69eb4a031da97a1625f1d4db187ff6325793d4af3237c16665832ab2eee1ac91

Analysis

max time kernel
12s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b7af8a3d8acd0cf8773e9df2571fc4a.exe
Size

184KB
MD5

3b7af8a3d8acd0cf8773e9df2571fc4a
SHA1

e2bc5032520e5ed0b6f878dd9658c778908e34a6
SHA256

69eb4a031da97a1625f1d4db187ff6325793d4af3237c16665832ab2eee1ac91
SHA512

29946ae188cae65e6f060eb3e9600fe17c370dada4637522bf1f7e5117ae08af70681d16122f505d85e0c131ac0ece2f96809693df32c5ce38eb557e2b905028
SSDEEP

3072:U5PnoJITjUA0SOjGdTC8zzFepsL66OlkBDExb8dAz7lPvpF0:U5foml0Sxde8zzGOmB7lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
2628	Unicorn-10606.exe
3056	Unicorn-11297.exe
2268	Unicorn-47003.exe
2552	Unicorn-62177.exe
2708	Unicorn-22250.exe
2484	Unicorn-63779.exe
2520	Unicorn-18793.exe

Loads dropped DLL 14 IoCs

pid	Process
1752	3b7af8a3d8acd0cf8773e9df2571fc4a.exe
1752	3b7af8a3d8acd0cf8773e9df2571fc4a.exe
2628	Unicorn-10606.exe
2628	Unicorn-10606.exe
1752	3b7af8a3d8acd0cf8773e9df2571fc4a.exe
1752	3b7af8a3d8acd0cf8773e9df2571fc4a.exe
3056	Unicorn-11297.exe
3056	Unicorn-11297.exe
2628	Unicorn-13175.exe
2628	Unicorn-13175.exe
2268	Unicorn-47003.exe
2268	Unicorn-47003.exe
2552	Unicorn-62177.exe
2552	Unicorn-62177.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1896	2044	WerFault.exe	73
4044	1732	WerFault.exe	213

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1752	3b7af8a3d8acd0cf8773e9df2571fc4a.exe
2628	Unicorn-10606.exe
3056	Unicorn-11297.exe
2268	Unicorn-47003.exe
2552	Unicorn-62177.exe
2708	Unicorn-22250.exe
2484	Unicorn-63779.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2628	1752	3b7af8a3d8acd0cf8773e9df2571fc4a.exe	28
PID 1752 wrote to memory of 2628	1752	3b7af8a3d8acd0cf8773e9df2571fc4a.exe	28
PID 1752 wrote to memory of 2628	1752	3b7af8a3d8acd0cf8773e9df2571fc4a.exe	28
PID 1752 wrote to memory of 2628	1752	3b7af8a3d8acd0cf8773e9df2571fc4a.exe	28
PID 2628 wrote to memory of 3056	2628	Unicorn-10606.exe	68
PID 2628 wrote to memory of 3056	2628	Unicorn-10606.exe	68
PID 2628 wrote to memory of 3056	2628	Unicorn-10606.exe	68
PID 2628 wrote to memory of 3056	2628	Unicorn-10606.exe	68
PID 1752 wrote to memory of 2268	1752	3b7af8a3d8acd0cf8773e9df2571fc4a.exe	29
PID 1752 wrote to memory of 2268	1752	3b7af8a3d8acd0cf8773e9df2571fc4a.exe	29
PID 1752 wrote to memory of 2268	1752	3b7af8a3d8acd0cf8773e9df2571fc4a.exe	29
PID 1752 wrote to memory of 2268	1752	3b7af8a3d8acd0cf8773e9df2571fc4a.exe	29
PID 3056 wrote to memory of 2552	3056	Unicorn-11297.exe	165
PID 3056 wrote to memory of 2552	3056	Unicorn-11297.exe	165
PID 3056 wrote to memory of 2552	3056	Unicorn-11297.exe	165
PID 3056 wrote to memory of 2552	3056	Unicorn-11297.exe	165
PID 2628 wrote to memory of 2708	2628	Unicorn-13175.exe	163
PID 2628 wrote to memory of 2708	2628	Unicorn-13175.exe	163
PID 2628 wrote to memory of 2708	2628	Unicorn-13175.exe	163
PID 2628 wrote to memory of 2708	2628	Unicorn-13175.exe	163
PID 2268 wrote to memory of 2484	2268	Unicorn-47003.exe	81
PID 2268 wrote to memory of 2484	2268	Unicorn-47003.exe	81
PID 2268 wrote to memory of 2484	2268	Unicorn-47003.exe	81
PID 2268 wrote to memory of 2484	2268	Unicorn-47003.exe	81
PID 2552 wrote to memory of 2520	2552	Unicorn-62177.exe	265
PID 2552 wrote to memory of 2520	2552	Unicorn-62177.exe	265
PID 2552 wrote to memory of 2520	2552	Unicorn-62177.exe	265
PID 2552 wrote to memory of 2520	2552	Unicorn-62177.exe	265

C:\Users\Admin\AppData\Local\Temp\3b7af8a3d8acd0cf8773e9df2571fc4a.exe
"C:\Users\Admin\AppData\Local\Temp\3b7af8a3d8acd0cf8773e9df2571fc4a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10606.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10606.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
    3⤵
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61897.exe
      4⤵
      PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60463.exe
        5⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4278.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34624.exe
        7⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        9⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        10⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
        11⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8448.exe
        12⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
        13⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe
        14⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
        8⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
        9⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43585.exe
        10⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        11⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30549.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40070.exe
        8⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3653.exe
        9⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        10⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        11⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        12⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57371.exe
        9⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        10⤵
        
        PID:3300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
        6⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50415.exe
        7⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63779.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        9⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        10⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24750.exe
        11⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
        12⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19361.exe
        10⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63499.exe
        11⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        12⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe
        11⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37702.exe
        8⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47908.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59519.exe
        10⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56043.exe
        11⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
        7⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53541.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        9⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        10⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        5⤵
        
        PID:1048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        6⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38162.exe
        7⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        8⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59938.exe
        9⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63006.exe
        10⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        11⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5708.exe
        12⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        13⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30160.exe
        11⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        12⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14077.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62177.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
        10⤵
        
        PID:1732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 220
        11⤵
        Program crash
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37503.exe
        9⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21773.exe
        10⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
        6⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        8⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        9⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11045.exe
        10⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        11⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47415.exe
        12⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        9⤵
        
        PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14194.exe
      4⤵
      PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2278.exe
        5⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26382.exe
        6⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37060.exe
        8⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-499.exe
        9⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15275.exe
        11⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47275.exe
        12⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21202.exe
        9⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
        7⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        10⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37735.exe
        8⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        9⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19102.exe
        6⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46458.exe
        7⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-499.exe
        8⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44374.exe
        9⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        10⤵
        
        PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
        5⤵
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38968.exe
        6⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55721.exe
        8⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
        9⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe
        10⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49472.exe
        11⤵
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14077.exe
        6⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        7⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49725.exe
        8⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41436.exe
        9⤵
        
        PID:3760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26998.exe
    3⤵
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6504.exe
      4⤵
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        5⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29561.exe
        6⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38162.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        10⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        11⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8667.exe
        12⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        7⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11278.exe
        9⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23447.exe
        10⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        11⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22250.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
        9⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21826.exe
        10⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        11⤵
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        6⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31685.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19915.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        9⤵
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13887.exe
        5⤵
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11297.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23575.exe
        7⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
        8⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9991.exe
        9⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        10⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        11⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25722.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30031.exe
        10⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
        6⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12524.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6156.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49300.exe
        9⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        10⤵
        
        PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe
      4⤵
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22296.exe
        5⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
        6⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61900.exe
        8⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63006.exe
        9⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40156.exe
        10⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18793.exe
        11⤵
        Executes dropped EXE
        
        PID:2520
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47003.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47003.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe
    3⤵
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe
      4⤵
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        6⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59099.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30028.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        9⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51223.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21877.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37083.exe
        12⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3820.exe
        7⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16768.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
        10⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        11⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
        9⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38659.exe
        10⤵
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        6⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45909.exe
        7⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49625.exe
        8⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1321.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
        10⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35058.exe
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64450.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
        7⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49406.exe
        8⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44770.exe
        9⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
        6⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
        8⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1399.exe
        9⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1475.exe
        10⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42513.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        9⤵
        
        PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
      4⤵
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        5⤵
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54024.exe
        6⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27985.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        9⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        10⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        11⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        12⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
        9⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe
        10⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34244.exe
        11⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62975.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50026.exe
        10⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
        11⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57961.exe
        8⤵
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15098.exe
        6⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        7⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        9⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1390.exe
        5⤵
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54846.exe
        6⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24909.exe
        7⤵
        
        PID:2284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
    3⤵
    PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
      4⤵
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
        5⤵
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        6⤵
        
        PID:2044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 244
        7⤵
        Program crash
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        6⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
        7⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
        9⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        10⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        5⤵
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30684.exe
        6⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12524.exe
        7⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13175.exe
        8⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
      4⤵
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
        5⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
        6⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57568.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50586.exe
        8⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        9⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17615.exe
        7⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45793.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15872.exe
        9⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24073.exe
        10⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37702.exe
        6⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62281.exe
        7⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        9⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        5⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
        6⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61920.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
        8⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        9⤵
        
        PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14436.exe

Filesize
184KB

MD5
97f3ae16b4517f7703147dd976a08115

SHA1
0199177bf31eb3f06a0ab1c1adedb9b61a0c4197

SHA256
5403f8ef43053d880c8af05030f4d3c126f3c37d2563ce74e4ccb57c9a2896ec

SHA512
65209aed994ab929ea2e45d992a8314d109c639cfa7039d725d769a66f923208cc75f70ed87c699d05f2f7707c05880ed1820c0ff828cd7d82ba9257ea6bcef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe

Filesize
184KB

MD5
43ea0be546286b731e949fa96ee1bf2a

SHA1
01e4777f29e4df3637a50083faf9f6f5651d0ece

SHA256
ee4f0678de1b72d5b01ef557abf9ff06032768e11bd8d1d3c93029fed6b88a60

SHA512
57b3797fb7ed365604a54b8df361dcd19387e4ce61f21d518e872d0bd79284f0b89640fe2a162367bef97a16c3f10afa9a050c81057ce2390283ad6f6e85112b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe

Filesize
184KB

MD5
acedc1e10a9d8a6f617cf2364ba73ec5

SHA1
94ae6be8ec408098f4b05abc483994aeb185540b

SHA256
c4f030e8cce291b62bb6d5cbc6b3852bf4c74712e29232c2eff769b887912dc8

SHA512
7e6b21d331fe95b0f3929cf0f1a16cd38c3efd0596a1ffaa0e7cdc26f5a612f382929cbb28cf4471f87bfa0fe3c0a5f4f2789463bd685942e10292115552171a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe

Filesize
184KB

MD5
8f386b5d3bfaf3c4a2c9c1f39e7c3d35

SHA1
f431a5185739a13475a3f9c0eecb73188db8b831

SHA256
65c3dca1f9b8f79f10b3adf65044f8d2ef777e1ee9bab2512d89570ed654ec48

SHA512
51de3fe32f71ee80408f89478cd0cd09216a467e14c94449e6d1b24dd4efa2bb7c7b0068c8ae54333e14bac3a389685ad0eb76629f1517941793db6626c57617

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6367.exe

Filesize
184KB

MD5
a01be1b8da139d6969945d29ed2491ed

SHA1
8c365ab011a00c2f1d7e7dc28f6c86770ad0af0e

SHA256
b2ffcacdb1ba88ddf4d7a91567fb31c44768ed0da05b41be5bc68fdfa95db979

SHA512
43327ea62040de01faabe18bdf78d9916ad9bf3c7fd0d9d756371ddcc0cc002e06d35e88e7563841ddf30699e6dbb58cdf3306c28210dd8c3f277a92f8877c0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe

Filesize
184KB

MD5
400b63c7a5c643fa116e7185216aa8e7

SHA1
93bb6ed013aed7e60a65af4e3da376dcce4da1f3

SHA256
76633ff881396fb7a5d10209df2faa7c9ad4547397fc94cfb6cf93ce6b43d253

SHA512
d3756c726b6e462232d2d2e6f48cfce9c8d02502c90c2ff89884a910b3ae00aa25208db6f85d99e57872dd68afbf50dcb918789257e1404e096cf64db5907aa4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-470.exe

Filesize
184KB

MD5
0dcab5a8c672b28665260afc3ce890d6

SHA1
e53d3235ceb6e817a1533e4e5fd9e84e18e43b22

SHA256
e2833799692832c8c7aea570b269b063bd4d130b92038afeec9d2de1bdf5d684

SHA512
768a6cd748dd88129a08fc04db4d928cde08930812ae08490826dba517e657717a11405ddef0f1bfd195c5225f2b4cdb25572e2cc75aec5089f61d43fd4b442d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads