e1f91af11d33523bccd12bd8890db729d4f5b60e9e11fadc88899f053a584698

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
04/04/2024, 23:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe
Size

192KB
MD5

c5074a162bc306efc0a89c83b301fcd1
SHA1

27fbb490669179eaec69a7d0f4b324269cb7a7c8
SHA256

e1f91af11d33523bccd12bd8890db729d4f5b60e9e11fadc88899f053a584698
SHA512

e29b0d46add1a7e478f0b1f1bbb8afc41d83a7098c40285373f19b806f7a282dfd74c5c23972c22c61a8d987337b96ab108beaac47ebe229e437bf5bf2b946dc
SSDEEP

3072:4c9pod96xo+D9yj9dn2zwAck65G6951LqcUxRiddNNlNvpF5:4cbokrD9id2zwASFIuNlNvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2124	Unicorn-48715.exe
2040	Unicorn-13795.exe
2556	Unicorn-6182.exe
2492	Unicorn-26877.exe
2704	Unicorn-64148.exe
2864	Unicorn-20101.exe
1092	Unicorn-28051.exe
1748	Unicorn-1408.exe
300	Unicorn-40665.exe
1120	Unicorn-56447.exe
1216	Unicorn-52918.exe
2928	Unicorn-52446.exe
2848	Unicorn-18190.exe
1604	Unicorn-5383.exe
2340	Unicorn-44854.exe
3016	Unicorn-53022.exe
2820	Unicorn-6514.exe
2968	Unicorn-57853.exe
1472	Unicorn-38632.exe
1928	Unicorn-17875.exe
668	Unicorn-36903.exe
1132	Unicorn-51616.exe
2912	Unicorn-10090.exe
1772	Unicorn-29311.exe
2152	Unicorn-42955.exe
1112	Unicorn-35149.exe
1564	Unicorn-18259.exe
2856	Unicorn-61237.exe
1944	Unicorn-10645.exe
320	Unicorn-30511.exe
2784	Unicorn-33033.exe
2800	Unicorn-64506.exe
2880	Unicorn-48191.exe
2104	Unicorn-52830.exe
792	Unicorn-19603.exe
2584	Unicorn-20157.exe
676	Unicorn-25441.exe
2716	Unicorn-45861.exe
1752	Unicorn-50137.exe
2932	Unicorn-49130.exe
2200	Unicorn-32239.exe
1080	Unicorn-32239.exe
2192	Unicorn-25825.exe
1448	Unicorn-25502.exe
620	Unicorn-41284.exe
2552	Unicorn-47890.exe
756	Unicorn-15217.exe
1964	Unicorn-60889.exe
2064	Unicorn-30162.exe
2072	Unicorn-35446.exe
2828	Unicorn-58559.exe
2140	Unicorn-51782.exe
1700	Unicorn-7433.exe
2244	Unicorn-15964.exe
2876	Unicorn-58388.exe
2000	Unicorn-41044.exe
1640	Unicorn-60910.exe
2692	Unicorn-5487.exe
2776	Unicorn-13655.exe
2224	Unicorn-12264.exe
2988	Unicorn-25092.exe
1792	Unicorn-12285.exe
2188	Unicorn-14615.exe
2964	Unicorn-26353.exe

Loads dropped DLL 64 IoCs

pid	Process
2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe
2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe
2124	Unicorn-48715.exe
2124	Unicorn-48715.exe
2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe
2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe
2124	Unicorn-48715.exe
2124	Unicorn-48715.exe
2040	Unicorn-13795.exe
2040	Unicorn-13795.exe
2556	Unicorn-6182.exe
2556	Unicorn-6182.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2492	Unicorn-26877.exe
2492	Unicorn-26877.exe
2864	Unicorn-20101.exe
2864	Unicorn-20101.exe
2556	Unicorn-6182.exe
2556	Unicorn-6182.exe
2704	Unicorn-64148.exe
2704	Unicorn-64148.exe
2040	Unicorn-13795.exe
2040	Unicorn-13795.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
576	WerFault.exe
1992	WerFault.exe
1092	Unicorn-28051.exe
1092	Unicorn-28051.exe
2492	Unicorn-26877.exe
2492	Unicorn-26877.exe
300	Unicorn-40665.exe
300	Unicorn-40665.exe
1120	Unicorn-56447.exe
1120	Unicorn-56447.exe
1216	Unicorn-52918.exe
1216	Unicorn-52918.exe
2704	Unicorn-64148.exe
2704	Unicorn-64148.exe
1748	Unicorn-1408.exe
1748	Unicorn-1408.exe
2864	Unicorn-20101.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2652	2196	WerFault.exe	27
2952	2124	WerFault.exe	28
576	2556	WerFault.exe	30
1992	2040	WerFault.exe	29
240	2492	WerFault.exe	32
932	2864	WerFault.exe	34
3024	2704	WerFault.exe	33
2404	1092	WerFault.exe	36
2484	300	WerFault.exe	38
2368	1120	WerFault.exe	39
656	1216	WerFault.exe	40
2604	1748	WerFault.exe	37
2052	1604	WerFault.exe	45
2844	2848	WerFault.exe	44
1284	2968	WerFault.exe	50
2476	3016	WerFault.exe	47
1892	1472	WerFault.exe	49
1444	2928	WerFault.exe	43
2344	2828	WerFault.exe	91
2976	1944	WerFault.exe	63
1412	2856	WerFault.exe	62
1200	1564	WerFault.exe	61
2920	1080	WerFault.exe	80
3000	1112	WerFault.exe	60
612	668	WerFault.exe	55
1644	2800	WerFault.exe	66
644	2152	WerFault.exe	59
2204	2820	WerFault.exe	48
392	2880	WerFault.exe	70
3076	2340	WerFault.exe	46
3128	2784	WerFault.exe	65
3208	1132	WerFault.exe	56
3304	320	WerFault.exe	64
3544	1928	WerFault.exe	54
3624	792	WerFault.exe	74
3672	2584	WerFault.exe	75
3752	1752	WerFault.exe	78
3796	1448	WerFault.exe	83
3820	1772	WerFault.exe	58
3896	2716	WerFault.exe	77
3920	1964	WerFault.exe	88
3984	2776	WerFault.exe	103
4024	2200	WerFault.exe	81
4072	2244	WerFault.exe	95
3120	2912	WerFault.exe	57
3244	2104	WerFault.exe	73
3276	2192	WerFault.exe	82
3588	676	WerFault.exe	76
3640	2224	WerFault.exe	104
4048	1700	WerFault.exe	94
3168	2552	WerFault.exe	86
3936	2988	WerFault.exe	106
4328	620	WerFault.exe	85
4480	2140	WerFault.exe	92
4524	2932	WerFault.exe	79
4596	2072	WerFault.exe	90
4716	2000	WerFault.exe	100
4740	2876	WerFault.exe	98
4844	756	WerFault.exe	87
4968	2392	WerFault.exe	114
5008	4140	WerFault.exe	173
5020	2568	WerFault.exe	116
4104	1044	WerFault.exe	121
4188	1876	WerFault.exe	122

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe
2124	Unicorn-48715.exe
2556	Unicorn-6182.exe
2040	Unicorn-13795.exe
2492	Unicorn-26877.exe
2864	Unicorn-20101.exe
2704	Unicorn-64148.exe
1092	Unicorn-28051.exe
1748	Unicorn-1408.exe
300	Unicorn-40665.exe
1120	Unicorn-56447.exe
1216	Unicorn-52918.exe
2928	Unicorn-52446.exe
2848	Unicorn-18190.exe
1604	Unicorn-5383.exe
2340	Unicorn-44854.exe
3016	Unicorn-53022.exe
1472	Unicorn-38632.exe
2820	Unicorn-6514.exe
2968	Unicorn-57853.exe
1928	Unicorn-17875.exe
668	Unicorn-36903.exe
1132	Unicorn-51616.exe
2912	Unicorn-10090.exe
1772	Unicorn-29311.exe
2152	Unicorn-42955.exe
1112	Unicorn-35149.exe
2856	Unicorn-61237.exe
1564	Unicorn-18259.exe
1944	Unicorn-10645.exe
320	Unicorn-30511.exe
2784	Unicorn-33033.exe
2800	Unicorn-64506.exe
2880	Unicorn-48191.exe
792	Unicorn-19603.exe
2104	Unicorn-52830.exe
2584	Unicorn-20157.exe
676	Unicorn-25441.exe
2716	Unicorn-45861.exe
1752	Unicorn-50137.exe
2932	Unicorn-49130.exe
1080	Unicorn-32239.exe
2200	Unicorn-32239.exe
2192	Unicorn-25825.exe
1448	Unicorn-25502.exe
620	Unicorn-41284.exe
2552	Unicorn-47890.exe
2064	Unicorn-30162.exe
1964	Unicorn-60889.exe
2140	Unicorn-51782.exe
756	Unicorn-15217.exe
2828	Unicorn-58559.exe
2072	Unicorn-35446.exe
1700	Unicorn-7433.exe
2244	Unicorn-15964.exe
2876	Unicorn-58388.exe
1640	Unicorn-60910.exe
2000	Unicorn-41044.exe
2692	Unicorn-5487.exe
2776	Unicorn-13655.exe
2224	Unicorn-12264.exe
2988	Unicorn-25092.exe
1792	Unicorn-12285.exe
2188	Unicorn-14615.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2124	2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe	28
PID 2196 wrote to memory of 2124	2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe	28
PID 2196 wrote to memory of 2124	2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe	28
PID 2196 wrote to memory of 2124	2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe	28
PID 2124 wrote to memory of 2040	2124	Unicorn-48715.exe	29
PID 2124 wrote to memory of 2040	2124	Unicorn-48715.exe	29
PID 2124 wrote to memory of 2040	2124	Unicorn-48715.exe	29
PID 2124 wrote to memory of 2040	2124	Unicorn-48715.exe	29
PID 2196 wrote to memory of 2556	2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe	30
PID 2196 wrote to memory of 2556	2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe	30
PID 2196 wrote to memory of 2556	2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe	30
PID 2196 wrote to memory of 2556	2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe	30
PID 2196 wrote to memory of 2652	2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe	31
PID 2196 wrote to memory of 2652	2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe	31
PID 2196 wrote to memory of 2652	2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe	31
PID 2196 wrote to memory of 2652	2196	c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe	31
PID 2124 wrote to memory of 2492	2124	Unicorn-48715.exe	32
PID 2124 wrote to memory of 2492	2124	Unicorn-48715.exe	32
PID 2124 wrote to memory of 2492	2124	Unicorn-48715.exe	32
PID 2124 wrote to memory of 2492	2124	Unicorn-48715.exe	32
PID 2040 wrote to memory of 2704	2040	Unicorn-13795.exe	33
PID 2040 wrote to memory of 2704	2040	Unicorn-13795.exe	33
PID 2040 wrote to memory of 2704	2040	Unicorn-13795.exe	33
PID 2040 wrote to memory of 2704	2040	Unicorn-13795.exe	33
PID 2556 wrote to memory of 2864	2556	Unicorn-6182.exe	34
PID 2556 wrote to memory of 2864	2556	Unicorn-6182.exe	34
PID 2556 wrote to memory of 2864	2556	Unicorn-6182.exe	34
PID 2556 wrote to memory of 2864	2556	Unicorn-6182.exe	34
PID 2124 wrote to memory of 2952	2124	Unicorn-48715.exe	35
PID 2124 wrote to memory of 2952	2124	Unicorn-48715.exe	35
PID 2124 wrote to memory of 2952	2124	Unicorn-48715.exe	35
PID 2124 wrote to memory of 2952	2124	Unicorn-48715.exe	35
PID 2492 wrote to memory of 1092	2492	Unicorn-26877.exe	36
PID 2492 wrote to memory of 1092	2492	Unicorn-26877.exe	36
PID 2492 wrote to memory of 1092	2492	Unicorn-26877.exe	36
PID 2492 wrote to memory of 1092	2492	Unicorn-26877.exe	36
PID 2864 wrote to memory of 1748	2864	Unicorn-20101.exe	37
PID 2864 wrote to memory of 1748	2864	Unicorn-20101.exe	37
PID 2864 wrote to memory of 1748	2864	Unicorn-20101.exe	37
PID 2864 wrote to memory of 1748	2864	Unicorn-20101.exe	37
PID 2556 wrote to memory of 300	2556	Unicorn-6182.exe	38
PID 2556 wrote to memory of 300	2556	Unicorn-6182.exe	38
PID 2556 wrote to memory of 300	2556	Unicorn-6182.exe	38
PID 2556 wrote to memory of 300	2556	Unicorn-6182.exe	38
PID 2704 wrote to memory of 1120	2704	Unicorn-64148.exe	39
PID 2704 wrote to memory of 1120	2704	Unicorn-64148.exe	39
PID 2704 wrote to memory of 1120	2704	Unicorn-64148.exe	39
PID 2704 wrote to memory of 1120	2704	Unicorn-64148.exe	39
PID 2040 wrote to memory of 1216	2040	Unicorn-13795.exe	40
PID 2040 wrote to memory of 1216	2040	Unicorn-13795.exe	40
PID 2040 wrote to memory of 1216	2040	Unicorn-13795.exe	40
PID 2040 wrote to memory of 1216	2040	Unicorn-13795.exe	40
PID 2556 wrote to memory of 576	2556	Unicorn-6182.exe	41
PID 2556 wrote to memory of 576	2556	Unicorn-6182.exe	41
PID 2556 wrote to memory of 576	2556	Unicorn-6182.exe	41
PID 2556 wrote to memory of 576	2556	Unicorn-6182.exe	41
PID 2040 wrote to memory of 1992	2040	Unicorn-13795.exe	42
PID 2040 wrote to memory of 1992	2040	Unicorn-13795.exe	42
PID 2040 wrote to memory of 1992	2040	Unicorn-13795.exe	42
PID 2040 wrote to memory of 1992	2040	Unicorn-13795.exe	42
PID 1092 wrote to memory of 2928	1092	Unicorn-28051.exe	43
PID 1092 wrote to memory of 2928	1092	Unicorn-28051.exe	43
PID 1092 wrote to memory of 2928	1092	Unicorn-28051.exe	43
PID 1092 wrote to memory of 2928	1092	Unicorn-28051.exe	43

C:\Users\Admin\AppData\Local\Temp\c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\c5074a162bc306efc0a89c83b301fcd1_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44854.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5487.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40101.exe
        10⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5861.exe
        11⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
        12⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30042.exe
        13⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe
        14⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24230.exe
        15⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
        16⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 376
        16⤵
        
        PID:10368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 376
        15⤵
        
        PID:9440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 376
        14⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 376
        13⤵
        
        PID:8048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 376
        12⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 376
        11⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 380
        10⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 380
        9⤵
        Program crash
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12264.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27574.exe
        9⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2358.exe
        10⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
        11⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 220
        12⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 376
        11⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 376
        10⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 376
        9⤵
        Program crash
        
        PID:3640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 380
        8⤵
        Program crash
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49130.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51886.exe
        8⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        9⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-991.exe
        10⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29227.exe
        11⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
        12⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
        13⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
        14⤵
        
        PID:9492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 380
        14⤵
        
        PID:10272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 368
        13⤵
        
        PID:9432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 376
        12⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 376
        11⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 376
        10⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 376
        9⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 376
        8⤵
        Program crash
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 376
        7⤵
        Program crash
        
        PID:3076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35149.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
        8⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        9⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        10⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19461.exe
        11⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        12⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46980.exe
        13⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39622.exe
        14⤵
        
        PID:9940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 368
        14⤵
        
        PID:9532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 376
        13⤵
        
        PID:9344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 380
        12⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 372
        11⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 376
        10⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 376
        9⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 380
        8⤵
        Program crash
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 376
        7⤵
        Program crash
        
        PID:3000
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 380
        6⤵
        Program crash
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6514.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        8⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48757.exe
        9⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31225.exe
        10⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe
        11⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26145.exe
        12⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        13⤵
        
        PID:8560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
        14⤵
        
        PID:10164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 376
        14⤵
        
        PID:9280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 376
        13⤵
        
        PID:9644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 376
        12⤵
        
        PID:8200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 376
        11⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 376
        10⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 376
        9⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 376
        8⤵
        Program crash
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 376
        7⤵
        Program crash
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 380
        6⤵
        Program crash
        
        PID:2204
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 376
        5⤵
        Program crash
        
        PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5954.exe
        8⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
        11⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe
        12⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62709.exe
        13⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42320.exe
        14⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15117.exe
        15⤵
        
        PID:10016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 376
        15⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 376
        14⤵
        
        PID:9244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 380
        13⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 376
        12⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 376
        11⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 376
        10⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 380
        9⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 376
        8⤵
        Program crash
        
        PID:3168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 376
        7⤵
        Program crash
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14615.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
        8⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17787.exe
        9⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11764.exe
        10⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63098.exe
        11⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26337.exe
        12⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8272.exe
        13⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4811.exe
        14⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 380
        14⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 376
        13⤵
        
        PID:9880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 376
        12⤵
        
        PID:8476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 376
        11⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 376
        10⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 376
        9⤵
        
        PID:6516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 376
        8⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 376
        7⤵
        Program crash
        
        PID:3920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 376
        6⤵
        Program crash
        
        PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10645.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 244
        7⤵
        Program crash
        
        PID:2920
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 376
        6⤵
        Program crash
        
        PID:2976
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 368
        5⤵
        Program crash
        
        PID:656
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 376
      4⤵
      Loads dropped DLL
      Program crash
      PID:1992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26877.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17875.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7433.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37880.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
        10⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53500.exe
        11⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10887.exe
        12⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
        13⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        14⤵
        
        PID:8564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37162.exe
        15⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
        16⤵
        
        PID:9952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 376
        15⤵
        
        PID:10032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 376
        14⤵
        
        PID:9012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 376
        13⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 376
        12⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 376
        11⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 372
        10⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 376
        9⤵
        Program crash
        
        PID:4048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 376
        8⤵
        Program crash
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 224
        8⤵
        Program crash
        
        PID:4072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 376
        7⤵
        Program crash
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52830.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60993.exe
        7⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48051.exe
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
        9⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 240
        10⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 376
        9⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 376
        8⤵
        Program crash
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 376
        7⤵
        Program crash
        
        PID:3244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 372
        6⤵
        Program crash
        
        PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36903.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25441.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
        8⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57397.exe
        9⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5285.exe
        10⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41723.exe
        11⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        12⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51863.exe
        13⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58568.exe
        14⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2071.exe
        15⤵
        
        PID:9580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 376
        15⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 376
        14⤵
        
        PID:10064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 376
        13⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 376
        12⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 380
        11⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 376
        10⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 376
        9⤵
        Program crash
        
        PID:4188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 372
        8⤵
        Program crash
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38387.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4496.exe
        8⤵
        
        PID:4252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51170.exe
        9⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60280.exe
        10⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 224
        11⤵
        
        PID:7656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 376
        10⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 376
        9⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 376
        8⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 376
        7⤵
        Program crash
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25092.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4055.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        8⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
        9⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 224
        10⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 380
        9⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 376
        8⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 376
        7⤵
        Program crash
        
        PID:3936
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 380
        6⤵
        Program crash
        
        PID:612
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 380
        5⤵
        Program crash
        
        PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18190.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24149.exe
        8⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        9⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55345.exe
        10⤵
        
        PID:6344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 224
        11⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 380
        10⤵
        
        PID:2756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 368
        9⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 376
        8⤵
        Program crash
        
        PID:4740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 376
        7⤵
        Program crash
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7537.exe
        7⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9478.exe
        8⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61759.exe
        9⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        10⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
        11⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33960.exe
        12⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
        13⤵
        
        PID:9908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 380
        13⤵
        
        PID:10180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 372
        12⤵
        
        PID:9252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 376
        11⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 372
        10⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 376
        9⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 376
        8⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 376
        7⤵
        Program crash
        
        PID:4716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 376
        6⤵
        Program crash
        
        PID:3208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20157.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32893.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
        8⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46575.exe
        9⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15459.exe
        10⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53124.exe
        11⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-156.exe
        12⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
        13⤵
        
        PID:10080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 368
        13⤵
        
        PID:9984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 376
        12⤵
        
        PID:9796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 372
        11⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 376
        10⤵
        
        PID:7684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 380
        9⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 376
        8⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 376
        7⤵
        
        PID:4984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 376
        6⤵
        Program crash
        
        PID:3672
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 376
        5⤵
        Program crash
        
        PID:2844
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 368
      4⤵
      Program crash
      PID:240
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33033.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64330.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46380.exe
        9⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
        10⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
        11⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21630.exe
        12⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53358.exe
        13⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28330.exe
        14⤵
        
        PID:10232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 376
        14⤵
        
        PID:2400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 376
        13⤵
        
        PID:9448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 380
        12⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 372
        11⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 376
        10⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 368
        9⤵
        
        PID:5844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 376
        8⤵
        Program crash
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 372
        7⤵
        Program crash
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        7⤵
        Program crash
        
        PID:2344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 376
        6⤵
        Program crash
        
        PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51782.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe
        7⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25384.exe
        8⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
        9⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
        10⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
        11⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28615.exe
        12⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
        13⤵
        
        PID:10108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 376
        13⤵
        
        PID:9936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 376
        12⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 380
        11⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 376
        10⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 376
        9⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 376
        8⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 380
        7⤵
        Program crash
        
        PID:4480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 376
        6⤵
        Program crash
        
        PID:1644
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 376
        5⤵
        Program crash
        
        PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61237.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30651.exe
        7⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14802.exe
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8492.exe
        9⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
        10⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42870.exe
        11⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe
        12⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44583.exe
        13⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4012.exe
        14⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 376
        13⤵
        
        PID:10188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 376
        12⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 380
        11⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 376
        10⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 380
        9⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 376
        8⤵
        Program crash
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 376
        7⤵
        Program crash
        
        PID:3276
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 376
        6⤵
        Program crash
        
        PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
        7⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 220
        8⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 376
        7⤵
        
        PID:4540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 368
        6⤵
        Program crash
        
        PID:3796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 376
        5⤵
        Program crash
        
        PID:1284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 376
      4⤵
      Program crash
      PID:932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5383.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10090.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32405.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
        8⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9810.exe
        9⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42574.exe
        10⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14364.exe
        11⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        12⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        13⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
        14⤵
        
        PID:9776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 376
        14⤵
        
        PID:10376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 376
        13⤵
        
        PID:9676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 376
        12⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 380
        11⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 380
        10⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 376
        9⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 376
        8⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 376
        7⤵
        Program crash
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49488.exe
        6⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        7⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 240
        8⤵
        Program crash
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 376
        7⤵
        Program crash
        
        PID:4968
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 376
        6⤵
        Program crash
        
        PID:3120
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 248
        5⤵
        Program crash
        
        PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46219.exe
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53505.exe
        7⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-791.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        9⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54219.exe
        10⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26337.exe
        11⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        12⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46228.exe
        13⤵
        
        PID:10208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 376
        13⤵
        
        PID:10280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 372
        12⤵
        
        PID:9524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 380
        11⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 380
        10⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 376
        9⤵
        
        PID:7636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 380
        8⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 368
        7⤵
        
        PID:4120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 376
        6⤵
        Program crash
        
        PID:3896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26353.exe
        5⤵
        Executes dropped EXE
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32317.exe
        6⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33080.exe
        7⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41998.exe
        8⤵
        
        PID:7056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 224
        9⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 376
        8⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 376
        7⤵
        
        PID:5428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 376
        6⤵
        
        PID:4656
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 368
        5⤵
        Program crash
        
        PID:3820
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 380
      4⤵
      Program crash
      PID:2484
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 364
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:576
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 380
  2⤵
  - Program crash
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1408.exe

Filesize
192KB

MD5
c512f893dd07e9027e0c044e15ad00e1

SHA1
8f73ff6fb38ee986d6ffde371fe988ad39c62c28

SHA256
55d92f250765e030eedc9af19b60b0ad2eb46569272f4a64fca61c002d6fe2cf

SHA512
e018884ea35379de246e7c0a0ecc09ec39583567b9a97085a774cdda2cf87de47a05a071188e8e2df8a18dd3d018fcd48d6b78478b68ce2429a64ec93c483b8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20101.exe

Filesize
192KB

MD5
a23921a8babf7a4789bd38817e6a55d9

SHA1
0947239c7f32db2468ee4005b27ecbaa509234e1

SHA256
4925fbb58ebb7e8903865199d827ccd4e2d13dcea9e36f6fb31d1281ee8ea94d

SHA512
3949e42276a5c9c7dadf63eecba69b811b458dc4021006c70749c07751422133c7b947321b412dda10aaf827b897f619d8d7fd8e4a41de50cca4221f9db80a07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23872.exe

Filesize
192KB

MD5
cb2059eebe83c6f91663f074ebe359e7

SHA1
69d393075c87e8037cae8239fb1f2bb62324a67a

SHA256
479ca34b57544f989cc6208a1f71f38b4ea4c89ec3b7aa709743b7c1dff65640

SHA512
412887807cb74ca534588411f60c0ee7af7e10337d9ee083e83dec665a23c477ec74e1f0da980d02963eadb3e42b514888c868575dd45e42c4d0e0d2924e0cdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe

Filesize
192KB

MD5
ac7416c0a8e1562c52359a77253e3e9c

SHA1
32109929c6cc90822549b3b099cf985427c11984

SHA256
e75bc2e04aaa5c40a0cf613a7d3cdbe4242f277ce385162a620b85c56ec308de

SHA512
eb7287f84b76cc7740495bd405045dc8c85cdb7edf2ae8ed8f11423aa36c1b706dae8d216a4c7f647c99cc12eff9371a333afedf5d2c30a79955ccb2e1fe244c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe

Filesize
192KB

MD5
33700f3017425dc2430892541f5e8fa1

SHA1
95cb32b3ffbd8ca27e95174f4202a4bcf786b4c9

SHA256
33526d5d7fc1e3e3e920941614443b565460a93a9d271be48c49925314e496fc

SHA512
dd648180733bd2fb29b2e2c2c3432d9bcfa52d4cd901d051dde9b5c6cce23ddde2d4e7b7a4a76f8478425f2ec02f5bac3816191822290d0058abdf363d90cfd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6193.exe

Filesize
192KB

MD5
51fe0ca5073e17689d735231e23d793a

SHA1
944a5098951eca938afed5cdab7c79d9240ada45

SHA256
cc669166ac1377488033140c9d9767687232d0a297a5a510f2e6acbe727e573d

SHA512
4337540d9a0deb982e0ffd7bec4969dd347c9857f2690bb20044b57b603a2e2461a7bee440e2e816a34e84c9552bb11c4c37a444681adaefbb51be4dcfea7d08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe

Filesize
192KB

MD5
0771f55684348de1695b0adaffb5ad6f

SHA1
8863fbeee9c9f1687a551d464342926004efea2a

SHA256
ef0fd74085d69880519cfde46acbb65d060a6b3d63a4270e8e2589be0513f48b

SHA512
107c760297dace85a27f81acb54a8ed6397099f142e52e07ec6bcec5324baa3dcc8d78227518ca1efcb634b785fa83fa62264f283e5b0dbd4b2b2fb349ad4940

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9810.exe

Filesize
192KB

MD5
59422341bfdf24333a540ce37c17812a

SHA1
9827db4ea2943d62f55a9d5ebdabb70d3f9d6e61

SHA256
309b8a41334b1b2717216af285268e45fc14944cd0237407348b31bdcb9cb48e

SHA512
97c1387434308676f06b7c6122c55d310488c006f698922cd022d453ac09b4a512f375076418988518c41380b438d590e2337d14c677d916fd493fa4a9889e82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13795.exe

Filesize
192KB

MD5
f71d77a351e48c1dfed0fe2ac7b7eb2f

SHA1
20ab222f6a78fa0a67962d87f4f9200e50146274

SHA256
9516d12436bc35ff5a0e3d513bff9839a6d248db921b31b6940bb3b01d4368bb

SHA512
625518550e9ac82c00a1941adc114c1c6227b9cea5c6c2f84f564bc9851f6328a220b668cccbab6c41839b73e501fd6b952aca78583922d2932f4b52f6a5fb67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26877.exe

Filesize
192KB

MD5
5615f6cc019ab4a22b51acbaf3c75627

SHA1
f42ab99528782bcc67e5944042abf4ca6f300dd9

SHA256
0130444e414ed644ea856d87a83b1df252eb1e52c5bced05a061efbe1125ba05

SHA512
d43499b478004e52453324f45ecac86c2ad79f55c27e3835c781fef40262e449e07450de85f63915239d86ea99fa70e919b97b2b74a4aca98fb8559bd00f6466

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe

Filesize
192KB

MD5
b6882d1c5f3fb782e2b07537c528a4e0

SHA1
63085ead96a5432ae5b0d4617df782d8c2194d32

SHA256
9488c4d2e8477a7d504eb5275ab75dc57d012bd3b998409a05309c73bba3baf0

SHA512
ddabfe63f472a5cb26d8d72f78045c253caa1bde52157721f55d59229c908984a7f9b3e36bb7f73da2d54dfc048d809ae715ab44ed21e17d98a12abf24cf80eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40665.exe

Filesize
192KB

MD5
4287edfa29220a5a9b03237c5ab1cabb

SHA1
8f328c1f05dfdd27f799853f6eb262018e041596

SHA256
63a9c105d3e8aab1734363051e4912af83ff149e2ed9ec7c087ea34634156117

SHA512
03588eac2c3a95bf1e02b93c0d082265f6b9500ad17af534085d4a70c1fbc4f13bf8bbe1ddf93d957758c604d938961c5ce41220c82c917d1fe87bd062466ead

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48715.exe

Filesize
192KB

MD5
f2bfca637a29f616e56d3c3081ab6ac6

SHA1
e8bc648e7da1b012e0d382577e84608fd30b86c0

SHA256
06a327ad06e373197c9b9695102a95b43046be0113dc585b07835270edc64f4b

SHA512
d553581d3036504e534e32ad1e23ade68fe1646b9a116e4e9243b4fa30caa25ce8db81cdeadf38129dc6a7503b26f9428707902c43532cedb7c45649d98e6910

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe

Filesize
192KB

MD5
1a82c17922b24e7b8c7d0c35db9e5ef7

SHA1
0bbf4e0c9310b8e1ea8d77b16666a4c607029bc5

SHA256
6aaa48063e6173741cfd0cd1aad23210526e33dc063c531284f752ba0dbc308a

SHA512
1666f7752ac1ab15db83ad2f965b2913465c43b9c1a5b5adc9d9c18262ffc27b5fb585a8dca29cfdf0a398679187a3ed453c225eabe4f6a00e88617afa6e231c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe

Filesize
192KB

MD5
9222555faeef4e4daf631c9f11299fca

SHA1
c995811965924fd8f3463a42ec43e4c0896409dc

SHA256
32c98d87ec7655e38bf7b3192d280a1a5a2c986586d4e74abfb4e9b835d0542c

SHA512
8492d47d0d25728ece5b4024294080f71a59a4aa881e24d1645e63ab9d2cb72dd7336d73a41f44dae028a194d0beb2f891847c9ee78295b09ffeab99c4fbf116

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6182.exe

Filesize
192KB

MD5
fc824e99e3cc16ebe55f8b8809c5f1df

SHA1
c0d7dd96fe69cd98ada270a138bc5f715e129b42

SHA256
489214715f9a084d270981d119d26e03b5cf811ad559eb0ab1c8ca0904d479dc

SHA512
0bea015980dee8a592bda6158f0b3d4831edfc802d680ddb20538e53769524b7838566d28e57c6dc572f0ee52ba4b5c294414536b0b14aea9ed31012b5406e19

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads