        13⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
        14⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7271.exe
        10⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31813.exe
        11⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61901.exe
        12⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35117.exe
        9⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        10⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
        11⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24429.exe
        12⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        8⤵
        Loads dropped DLL
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
        9⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46291.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        11⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
        12⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24232.exe
        13⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        14⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64745.exe
        13⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34834.exe
        7⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        8⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        9⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
        10⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36686.exe
        11⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4335.exe
        12⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
        11⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
        12⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60796.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20448.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
        9⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38663.exe
        10⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        11⤵
        
        PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1961.exe
      4⤵
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23145.exe
        5⤵
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55224.exe
        6⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        8⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
        9⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59249.exe
        10⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27205.exe
        11⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21829.exe
        12⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62136.exe
        7⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25819.exe
        8⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
        9⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63754.exe
        11⤵
        
        PID:2464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 188
        12⤵
        Program crash
        
        PID:2608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20030.exe
    3⤵
    PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe
      4⤵
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18869.exe
        5⤵
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        6⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27565.exe
        7⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59586.exe
        8⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33084.exe
        9⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62819.exe
        10⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27200.exe
        11⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
        12⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58335.exe
        8⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
        10⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34979.exe
        11⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
        12⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50848.exe
        13⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61101.exe
        7⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
        8⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55720.exe
        9⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
        10⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60038.exe
        11⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        12⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60984.exe
        6⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        7⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19161.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
        9⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
        10⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64672.exe
        11⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64319.exe
        12⤵
        
        PID:2868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        13⤵
        Program crash
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        9⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32939.exe
        10⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1927.exe
        11⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
        12⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25273.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56857.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        10⤵
        
        PID:536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
      4⤵
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29428.exe
        5⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
        6⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40483.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18404.exe
        9⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
        10⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3624.exe
        11⤵
        
        PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54023.exe
        6⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
        7⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
        8⤵
        
        PID:1428

Windows 7 deprecation

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads