0686d7755c74c31d38f8f5f822b5ee83d9a132659602478176a1ff8e48c1cce2

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-03-2024 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5e11b3a85292c90aa27e2986004c424.exe
Size

184KB
MD5

d5e11b3a85292c90aa27e2986004c424
SHA1

a6fb1997a7420143c700872df512821b1bd13d70
SHA256

0686d7755c74c31d38f8f5f822b5ee83d9a132659602478176a1ff8e48c1cce2
SHA512

3e63aba3c77acf3a8eecaad3b478373fc3527890aa26a7957fe9ed56ba6846be0730255f92be99bf4f5ab32f402469ccdfa142070108d7c29c23d1b721ad9206
SSDEEP

3072:0dz0oPWMqQAqseNlMzZCbecFL19hMz10/zJlxDGPYaylPkpF1:0dIoUBqsYMUbecyS1UylPkpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
348	Unicorn-34606.exe
1696	Unicorn-33895.exe
2580	Unicorn-18113.exe
2660	Unicorn-28872.exe
2768	Unicorn-50039.exe
2488	Unicorn-8451.exe
3024	Unicorn-29038.exe
2248	Unicorn-62457.exe
2776	Unicorn-53542.exe
2528	Unicorn-61710.exe
2760	Unicorn-45929.exe
1740	Unicorn-24243.exe
2188	Unicorn-49302.exe
2420	Unicorn-24051.exe
540	Unicorn-54730.exe
1076	Unicorn-13142.exe
604	Unicorn-17227.exe
1144	Unicorn-42477.exe
1800	Unicorn-37647.exe
1868	Unicorn-15135.exe
320	Unicorn-44471.exe
2028	Unicorn-2883.exe
2348	Unicorn-12395.exe
404	Unicorn-41730.exe
1812	Unicorn-16288.exe
1504	Unicorn-44876.exe
1628	Unicorn-32624.exe
1584	Unicorn-12758.exe
2192	Unicorn-36708.exe
2364	Unicorn-5467.exe
1968	Unicorn-50392.exe
2340	Unicorn-21249.exe
2824	Unicorn-63433.exe
2456	Unicorn-53594.exe
636	Unicorn-33728.exe
2076	Unicorn-20730.exe
1632	Unicorn-58233.exe
2796	Unicorn-61570.exe
2764	Unicorn-4756.exe
2840	Unicorn-24622.exe
1288	Unicorn-57849.exe
1808	Unicorn-12177.exe
3060	Unicorn-288.exe
684	Unicorn-21498.exe
1648	Unicorn-54170.exe
2012	Unicorn-4969.exe
1152	Unicorn-21860.exe
1536	Unicorn-41726.exe
2260	Unicorn-58617.exe
916	Unicorn-12945.exe
2520	Unicorn-26843.exe
2400	Unicorn-24813.exe
1712	Unicorn-15899.exe
2392	Unicorn-20153.exe
2648	Unicorn-3070.exe
2556	Unicorn-41725.exe
1964	Unicorn-20367.exe
1396	Unicorn-47092.exe
1764	Unicorn-35394.exe
2944	Unicorn-22396.exe
2208	Unicorn-34648.exe
1476	Unicorn-26650.exe
700	Unicorn-22012.exe
576	Unicorn-44523.exe

Loads dropped DLL 64 IoCs

pid	Process
2180	d5e11b3a85292c90aa27e2986004c424.exe
2180	d5e11b3a85292c90aa27e2986004c424.exe
348	Unicorn-34606.exe
348	Unicorn-34606.exe
2180	d5e11b3a85292c90aa27e2986004c424.exe
2180	d5e11b3a85292c90aa27e2986004c424.exe
1696	Unicorn-33895.exe
1696	Unicorn-33895.exe
348	Unicorn-34606.exe
348	Unicorn-34606.exe
2580	Unicorn-18113.exe
2580	Unicorn-18113.exe
2708	WerFault.exe
2708	WerFault.exe
2708	WerFault.exe
2708	WerFault.exe
2708	WerFault.exe
2708	WerFault.exe
2708	WerFault.exe
2660	Unicorn-28872.exe
2660	Unicorn-28872.exe
1696	Unicorn-33895.exe
1696	Unicorn-33895.exe
2768	Unicorn-50039.exe
2768	Unicorn-50039.exe
2488	Unicorn-8451.exe
2488	Unicorn-8451.exe
2580	Unicorn-18113.exe
2580	Unicorn-18113.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
1412	WerFault.exe
1412	WerFault.exe
1412	WerFault.exe
1412	WerFault.exe
1412	WerFault.exe
1412	WerFault.exe
1412	WerFault.exe
3024	Unicorn-29038.exe
3024	Unicorn-29038.exe
2660	Unicorn-28872.exe
2660	Unicorn-28872.exe
2528	Unicorn-61710.exe
2528	Unicorn-61710.exe
2488	Unicorn-8451.exe
2488	Unicorn-8451.exe
2760	Unicorn-45929.exe
2760	Unicorn-45929.exe
2776	Unicorn-53542.exe
2776	Unicorn-53542.exe
2768	Unicorn-50039.exe
2768	Unicorn-50039.exe
2248	Unicorn-62457.exe
2248	Unicorn-62457.exe
2132	WerFault.exe
2132	WerFault.exe
2132	WerFault.exe
2132	WerFault.exe
2132	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2564	2180	WerFault.exe	27
2708	348	WerFault.exe	28
2956	1696	WerFault.exe	29
1412	2580	WerFault.exe	30
2132	2660	WerFault.exe	32
1780	2768	WerFault.exe	33
1672	2488	WerFault.exe	34
2476	3024	WerFault.exe	36
3048	2528	WerFault.exe	39
2976	2776	WerFault.exe	38
2740	2760	WerFault.exe	40
2632	2248	WerFault.exe	37
1092	2420	WerFault.exe	45
2656	540	WerFault.exe	46
2112	1144	WerFault.exe	49
1612	1800	WerFault.exe	50
2104	2188	WerFault.exe	44
2748	320	WerFault.exe	55
1760	404	WerFault.exe	58
1508	1812	WerFault.exe	59
2644	2364	WerFault.exe	65
1444	2348	WerFault.exe	57
1488	2340	WerFault.exe	64
2344	1968	WerFault.exe	66
2788	1076	WerFault.exe	47
1860	1584	WerFault.exe	63
3216	1628	WerFault.exe	61
3240	2796	WerFault.exe	77
3316	1740	WerFault.exe	43
3428	2076	WerFault.exe	73
3624	604	WerFault.exe	48
3704	1536	WerFault.exe	87
3892	1632	WerFault.exe	75
3924	1868	WerFault.exe	54
3984	2260	WerFault.exe	89
3992	2456	WerFault.exe	70
4068	2012	WerFault.exe	86
3096	1288	WerFault.exe	81
3156	1476	WerFault.exe	107
3332	2028	WerFault.exe	56
3444	2192	WerFault.exe	62
3516	2764	WerFault.exe	78
3788	2196	WerFault.exe	123
4076	3060	WerFault.exe	83
4044	2520	WerFault.exe	91
4092	2824	WerFault.exe	68
3600	916	WerFault.exe	90
3636	684	WerFault.exe	84
3652	1648	WerFault.exe	85
4124	700	WerFault.exe	108
4116	2648	WerFault.exe	97
4164	1764	WerFault.exe	103
4284	2840	WerFault.exe	79
4328	2524	WerFault.exe	113
4376	1056	WerFault.exe	121
4432	2392	WerFault.exe	95
4440	1396	WerFault.exe	102
4500	1808	WerFault.exe	82
4568	2888	WerFault.exe	119
4640	2324	WerFault.exe	80
4632	2464	WerFault.exe	124
4692	636	WerFault.exe	72
4748	3488	WerFault.exe	147
4820	2944	WerFault.exe	105

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2180	d5e11b3a85292c90aa27e2986004c424.exe
348	Unicorn-34606.exe
1696	Unicorn-33895.exe
2580	Unicorn-18113.exe
2660	Unicorn-28872.exe
2768	Unicorn-50039.exe
2488	Unicorn-8451.exe
3024	Unicorn-29038.exe
2528	Unicorn-61710.exe
2776	Unicorn-53542.exe
2248	Unicorn-62457.exe
2760	Unicorn-45929.exe
1740	Unicorn-24243.exe
2188	Unicorn-49302.exe
2420	Unicorn-24051.exe
1076	Unicorn-13142.exe
1144	Unicorn-42477.exe
540	Unicorn-54730.exe
604	Unicorn-17227.exe
1800	Unicorn-37647.exe
1868	Unicorn-15135.exe
320	Unicorn-44471.exe
2028	Unicorn-2883.exe
2348	Unicorn-12395.exe
404	Unicorn-41730.exe
1812	Unicorn-16288.exe
1504	Unicorn-44876.exe
2364	Unicorn-5467.exe
1584	Unicorn-12758.exe
2340	Unicorn-21249.exe
1968	Unicorn-50392.exe
2192	Unicorn-36708.exe
2824	Unicorn-63433.exe
2456	Unicorn-53594.exe
2076	Unicorn-20730.exe
636	Unicorn-33728.exe
2796	Unicorn-61570.exe
1632	Unicorn-58233.exe
2840	Unicorn-24622.exe
2764	Unicorn-4756.exe
2324	Unicorn-16262.exe
1288	Unicorn-57849.exe
1648	Unicorn-54170.exe
3060	Unicorn-288.exe
1808	Unicorn-12177.exe
684	Unicorn-21498.exe
1536	Unicorn-41726.exe
2260	Unicorn-58617.exe
1152	Unicorn-21860.exe
2012	Unicorn-4969.exe
916	Unicorn-12945.exe
2520	Unicorn-26843.exe
2400	Unicorn-24813.exe
2648	Unicorn-3070.exe
2392	Unicorn-20153.exe
1712	Unicorn-15899.exe
2556	Unicorn-41725.exe
1964	Unicorn-20367.exe
1396	Unicorn-47092.exe
1764	Unicorn-35394.exe
2944	Unicorn-22396.exe
2208	Unicorn-34648.exe
1476	Unicorn-26650.exe
700	Unicorn-22012.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 348	2180	d5e11b3a85292c90aa27e2986004c424.exe	28
PID 2180 wrote to memory of 348	2180	d5e11b3a85292c90aa27e2986004c424.exe	28
PID 2180 wrote to memory of 348	2180	d5e11b3a85292c90aa27e2986004c424.exe	28
PID 2180 wrote to memory of 348	2180	d5e11b3a85292c90aa27e2986004c424.exe	28
PID 348 wrote to memory of 1696	348	Unicorn-34606.exe	29
PID 348 wrote to memory of 1696	348	Unicorn-34606.exe	29
PID 348 wrote to memory of 1696	348	Unicorn-34606.exe	29
PID 348 wrote to memory of 1696	348	Unicorn-34606.exe	29
PID 2180 wrote to memory of 2580	2180	d5e11b3a85292c90aa27e2986004c424.exe	30
PID 2180 wrote to memory of 2580	2180	d5e11b3a85292c90aa27e2986004c424.exe	30
PID 2180 wrote to memory of 2580	2180	d5e11b3a85292c90aa27e2986004c424.exe	30
PID 2180 wrote to memory of 2580	2180	d5e11b3a85292c90aa27e2986004c424.exe	30
PID 2180 wrote to memory of 2564	2180	d5e11b3a85292c90aa27e2986004c424.exe	31
PID 2180 wrote to memory of 2564	2180	d5e11b3a85292c90aa27e2986004c424.exe	31
PID 2180 wrote to memory of 2564	2180	d5e11b3a85292c90aa27e2986004c424.exe	31
PID 2180 wrote to memory of 2564	2180	d5e11b3a85292c90aa27e2986004c424.exe	31
PID 1696 wrote to memory of 2660	1696	Unicorn-33895.exe	32
PID 1696 wrote to memory of 2660	1696	Unicorn-33895.exe	32
PID 1696 wrote to memory of 2660	1696	Unicorn-33895.exe	32
PID 1696 wrote to memory of 2660	1696	Unicorn-33895.exe	32
PID 348 wrote to memory of 2768	348	Unicorn-34606.exe	33
PID 348 wrote to memory of 2768	348	Unicorn-34606.exe	33
PID 348 wrote to memory of 2768	348	Unicorn-34606.exe	33
PID 348 wrote to memory of 2768	348	Unicorn-34606.exe	33
PID 2580 wrote to memory of 2488	2580	Unicorn-18113.exe	34
PID 2580 wrote to memory of 2488	2580	Unicorn-18113.exe	34
PID 2580 wrote to memory of 2488	2580	Unicorn-18113.exe	34
PID 2580 wrote to memory of 2488	2580	Unicorn-18113.exe	34
PID 348 wrote to memory of 2708	348	Unicorn-34606.exe	35
PID 348 wrote to memory of 2708	348	Unicorn-34606.exe	35
PID 348 wrote to memory of 2708	348	Unicorn-34606.exe	35
PID 348 wrote to memory of 2708	348	Unicorn-34606.exe	35
PID 2660 wrote to memory of 3024	2660	Unicorn-28872.exe	36
PID 2660 wrote to memory of 3024	2660	Unicorn-28872.exe	36
PID 2660 wrote to memory of 3024	2660	Unicorn-28872.exe	36
PID 2660 wrote to memory of 3024	2660	Unicorn-28872.exe	36
PID 1696 wrote to memory of 2248	1696	Unicorn-33895.exe	37
PID 1696 wrote to memory of 2248	1696	Unicorn-33895.exe	37
PID 1696 wrote to memory of 2248	1696	Unicorn-33895.exe	37
PID 1696 wrote to memory of 2248	1696	Unicorn-33895.exe	37
PID 2768 wrote to memory of 2776	2768	Unicorn-50039.exe	38
PID 2768 wrote to memory of 2776	2768	Unicorn-50039.exe	38
PID 2768 wrote to memory of 2776	2768	Unicorn-50039.exe	38
PID 2768 wrote to memory of 2776	2768	Unicorn-50039.exe	38
PID 2488 wrote to memory of 2528	2488	Unicorn-8451.exe	39
PID 2488 wrote to memory of 2528	2488	Unicorn-8451.exe	39
PID 2488 wrote to memory of 2528	2488	Unicorn-8451.exe	39
PID 2488 wrote to memory of 2528	2488	Unicorn-8451.exe	39
PID 2580 wrote to memory of 2760	2580	Unicorn-18113.exe	40
PID 2580 wrote to memory of 2760	2580	Unicorn-18113.exe	40
PID 2580 wrote to memory of 2760	2580	Unicorn-18113.exe	40
PID 2580 wrote to memory of 2760	2580	Unicorn-18113.exe	40
PID 1696 wrote to memory of 2956	1696	Unicorn-33895.exe	41
PID 1696 wrote to memory of 2956	1696	Unicorn-33895.exe	41
PID 1696 wrote to memory of 2956	1696	Unicorn-33895.exe	41
PID 1696 wrote to memory of 2956	1696	Unicorn-33895.exe	41
PID 2580 wrote to memory of 1412	2580	Unicorn-18113.exe	42
PID 2580 wrote to memory of 1412	2580	Unicorn-18113.exe	42
PID 2580 wrote to memory of 1412	2580	Unicorn-18113.exe	42
PID 2580 wrote to memory of 1412	2580	Unicorn-18113.exe	42
PID 3024 wrote to memory of 1740	3024	Unicorn-29038.exe	43
PID 3024 wrote to memory of 1740	3024	Unicorn-29038.exe	43
PID 3024 wrote to memory of 1740	3024	Unicorn-29038.exe	43
PID 3024 wrote to memory of 1740	3024	Unicorn-29038.exe	43

C:\Users\Admin\AppData\Local\Temp\d5e11b3a85292c90aa27e2986004c424.exe
"C:\Users\Admin\AppData\Local\Temp\d5e11b3a85292c90aa27e2986004c424.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34606.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34606.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15135.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63433.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26843.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41529.exe
        10⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12048.exe
        11⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
        12⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        13⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 376
        13⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 368
        12⤵
        
        PID:7820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 376
        11⤵
        
        PID:6484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 376
        10⤵
        Program crash
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12426.exe
        9⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        10⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        11⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40345.exe
        12⤵
        
        PID:9572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 376
        12⤵
        
        PID:9424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 376
        11⤵
        
        PID:9272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 376
        10⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 376
        9⤵
        Program crash
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24813.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62707.exe
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
        10⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 376
        10⤵
        
        PID:7756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 376
        9⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 376
        8⤵
        Program crash
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30559.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
        9⤵
        
        PID:6668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 376
        10⤵
        
        PID:9944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        9⤵
        
        PID:7620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 216
        8⤵
        Program crash
        
        PID:4692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 376
        7⤵
        Program crash
        
        PID:3316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53594.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15899.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15976.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
        10⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 380
        10⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 376
        9⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 368
        8⤵
        Program crash
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20153.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53589.exe
        8⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41358.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19449.exe
        10⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        11⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 376
        11⤵
        
        PID:9296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 376
        10⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 376
        9⤵
        Program crash
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        8⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12987.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6926.exe
        10⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24865.exe
        11⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe
        12⤵
        
        PID:9600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 376
        12⤵
        
        PID:9552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 368
        11⤵
        
        PID:9240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 376
        10⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 376
        9⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 376
        8⤵
        Program crash
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 376
        7⤵
        Program crash
        
        PID:2748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 376
        6⤵
        Program crash
        
        PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49302.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2883.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20730.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
        9⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        10⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
        11⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        12⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 376
        12⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 368
        11⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28804.exe
        10⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
        11⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        12⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 376
        12⤵
        
        PID:9264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 376
        11⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 368
        10⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 376
        9⤵
        Program crash
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36563.exe
        9⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24423.exe
        10⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        11⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 376
        11⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 376
        10⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 380
        9⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 376
        8⤵
        Program crash
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41725.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48805.exe
        8⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        9⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
        10⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 368
        10⤵
        
        PID:9868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 376
        9⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 376
        8⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 376
        7⤵
        Program crash
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25961.exe
        7⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
        8⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51166.exe
        9⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49744.exe
        10⤵
        
        PID:4108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe
        11⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26089.exe
        12⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 376
        12⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 376
        11⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 376
        10⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51643.exe
        9⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63655.exe
        10⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        11⤵
        
        PID:8956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 380
        11⤵
        
        PID:9860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 376
        10⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 376
        9⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 376
        8⤵
        Program crash
        
        PID:3788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 376
        7⤵
        Program crash
        
        PID:3892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 376
        6⤵
        Program crash
        
        PID:2104
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 368
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62457.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36708.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59894.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
        10⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38639.exe
        11⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        12⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 376
        12⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 376
        11⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18581.exe
        10⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        11⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28782.exe
        12⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 376
        12⤵
        
        PID:10092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 368
        11⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 376
        10⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 376
        9⤵
        Program crash
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25036.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
        9⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25736.exe
        11⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26089.exe
        12⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
        13⤵
        
        PID:9756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 376
        13⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 376
        12⤵
        
        PID:8036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 376
        11⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 376
        10⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 376
        9⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 376
        8⤵
        Program crash
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
        7⤵
        Executes dropped EXE
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62162.exe
        8⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
        9⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 376
        9⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 376
        8⤵
        
        PID:7000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 376
        7⤵
        Program crash
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58617.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        9⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        10⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 376
        10⤵
        
        PID:9256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 376
        9⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 368
        8⤵
        Program crash
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6801.exe
        7⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28369.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
        9⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        10⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 376
        10⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 368
        9⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 368
        8⤵
        Program crash
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 368
        7⤵
        Program crash
        
        PID:3984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 376
        6⤵
        Program crash
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2032.exe
        7⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28769.exe
        8⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33759.exe
        9⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 376
        9⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 376
        8⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 376
        7⤵
        Program crash
        
        PID:3636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 376
        6⤵
        Program crash
        
        PID:2644
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 376
        5⤵
        Program crash
        
        PID:2632
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 372
      4⤵
      Loads dropped DLL
      Program crash
      PID:2956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53542.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17227.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21249.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26729.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51166.exe
        9⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
        10⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        11⤵
        
        PID:8272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 376
        11⤵
        
        PID:8384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 376
        10⤵
        
        PID:7828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 376
        9⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 376
        8⤵
        Program crash
        
        PID:4068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 376
        7⤵
        Program crash
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21860.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3366.exe
        7⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        10⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 372
        10⤵
        
        PID:9500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 376
        9⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 368
        8⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 376
        7⤵
        
        PID:5496
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 376
        6⤵
        Program crash
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50392.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12945.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14284.exe
        7⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        8⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe
        9⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 376
        9⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 376
        8⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 376
        7⤵
        Program crash
        
        PID:3600
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 376
        6⤵
        Program crash
        
        PID:2344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 368
        5⤵
        Program crash
        
        PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42477.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12177.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59339.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19100.exe
        9⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55450.exe
        10⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11531.exe
        11⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 376
        10⤵
        
        PID:7664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 376
        9⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 376
        8⤵
        Program crash
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
        7⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        8⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47225.exe
        9⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39725.exe
        10⤵
        
        PID:10136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 376
        10⤵
        
        PID:10132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 376
        9⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 376
        8⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 376
        7⤵
        Program crash
        
        PID:4500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 376
        6⤵
        Program crash
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-288.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33169.exe
        6⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29895.exe
        7⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46546.exe
        8⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 376
        8⤵
        
        PID:9556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 376
        7⤵
        
        PID:7108
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 376
        6⤵
        Program crash
        
        PID:4076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 376
        5⤵
        Program crash
        
        PID:2112
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 364
      4⤵
      Program crash
      PID:1780
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8451.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8451.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24051.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12395.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47092.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
        9⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        10⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        11⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 376
        11⤵
        
        PID:9288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 376
        10⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 376
        9⤵
        Program crash
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 376
        8⤵
        Program crash
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35394.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        8⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
        9⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44143.exe
        10⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 380
        10⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 376
        9⤵
        
        PID:6436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 376
        8⤵
        Program crash
        
        PID:4164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 376
        7⤵
        Program crash
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4756.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48997.exe
        8⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        9⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        10⤵
        
        PID:9392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 376
        10⤵
        
        PID:10200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 376
        9⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 376
        8⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 368
        7⤵
        Program crash
        
        PID:3516
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 376
        6⤵
        Program crash
        
        PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24622.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
        7⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36350.exe
        8⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        9⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10166.exe
        10⤵
        
        PID:9536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 376
        9⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 376
        8⤵
        Program crash
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16484.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32277.exe
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        10⤵
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 368
        10⤵
        
        PID:8436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 376
        9⤵
        
        PID:5764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 376
        8⤵
        
        PID:5116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 376
        7⤵
        Program crash
        
        PID:4284
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 376
        6⤵
        Program crash
        
        PID:1760
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 376
        5⤵
        Program crash
        
        PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32624.exe
        5⤵
        Executes dropped EXE
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        7⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55686.exe
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        9⤵
        
        PID:8836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28782.exe
        10⤵
        
        PID:8968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 376
        10⤵
        
        PID:10100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 376
        9⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 376
        8⤵
        
        PID:6788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 376
        7⤵
        Program crash
        
        PID:4640
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 376
        6⤵
        Program crash
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57849.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20367.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4627.exe
        7⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33136.exe
        8⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23524.exe
        9⤵
        
        PID:9992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 376
        9⤵
        
        PID:9972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 376
        8⤵
        
        PID:1744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 376
        7⤵
        
        PID:5984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 376
        6⤵
        Program crash
        
        PID:3096
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 376
        5⤵
        Program crash
        
        PID:2656
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 376
      4⤵
      Program crash
      PID:1672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13142.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 376
        5⤵
        Program crash
        
        PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12758.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22396.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17217.exe
        7⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
        8⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
        9⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        10⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38639.exe
        11⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35034.exe
        12⤵
        
        PID:9788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 380
        12⤵
        
        PID:9808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 376
        11⤵
        
        PID:6524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 376
        10⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 368
        9⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25031.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51602.exe
        9⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61724.exe
        10⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe
        11⤵
        
        PID:9428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 368
        11⤵
        
        PID:10176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 376
        10⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe
        9⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
        10⤵
        
        PID:10024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 376
        10⤵
        
        PID:10020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 376
        9⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 376
        8⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7377.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19641.exe
        8⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45285.exe
        9⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
        10⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 376
        10⤵
        
        PID:10228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 376
        9⤵
        
        PID:9232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 376
        8⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 368
        7⤵
        Program crash
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46360.exe
        6⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36745.exe
        7⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        8⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
        9⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 380
        9⤵
        
        PID:9616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 376
        8⤵
        
        PID:7232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 376
        7⤵
        
        PID:5836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 376
        6⤵
        Program crash
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36158.exe
        6⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51228.exe
        7⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
        8⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46711.exe
        9⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        10⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 376
        10⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 376
        9⤵
        
        PID:7216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 368
        8⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 376
        7⤵
        
        PID:4924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 376
        6⤵
        Program crash
        
        PID:3156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 376
        5⤵
        Program crash
        
        PID:1860
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 368
      4⤵
      Program crash
      PID:2740
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1412
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 380
  2⤵
  - Program crash
  PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe

Filesize
184KB

MD5
e8999a7ce650b2d7c9a46eede1bd78ef

SHA1
032032f85092210b75902cdd86332965708c0dc9

SHA256
9ddff7ba0a5a557bc813a23438b1aa9bcdf6cea6a0a09f2bdfd2d9d02bb2fa22

SHA512
4b570f0b89e6c7075260a17c9f74e3bf33c4b6cabe2bca23530ac61237bfdddc6aa83a0ed8c86b70fb42c7c817a0461b29b2e41d36012d4645c72b155d1b9f48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27133.exe

Filesize
184KB

MD5
dd09440a496a7eb0d326c0cfcc6deb82

SHA1
29368d854d087bd21490ccde23fc0df8a647159f

SHA256
2766e6d0e81eb26d858ccab40dfe3d0748112af63e59e0ec0b947ac43868f14c

SHA512
b03e5ad7a84efa66c01eb38845af61bfc973db4f0ad97974236128bda3b65ac14e6d471aad2c0828a31c74fc43a8333725613ca7a973dad553531b1a4d2e47d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29038.exe

Filesize
184KB

MD5
5c5a0be35641222f08de74262fa20562

SHA1
1362ca600cf84bfde739af9a5e06fdb468f55174

SHA256
4913f65cd870a135b336d4cc404a3ca228d35e6d3851b724c47b040ffac358b7

SHA512
432e6becebb22751269c435a0f27e18b4be011d1a647a36111d9f0e1a219ba1ea661c64a9ab872a2906e884debdc99c6d6ce0f3531c88aa085e747cb4c60d687

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe

Filesize
184KB

MD5
a9555752b8a225bf2a27902d97742ae8

SHA1
04c8ebd0aa3787dd07e90b4de65a39d5061512fe

SHA256
4a88580829bf3eb1a4dce7dca26dee3d82d905fabf69a0ba25103aee31488ee7

SHA512
a00a8295ad01728319a85312abec65a7661d48e9a05af6f0d8f0eb563092584baa22fa7af0a3e063130d58ecc740da1135c022068e5d18cc6a5aced6c41a6d69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe

Filesize
184KB

MD5
2b95c28a845b4e0d3ecfdb92180cc82e

SHA1
8814d4a0e5f62867e578df229a3dc9a2ea44e84b

SHA256
afcdf7d68d7211be3f6c2080abf7c41034999171751b28bb4c66d306915eed6e

SHA512
300ec9f2762642cddf1f0b5cc94db768d34047a6272a55173be353a3593b9be08d7c171165569e0053cd5e01113e055b76d499d2555d103702813d54631aed19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8451.exe

Filesize
184KB

MD5
98e5979c0710c5f41e6766e0c18449bb

SHA1
08f8e79be77e11c5b99b03c4f8e4433058b7ec62

SHA256
9099209c5e206028152b5ca6a840d0e390149e204bbe8c79ff1cbef031c1fb55

SHA512
da69ac2a73b41cca7ec10eae71cc46d9bc22d4765b4f7da3d4c30d24953e02a7ab17bc677f0642fa953e6965dd62a040e446663427df2fdcc1aa60de2291f508

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe

Filesize
184KB

MD5
8f86258a0192eb723250a6f473bab661

SHA1
4395a557ae34d6ca3f623299bfb81d92f43a834c

SHA256
1e1eec780325308b5471f1dc60ff9f57651e5a6cf53ed151cf8698f61e535f3c

SHA512
c79db2c98c31ba59503414dff7c52f151d8bd12c5d487056734642f88d2a16b680035c9a4abb9c204bd369217fa4babd82c252d846bad75b99f09b7d93f50f83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24243.exe

Filesize
184KB

MD5
0798a85e2cbee744d2a80e62752bd0f1

SHA1
edefcddc1e496ce708481bbc06cfa71bcf380cf0

SHA256
a3e5f55c26c6a98ace9cbc027dc734d6505ac6be59b632e57c597a4c4b886897

SHA512
1832fb07c74f669bdbc5689ebbb8009e1557a0768caa8114c83f21c25051aa7f32dbf6e74ad76433f7c2acbc24140b48bd23c187227245fae3d8069cce6d223f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe

Filesize
184KB

MD5
4595469be9799d2b1bc4d642b429af2b

SHA1
924705f5fa249ff141856e9b191a27b87daa3456

SHA256
d1dc97878156e48a79d753edf823440bb8d184b71d2119ce85afafd620371a37

SHA512
175710edd20dda70c8144ec457c2e8e7d1acbe66155429380311348bc22670b3a870aed3e6341d6269a4892ad39bfb19c0be223d98a67661f431957442ed5f30

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33895.exe

Filesize
184KB

MD5
8779ad76277f0854f802f6fd461ebc01

SHA1
6a076cb8220fa75e1ca35cb492d7569f4d88446f

SHA256
98035dd3747785c1fbe4d0639b032eb9908b20996dceced33673b435736152be

SHA512
e35747c4a06b648e6fb3ceb24d9d9662fb3d3ece5c2ab84c77f1f7d74de07474e8568e1aa443635374016991a95c80a68d30e5445e32e836053c2085746a668c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34606.exe

Filesize
184KB

MD5
65e5ee5afa6ae0ef08bab8bfae50f012

SHA1
b6134e84a31c5ba5e38928cee54672c8064340d2

SHA256
651fa2e0857b629854d74d8b57d51886cce675d53ca690e63a5e47cffe691be5

SHA512
1fb971f5b3a73f5ab4bbfccffef1ba0956b8c91bce284def64997c805178e5ef5e902bc3a86fc06d31789bfd77417e2a1abd26dd2846b3729eab709f60c65a05

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe

Filesize
184KB

MD5
4d1676aebc4e7c15e7cba4998c5f36b4

SHA1
0919c7b9fac65e222faaf6631d9e1ccca81a4bd1

SHA256
70d6c2b1bd411dd800034e4ea331dd91886a8eb8cabfb180a6393e38a61bdaf1

SHA512
b9c9766097adecc8712c6d0a7600d5aa16fec1272f697ca9e36e9e4f4baa4b9835edeef732ff2c9c64318f05c547c2b8dceca3de2a3b9596e43d2c395dd0a42f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe

Filesize
184KB

MD5
785d9cbfa228f65fd6e83c573b513d7f

SHA1
d40ddb5e16d5a46e6ea24c09bc3ed786208ec6dc

SHA256
8f065c198a9308bec819df4f218edc5a0fe8b8cde67751e5df47d919e0d030bd

SHA512
0f68fce4b4f88727093e8518cdfd7f733956c1c5df1569692a5ca4cb90fb2086199b034cee2dd9cba3f400322bb94f391c3d8397a32f7f2d6e91c0824a257a62

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53542.exe

Filesize
184KB

MD5
054ff512a785de076276cf951495c89d

SHA1
37e5379417542e03648322229697e36476067a10

SHA256
0001f2dad2524e36f7a7c775d0603143f0b17f91361e3b2dbd00eea1492ef8cd

SHA512
cd13d6743714616df7d2e80ad512400e7441cc66a3e4e5051e8173c407ad1ebb980f0ea9db40cb8e7c48c3945e3d6b07e0cd84cc4898f5f608cb95534cf0aa24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62457.exe

Filesize
184KB

MD5
6db0795426feb94b0ef91e1d883d6882

SHA1
528bab0576cf1969929f9e89761c1028ba044813

SHA256
6706bc8f1f98c92f88533db9405850c2953f5de4e841f9b0c8ae0b4da096f54c

SHA512
00983a1ddd39d7c5108292eef1b8cff31950fd2e7fdab01ea9fda97d067cc83eb2072072fc7aff12b7e82d7869d4556091704626cce1438e3b8ee4f4a8104803

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads