bcce9e637f72746bf09dee0658e7d62b7c732c57dfcc0a2b47791d0c177d447d

Analysis

max time kernel
147s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45a3922789074821c4cce2835ffbbfa0.exe
Size

184KB
MD5

45a3922789074821c4cce2835ffbbfa0
SHA1

60dde7015a8e11120914970deab527cc385af0ed
SHA256

bcce9e637f72746bf09dee0658e7d62b7c732c57dfcc0a2b47791d0c177d447d
SHA512

67602168e739db2615908badd25d45bac6cfa195e0dc5e86addb47180abe8ef2bc16e70f1cea84ab57cf90b3c336c759d93af1ae5d1b3acc22b925f4eec26932
SSDEEP

3072:J6G8omq80mwTaOjdqq9DX7kLpT+JcsIIbXxVGoY0xlv1pF/:J6Vo9jTa6qWDX7yVwtxlv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 8 IoCs

pid	Process
1916	Unicorn-33344.exe
2180	Unicorn-52306.exe
2296	Unicorn-8128.exe
2608	Unicorn-60313.exe
2756	Unicorn-31210.exe
2792	Unicorn-51953.exe
2504	Unicorn-41789.exe
2944	Unicorn-10082.exe

Loads dropped DLL 16 IoCs

pid	Process
2980	45a3922789074821c4cce2835ffbbfa0.exe
2980	45a3922789074821c4cce2835ffbbfa0.exe
1916	Unicorn-33344.exe
1916	Unicorn-33344.exe
2980	45a3922789074821c4cce2835ffbbfa0.exe
2980	45a3922789074821c4cce2835ffbbfa0.exe
2180	Unicorn-52306.exe
2180	Unicorn-52306.exe
1916	Unicorn-33344.exe
1916	Unicorn-33344.exe
2296	Unicorn-8128.exe
2296	Unicorn-8128.exe
2608	Unicorn-32266.exe
2608	Unicorn-32266.exe
2180	Unicorn-52306.exe
2180	Unicorn-52306.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
3028	412	WerFault.exe	88
1156	1280	WerFault.exe	90
1456	2432	WerFault.exe	154
2644	2648	WerFault.exe	157
1176	1560	WerFault.exe	127
2744	1600	WerFault.exe	172
488	2004	WerFault.exe	215
2320	2336	WerFault.exe	238
1964	2072	WerFault.exe	209

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2980	45a3922789074821c4cce2835ffbbfa0.exe
1916	Unicorn-33344.exe
2180	Unicorn-52306.exe
2296	Unicorn-8128.exe
2608	Unicorn-60313.exe
2756	Unicorn-31210.exe
2792	Unicorn-51953.exe
2504	Unicorn-41789.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 1916	2980	45a3922789074821c4cce2835ffbbfa0.exe	28
PID 2980 wrote to memory of 1916	2980	45a3922789074821c4cce2835ffbbfa0.exe	28
PID 2980 wrote to memory of 1916	2980	45a3922789074821c4cce2835ffbbfa0.exe	28
PID 2980 wrote to memory of 1916	2980	45a3922789074821c4cce2835ffbbfa0.exe	28
PID 1916 wrote to memory of 2180	1916	Unicorn-33344.exe	30
PID 1916 wrote to memory of 2180	1916	Unicorn-33344.exe	30
PID 1916 wrote to memory of 2180	1916	Unicorn-33344.exe	30
PID 1916 wrote to memory of 2180	1916	Unicorn-33344.exe	30
PID 2980 wrote to memory of 2296	2980	45a3922789074821c4cce2835ffbbfa0.exe	29
PID 2980 wrote to memory of 2296	2980	45a3922789074821c4cce2835ffbbfa0.exe	29
PID 2980 wrote to memory of 2296	2980	45a3922789074821c4cce2835ffbbfa0.exe	29
PID 2980 wrote to memory of 2296	2980	45a3922789074821c4cce2835ffbbfa0.exe	29
PID 2180 wrote to memory of 2608	2180	Unicorn-52306.exe	33
PID 2180 wrote to memory of 2608	2180	Unicorn-52306.exe	33
PID 2180 wrote to memory of 2608	2180	Unicorn-52306.exe	33
PID 2180 wrote to memory of 2608	2180	Unicorn-52306.exe	33
PID 1916 wrote to memory of 2756	1916	Unicorn-33344.exe	32
PID 1916 wrote to memory of 2756	1916	Unicorn-33344.exe	32
PID 1916 wrote to memory of 2756	1916	Unicorn-33344.exe	32
PID 1916 wrote to memory of 2756	1916	Unicorn-33344.exe	32
PID 2296 wrote to memory of 2792	2296	Unicorn-8128.exe	31
PID 2296 wrote to memory of 2792	2296	Unicorn-8128.exe	31
PID 2296 wrote to memory of 2792	2296	Unicorn-8128.exe	31
PID 2296 wrote to memory of 2792	2296	Unicorn-8128.exe	31
PID 2608 wrote to memory of 2504	2608	Unicorn-32266.exe	146
PID 2608 wrote to memory of 2504	2608	Unicorn-32266.exe	146
PID 2608 wrote to memory of 2504	2608	Unicorn-32266.exe	146
PID 2608 wrote to memory of 2504	2608	Unicorn-32266.exe	146
PID 2180 wrote to memory of 2944	2180	Unicorn-52306.exe	80
PID 2180 wrote to memory of 2944	2180	Unicorn-52306.exe	80
PID 2180 wrote to memory of 2944	2180	Unicorn-52306.exe	80
PID 2180 wrote to memory of 2944	2180	Unicorn-52306.exe	80

C:\Users\Admin\AppData\Local\Temp\45a3922789074821c4cce2835ffbbfa0.exe
"C:\Users\Admin\AppData\Local\Temp\45a3922789074821c4cce2835ffbbfa0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
        5⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        6⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
        7⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        8⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48437.exe
        9⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        8⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50606.exe
        9⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
        9⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40242.exe
        10⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        11⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11752.exe
        12⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        13⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        14⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28601.exe
        15⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
        16⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        17⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
        16⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9119.exe
        14⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51507.exe
        15⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30392.exe
        12⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
        13⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        14⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
        15⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32727.exe
        11⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        12⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
        13⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
        14⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18041.exe
        10⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        11⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40811.exe
        12⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23344.exe
        13⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
        14⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47667.exe
        6⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53060.exe
        8⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11695.exe
        9⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23759.exe
        10⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14599.exe
        11⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
        12⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42270.exe
        13⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
        14⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48528.exe
        12⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
        10⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        11⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
        12⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
        13⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
        11⤵
        
        PID:500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49583.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        9⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64651.exe
        10⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49670.exe
        11⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
        12⤵
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4200.exe
        5⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51196.exe
        6⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1834.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
        8⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-549.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47315.exe
        10⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6692.exe
        11⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54627.exe
        12⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59993.exe
        13⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
        14⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
        15⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53380.exe
        16⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        17⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-650.exe
        15⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43339.exe
        16⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        17⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6037.exe
        16⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
        12⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
        13⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        14⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
        15⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        16⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41248.exe
        17⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
        15⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
        11⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10984.exe
        12⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55886.exe
        13⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5445.exe
        14⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
        15⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31169.exe
        6⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64197.exe
        8⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12293.exe
        9⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46542.exe
        11⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        12⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36584.exe
        13⤵
        
        PID:2648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 200
        14⤵
        Program crash
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56599.exe
        12⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        13⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
        11⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23515.exe
        12⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11688.exe
        13⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
        14⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        10⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28748.exe
        11⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
        12⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
        13⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
        14⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe
        11⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40422.exe
        12⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
        13⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        14⤵
        
        PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59218.exe
      4⤵
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7729.exe
        5⤵
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26884.exe
        6⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56195.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50015.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
        9⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32266.exe
        10⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29547.exe
        11⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3776.exe
        12⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        13⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50982.exe
        14⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe
        15⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62144.exe
        13⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        14⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
        12⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        13⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        14⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        15⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
        13⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
        14⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
        10⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
        11⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53701.exe
        12⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45020.exe
        13⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
        14⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57495.exe
        13⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58108.exe
        14⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe
        11⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 188
        12⤵
        Program crash
        
        PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
        5⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23005.exe
        6⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61400.exe
        7⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51063.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        9⤵
        
        PID:1280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
        10⤵
        Program crash
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17081.exe
        9⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9915.exe
        10⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        11⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
        12⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
        10⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48538.exe
        11⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe
        12⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58307.exe
        7⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64938.exe
        8⤵
        
        PID:412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 200
        9⤵
        Program crash
        
        PID:3028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31210.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
      4⤵
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32234.exe
        5⤵
        
        PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
      4⤵
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2379.exe
        5⤵
        
        PID:2016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51953.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45067.exe
      4⤵
      PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24258.exe
        5⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        6⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18330.exe
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56221.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10082.exe
        9⤵
        Executes dropped EXE
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        10⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22723.exe
        11⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
        12⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3444.exe
        13⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        14⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        15⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13838.exe
        12⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        13⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        14⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        15⤵
        Program crash
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60437.exe
        13⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49998.exe
        11⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        12⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53956.exe
        13⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
        14⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26676.exe
        10⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37108.exe
        11⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9583.exe
        12⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        13⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
        14⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44926.exe
        12⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30443.exe
        13⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24590.exe
        14⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        15⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20645.exe
        14⤵
        
        PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28896.exe
      4⤵
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47623.exe
        5⤵
        
        PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
    3⤵
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48762.exe
      4⤵
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12768.exe
        5⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23165.exe
        6⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24129.exe
        7⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55810.exe
        8⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20419.exe
        9⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51332.exe
        10⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8029.exe
        11⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23951.exe
        12⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31486.exe
        13⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21720.exe
        14⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41445.exe
        15⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37333.exe
        11⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        12⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        9⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33494.exe
        10⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7090.exe
        11⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4039.exe
        12⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 372
        12⤵
        Program crash
        
        PID:1964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 376
        11⤵
        Program crash
        
        PID:2744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 376
        10⤵
        Program crash
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        8⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12027.exe
        9⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
        10⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
        11⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        12⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
        13⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44113.exe
        7⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        8⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
        9⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11420.exe
        10⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6623.exe
        12⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
        13⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
        11⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
        12⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49116.exe
        9⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        10⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12264.exe
        11⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7718.exe
        12⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
        13⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        11⤵
        
        PID:2336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
        12⤵
        Program crash
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
        9⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14983.exe
        10⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31890.exe
        11⤵
        
        PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58440.exe
      4⤵
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12199.exe
        5⤵
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        6⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6578.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        8⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26579.exe
        9⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7339.exe
        10⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
        11⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50246.exe
        12⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47554.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
        9⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
        10⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20940.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        10⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31933.exe
        7⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
        8⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20817.exe
        9⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26811.exe
        10⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        6⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        9⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44932.exe
        10⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61978.exe
        7⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31455.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43339.exe
        10⤵
        
        PID:2980

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads