883bcdfbaf159ea6a549c73c74cd4d7534b1fc58b95ef013e7bc3018d07198b0

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/04/2024, 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe
Size

184KB
MD5

f4918c9883a0c55175557d35985b2e5b
SHA1

ed20f68ee96b6c11965a337c3e4439c60b9f2c2e
SHA256

883bcdfbaf159ea6a549c73c74cd4d7534b1fc58b95ef013e7bc3018d07198b0
SHA512

6726332fa0fff4e29b7e1156f9ee081dab3e6e7373687361b6f80fc66e6d1c9e9fe58e32315f7d8030feebed4519de45eb8486491d5d39cac1654c85459619a3
SSDEEP

3072:aSDgozB5fhAXryjxdli0r8Fp25d64ZfFQcSx8YID6NlPvpF8:aSkovOXrido0r8wN5QNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2344	Unicorn-29328.exe
2612	Unicorn-33495.exe
2940	Unicorn-60500.exe
2936	Unicorn-18996.exe
2732	Unicorn-46385.exe
2680	Unicorn-12965.exe
1380	Unicorn-43282.exe
568	Unicorn-24808.exe
2512	Unicorn-48113.exe
2604	Unicorn-10609.exe
1372	Unicorn-25554.exe
3032	Unicorn-33251.exe
1616	Unicorn-9301.exe
2080	Unicorn-16723.exe
596	Unicorn-30105.exe
2924	Unicorn-27413.exe
1712	Unicorn-770.exe
2372	Unicorn-58886.exe
2128	Unicorn-13214.exe
1892	Unicorn-6463.exe
2900	Unicorn-10547.exe
564	Unicorn-56219.exe
3000	Unicorn-47496.exe
1460	Unicorn-52711.exe
3056	Unicorn-48072.exe
1572	Unicorn-19292.exe
2244	Unicorn-19292.exe
1676	Unicorn-64792.exe
1596	Unicorn-44927.exe
3012	Unicorn-42234.exe
1640	Unicorn-26452.exe
2912	Unicorn-42980.exe
2172	Unicorn-57392.exe
1336	Unicorn-13022.exe
812	Unicorn-6245.exe
2212	Unicorn-10692.exe
2052	Unicorn-30558.exe
1152	Unicorn-31627.exe
1620	Unicorn-9452.exe
2108	Unicorn-40733.exe
2780	Unicorn-42317.exe
528	Unicorn-42871.exe
2316	Unicorn-44839.exe
2964	Unicorn-18943.exe
1568	Unicorn-46977.exe
612	Unicorn-52815.exe
544	Unicorn-59592.exe
1608	Unicorn-54953.exe
3040	Unicorn-41139.exe
2504	Unicorn-33333.exe
1056	Unicorn-24611.exe
2744	Unicorn-47745.exe
2252	Unicorn-14579.exe
1656	Unicorn-49390.exe
324	Unicorn-47807.exe
2920	Unicorn-18472.exe
304	Unicorn-26832.exe
1156	Unicorn-63972.exe
592	Unicorn-30506.exe
2976	Unicorn-55010.exe
1604	Unicorn-59286.exe
2928	Unicorn-59971.exe
2972	Unicorn-2602.exe
3096	Unicorn-15875.exe

Loads dropped DLL 64 IoCs

pid	Process
1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe
1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe
2344	Unicorn-29328.exe
1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe
2344	Unicorn-29328.exe
1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe
2612	Unicorn-33495.exe
2612	Unicorn-33495.exe
2344	Unicorn-29328.exe
2344	Unicorn-29328.exe
2940	Unicorn-60500.exe
2940	Unicorn-60500.exe
2104	WerFault.exe
2104	WerFault.exe
2104	WerFault.exe
2104	WerFault.exe
2104	WerFault.exe
2104	WerFault.exe
2104	WerFault.exe
2104	WerFault.exe
2104	WerFault.exe
2732	Unicorn-46385.exe
2732	Unicorn-46385.exe
2936	Unicorn-18996.exe
2936	Unicorn-18996.exe
2612	Unicorn-33495.exe
2612	Unicorn-33495.exe
2680	Unicorn-12965.exe
2680	Unicorn-12965.exe
2940	Unicorn-60500.exe
2940	Unicorn-60500.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
1380	Unicorn-43282.exe
2732	Unicorn-46385.exe
1380	Unicorn-43282.exe
2732	Unicorn-46385.exe
568	Unicorn-24808.exe
568	Unicorn-24808.exe
2936	Unicorn-18996.exe
2936	Unicorn-18996.exe
1372	Unicorn-25554.exe
1372	Unicorn-25554.exe
2604	Unicorn-10609.exe
2604	Unicorn-10609.exe
2680	Unicorn-12965.exe
2680	Unicorn-12965.exe
2512	Unicorn-48113.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2528	1716	WerFault.exe	27
2104	2344	WerFault.exe	28
2240	2612	WerFault.exe	29
948	2940	WerFault.exe	30
1828	2732	WerFault.exe	33
1584	2936	WerFault.exe	32
1824	2680	WerFault.exe	34
2600	1380	WerFault.exe	36
2664	568	WerFault.exe	37
888	1372	WerFault.exe	40
1180	2512	WerFault.exe	38
2520	2604	WerFault.exe	39
2360	2080	WerFault.exe	45
2580	1712	WerFault.exe	48
584	3032	WerFault.exe	43
2408	2924	WerFault.exe	47
2032	1616	WerFault.exe	44
968	1892	WerFault.exe	54
704	3000	WerFault.exe	57
1228	564	WerFault.exe	55
860	2128	WerFault.exe	50
2764	1640	WerFault.exe	65
1512	2900	WerFault.exe	56
1780	1596	WerFault.exe	62
2056	3056	WerFault.exe	59
2636	2912	WerFault.exe	66
3060	2372	WerFault.exe	49
2776	1460	WerFault.exe	58
3188	528	WerFault.exe	83
3196	596	WerFault.exe	46
3244	2212	WerFault.exe	76
3332	1676	WerFault.exe	63
3436	1572	WerFault.exe	61
3648	3012	WerFault.exe	64
3696	2244	WerFault.exe	60
3712	2964	WerFault.exe	85
3720	2316	WerFault.exe	84
3792	1336	WerFault.exe	73
3956	812	WerFault.exe	74
3996	2780	WerFault.exe	82
4004	1608	WerFault.exe	89
4064	544	WerFault.exe	88
4080	2052	WerFault.exe	77
3400	2172	WerFault.exe	71
3472	612	WerFault.exe	87
3596	1620	WerFault.exe	80
3748	1056	WerFault.exe	93
3868	2504	WerFault.exe	92
3632	2252	WerFault.exe	99
3756	2108	WerFault.exe	81
3572	2920	WerFault.exe	102
3816	2744	WerFault.exe	95
4152	1152	WerFault.exe	78
4180	3040	WerFault.exe	90
4440	1656	WerFault.exe	100
4484	1568	WerFault.exe	86
4296	324	WerFault.exe	101
4416	1156	WerFault.exe	104
4676	304	WerFault.exe	103
4756	592	WerFault.exe	112
4784	2976	WerFault.exe	114
4928	1604	WerFault.exe	115
4948	4616	WerFault.exe	167
4960	2928	WerFault.exe	117

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe
2344	Unicorn-29328.exe
2612	Unicorn-33495.exe
2940	Unicorn-60500.exe
2936	Unicorn-18996.exe
2732	Unicorn-46385.exe
2680	Unicorn-12965.exe
1380	Unicorn-43282.exe
2512	Unicorn-48113.exe
568	Unicorn-24808.exe
1372	Unicorn-25554.exe
2604	Unicorn-10609.exe
3032	Unicorn-33251.exe
1616	Unicorn-9301.exe
2080	Unicorn-16723.exe
596	Unicorn-30105.exe
2924	Unicorn-27413.exe
1712	Unicorn-770.exe
2372	Unicorn-58886.exe
2128	Unicorn-13214.exe
2900	Unicorn-10547.exe
1892	Unicorn-6463.exe
564	Unicorn-56219.exe
3000	Unicorn-47496.exe
1460	Unicorn-52711.exe
3056	Unicorn-48072.exe
1572	Unicorn-19292.exe
2244	Unicorn-19292.exe
1676	Unicorn-64792.exe
1596	Unicorn-44927.exe
3012	Unicorn-42234.exe
1640	Unicorn-26452.exe
2912	Unicorn-42980.exe
2172	Unicorn-57392.exe
812	Unicorn-6245.exe
1336	Unicorn-13022.exe
2052	Unicorn-30558.exe
2212	Unicorn-10692.exe
1152	Unicorn-31627.exe
1620	Unicorn-9452.exe
2780	Unicorn-42317.exe
2108	Unicorn-40733.exe
528	Unicorn-42871.exe
2316	Unicorn-44839.exe
2964	Unicorn-18943.exe
1568	Unicorn-46977.exe
612	Unicorn-52815.exe
544	Unicorn-59592.exe
1608	Unicorn-54953.exe
3040	Unicorn-41139.exe
2504	Unicorn-33333.exe
1056	Unicorn-24611.exe
2744	Unicorn-47745.exe
1656	Unicorn-49390.exe
2252	Unicorn-14579.exe
324	Unicorn-47807.exe
304	Unicorn-26832.exe
2920	Unicorn-18472.exe
1156	Unicorn-63972.exe
592	Unicorn-30506.exe
1604	Unicorn-59286.exe
2976	Unicorn-55010.exe
2928	Unicorn-59971.exe
2972	Unicorn-2602.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2344	1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe	28
PID 1716 wrote to memory of 2344	1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe	28
PID 1716 wrote to memory of 2344	1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe	28
PID 1716 wrote to memory of 2344	1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe	28
PID 2344 wrote to memory of 2612	2344	Unicorn-29328.exe	29
PID 2344 wrote to memory of 2612	2344	Unicorn-29328.exe	29
PID 2344 wrote to memory of 2612	2344	Unicorn-29328.exe	29
PID 2344 wrote to memory of 2612	2344	Unicorn-29328.exe	29
PID 1716 wrote to memory of 2940	1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe	30
PID 1716 wrote to memory of 2940	1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe	30
PID 1716 wrote to memory of 2940	1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe	30
PID 1716 wrote to memory of 2940	1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe	30
PID 1716 wrote to memory of 2528	1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe	31
PID 1716 wrote to memory of 2528	1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe	31
PID 1716 wrote to memory of 2528	1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe	31
PID 1716 wrote to memory of 2528	1716	f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe	31
PID 2612 wrote to memory of 2936	2612	Unicorn-33495.exe	32
PID 2612 wrote to memory of 2936	2612	Unicorn-33495.exe	32
PID 2612 wrote to memory of 2936	2612	Unicorn-33495.exe	32
PID 2612 wrote to memory of 2936	2612	Unicorn-33495.exe	32
PID 2344 wrote to memory of 2732	2344	Unicorn-29328.exe	33
PID 2344 wrote to memory of 2732	2344	Unicorn-29328.exe	33
PID 2344 wrote to memory of 2732	2344	Unicorn-29328.exe	33
PID 2344 wrote to memory of 2732	2344	Unicorn-29328.exe	33
PID 2940 wrote to memory of 2680	2940	Unicorn-60500.exe	34
PID 2940 wrote to memory of 2680	2940	Unicorn-60500.exe	34
PID 2940 wrote to memory of 2680	2940	Unicorn-60500.exe	34
PID 2940 wrote to memory of 2680	2940	Unicorn-60500.exe	34
PID 2344 wrote to memory of 2104	2344	Unicorn-29328.exe	35
PID 2344 wrote to memory of 2104	2344	Unicorn-29328.exe	35
PID 2344 wrote to memory of 2104	2344	Unicorn-29328.exe	35
PID 2344 wrote to memory of 2104	2344	Unicorn-29328.exe	35
PID 2732 wrote to memory of 1380	2732	Unicorn-46385.exe	36
PID 2732 wrote to memory of 1380	2732	Unicorn-46385.exe	36
PID 2732 wrote to memory of 1380	2732	Unicorn-46385.exe	36
PID 2732 wrote to memory of 1380	2732	Unicorn-46385.exe	36
PID 2936 wrote to memory of 568	2936	Unicorn-18996.exe	37
PID 2936 wrote to memory of 568	2936	Unicorn-18996.exe	37
PID 2936 wrote to memory of 568	2936	Unicorn-18996.exe	37
PID 2936 wrote to memory of 568	2936	Unicorn-18996.exe	37
PID 2612 wrote to memory of 2512	2612	Unicorn-33495.exe	38
PID 2612 wrote to memory of 2512	2612	Unicorn-33495.exe	38
PID 2612 wrote to memory of 2512	2612	Unicorn-33495.exe	38
PID 2612 wrote to memory of 2512	2612	Unicorn-33495.exe	38
PID 2680 wrote to memory of 2604	2680	Unicorn-12965.exe	39
PID 2680 wrote to memory of 2604	2680	Unicorn-12965.exe	39
PID 2680 wrote to memory of 2604	2680	Unicorn-12965.exe	39
PID 2680 wrote to memory of 2604	2680	Unicorn-12965.exe	39
PID 2940 wrote to memory of 1372	2940	Unicorn-60500.exe	40
PID 2940 wrote to memory of 1372	2940	Unicorn-60500.exe	40
PID 2940 wrote to memory of 1372	2940	Unicorn-60500.exe	40
PID 2940 wrote to memory of 1372	2940	Unicorn-60500.exe	40
PID 2612 wrote to memory of 2240	2612	Unicorn-33495.exe	41
PID 2612 wrote to memory of 2240	2612	Unicorn-33495.exe	41
PID 2612 wrote to memory of 2240	2612	Unicorn-33495.exe	41
PID 2612 wrote to memory of 2240	2612	Unicorn-33495.exe	41
PID 2940 wrote to memory of 948	2940	Unicorn-60500.exe	42
PID 2940 wrote to memory of 948	2940	Unicorn-60500.exe	42
PID 2940 wrote to memory of 948	2940	Unicorn-60500.exe	42
PID 2940 wrote to memory of 948	2940	Unicorn-60500.exe	42
PID 1380 wrote to memory of 3032	1380	Unicorn-43282.exe	43
PID 1380 wrote to memory of 3032	1380	Unicorn-43282.exe	43
PID 1380 wrote to memory of 3032	1380	Unicorn-43282.exe	43
PID 1380 wrote to memory of 3032	1380	Unicorn-43282.exe	43

C:\Users\Admin\AppData\Local\Temp\f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\f4918c9883a0c55175557d35985b2e5b_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16723.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42317.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34593.exe
        10⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16285.exe
        11⤵
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35330.exe
        12⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6373.exe
        13⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8070.exe
        14⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
        15⤵
        
        PID:9764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 376
        14⤵
        
        PID:8772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 376
        13⤵
        
        PID:7296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 376
        12⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 376
        11⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 376
        10⤵
        Program crash
        
        PID:4784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 376
        9⤵
        Program crash
        
        PID:3996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 376
        8⤵
        Program crash
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42871.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        9⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
        10⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43695.exe
        11⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
        12⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        13⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
        14⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 372
        14⤵
        
        PID:9996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 372
        13⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 376
        12⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 376
        11⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 376
        10⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 380
        9⤵
        Program crash
        
        PID:3632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 376
        8⤵
        Program crash
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 376
        7⤵
        Program crash
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31627.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54520.exe
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25050.exe
        10⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26555.exe
        11⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        12⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24267.exe
        13⤵
        
        PID:9512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 376
        12⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 376
        11⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 368
        10⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 376
        9⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 376
        8⤵
        Program crash
        
        PID:4152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 380
        7⤵
        Program crash
        
        PID:2776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 376
        6⤵
        Program crash
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30105.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62937.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63072.exe
        9⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32917.exe
        10⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
        11⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46342.exe
        12⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
        13⤵
        
        PID:9856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 380
        12⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 376
        11⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 376
        10⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 376
        9⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 376
        8⤵
        Program crash
        
        PID:3596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 368
        7⤵
        Program crash
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40733.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
        7⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60742.exe
        8⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        9⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8988.exe
        10⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53389.exe
        11⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38906.exe
        12⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3654.exe
        13⤵
        
        PID:9564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 380
        12⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 376
        11⤵
        
        PID:7796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 376
        10⤵
        
        PID:7016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 368
        9⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
        8⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50400.exe
        9⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58044.exe
        10⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
        11⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 376
        11⤵
        
        PID:9588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 376
        10⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 368
        9⤵
        
        PID:7440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 376
        8⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 380
        7⤵
        Program crash
        
        PID:3756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 376
        6⤵
        Program crash
        
        PID:3196
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 376
        5⤵
        Program crash
        
        PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64792.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21661.exe
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30016.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58625.exe
        10⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12984.exe
        11⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58542.exe
        12⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40852.exe
        13⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9082.exe
        14⤵
        
        PID:9736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 376
        13⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 372
        12⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 376
        11⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 376
        10⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 372
        9⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 376
        8⤵
        Program crash
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 376
        7⤵
        Program crash
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59592.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48298.exe
        8⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
        9⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        10⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        11⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61843.exe
        12⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 376
        12⤵
        
        PID:9660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 376
        11⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 376
        10⤵
        
        PID:6224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 376
        9⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 372
        8⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 376
        7⤵
        Program crash
        
        PID:4064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 376
        6⤵
        Program crash
        
        PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
        8⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 240
        9⤵
        Program crash
        
        PID:4948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 376
        8⤵
        Program crash
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 376
        7⤵
        Program crash
        
        PID:4004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 376
        6⤵
        Program crash
        
        PID:2764
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 376
        5⤵
        Program crash
        
        PID:1180
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 384
      4⤵
      Loads dropped DLL
      Program crash
      PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46385.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47011.exe
        10⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
        11⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
        12⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6591.exe
        13⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 380
        13⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 376
        12⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 376
        11⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 380
        10⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 368
        9⤵
        Program crash
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 380
        8⤵
        Program crash
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 376
        7⤵
        Program crash
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10692.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18472.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        8⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
        9⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
        10⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39046.exe
        11⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
        12⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe
        13⤵
        
        PID:9692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 380
        12⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 376
        11⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 376
        10⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 376
        9⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 380
        8⤵
        Program crash
        
        PID:3572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 376
        7⤵
        Program crash
        
        PID:3244
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 376
        6⤵
        Program crash
        
        PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56219.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30558.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65127.exe
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47011.exe
        9⤵
        
        PID:5084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19954.exe
        10⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
        11⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        12⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13021.exe
        13⤵
        
        PID:9920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 380
        12⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 368
        11⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 380
        10⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 376
        9⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 376
        8⤵
        Program crash
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 376
        7⤵
        Program crash
        
        PID:4080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 380
        6⤵
        Program crash
        
        PID:1228
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 376
        5⤵
        Program crash
        
        PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15875.exe
        7⤵
        Executes dropped EXE
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65127.exe
        8⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
        9⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57416.exe
        10⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
        11⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
        12⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 376
        12⤵
        
        PID:9316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 376
        11⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 376
        10⤵
        
        PID:1952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 376
        9⤵
        
        PID:6452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 376
        8⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 380
        7⤵
        Program crash
        
        PID:3400
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 380
        6⤵
        Program crash
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21573.exe
        7⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59564.exe
        8⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47214.exe
        10⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
        11⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21382.exe
        12⤵
        
        PID:9892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 376
        11⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 380
        10⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 380
        9⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 380
        8⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 368
        7⤵
        Program crash
        
        PID:4416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 376
        6⤵
        Program crash
        
        PID:3792
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 376
        5⤵
        Program crash
        
        PID:2032
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 360
      4⤵
      Program crash
      PID:1828
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60500.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60500.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12965.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-770.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42234.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26124.exe
        9⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
        10⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        11⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10872.exe
        12⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11547.exe
        13⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 380
        13⤵
        
        PID:10084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 376
        12⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 376
        11⤵
        
        PID:7424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 376
        10⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 376
        9⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 376
        8⤵
        Program crash
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 380
        7⤵
        Program crash
        
        PID:3648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 372
        6⤵
        Program crash
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42980.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3181.exe
        8⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55563.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
        10⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58926.exe
        11⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe
        12⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
        13⤵
        
        PID:9480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 376
        12⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 376
        11⤵
        
        PID:8096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 376
        10⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 376
        9⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 380
        8⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 372
        7⤵
        Program crash
        
        PID:3748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 376
        6⤵
        Program crash
        
        PID:2636
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 376
        5⤵
        Program crash
        
        PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
        7⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
        8⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
        9⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47499.exe
        10⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        11⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38797.exe
        12⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
        13⤵
        
        PID:9828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 376
        12⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 376
        11⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 376
        10⤵
        
        PID:6892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 376
        9⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 376
        8⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 376
        7⤵
        Program crash
        
        PID:4180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 376
        6⤵
        Program crash
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33333.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe
        6⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
        7⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41085.exe
        8⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58542.exe
        9⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32684.exe
        10⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40904.exe
        11⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 376
        10⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 376
        9⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 380
        8⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 380
        7⤵
        
        PID:5904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 376
        6⤵
        Program crash
        
        PID:3868
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 376
        5⤵
        Program crash
        
        PID:3060
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 372
      4⤵
      Program crash
      PID:1824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        9⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        11⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32793.exe
        12⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        13⤵
        
        PID:9444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 376
        12⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 376
        11⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 376
        10⤵
        
        PID:6300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 376
        9⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 380
        8⤵
        Program crash
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 376
        7⤵
        Program crash
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57945.exe
        7⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18423.exe
        8⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36674.exe
        9⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        10⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
        11⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        12⤵
        
        PID:10012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 376
        11⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 376
        10⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 376
        9⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 376
        8⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 368
        7⤵
        Program crash
        
        PID:4296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 376
        6⤵
        Program crash
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26832.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10690.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21329.exe
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60130.exe
        9⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
        10⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21989.exe
        11⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
        12⤵
        
        PID:9380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 380
        11⤵
        
        PID:9220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 380
        10⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 376
        9⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 376
        8⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 376
        7⤵
        Program crash
        
        PID:4676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 376
        6⤵
        Program crash
        
        PID:3712
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 376
        5⤵
        Program crash
        
        PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
        6⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13871.exe
        7⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40151.exe
        8⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14717.exe
        9⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
        10⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        11⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
        12⤵
        
        PID:9956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 376
        11⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 376
        10⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 376
        9⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 376
        8⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 376
        7⤵
        
        PID:4848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 376
        6⤵
        Program crash
        
        PID:3472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 376
        5⤵
        Program crash
        
        PID:1780
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 376
      4⤵
      Program crash
      PID:888
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 376
  2⤵
  - Program crash
  PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12965.exe

Filesize
184KB

MD5
2a663946bf8b9cd55f8605ad3fca0556

SHA1
cb2919143ea0c73f0979a031e5c1f513b8d75c61

SHA256
2eef5e119d69d04f2d7a706ef0f2a55a2c902a503ec4e22eadb628c2df86e463

SHA512
f42087ac0b899f49461e5b3039268aa25d980ea7f17e3d5f7b5657b4bacc1dfe34c1e935980672ff8ef9c34db463bbae93cacd773b888f936b312aff956db625

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe

Filesize
184KB

MD5
85ba8ff4d8c334a3172f3c41506c79ef

SHA1
3693b479c0f6a050183b4f8bfcb24ab5c01e2546

SHA256
06ac7789bd04f32a6999f641a4a65a46088c2c0a91ee9b7c8da6fbf2d2ac01c4

SHA512
01b3b3935171cd7b15f6ecbd640a37d8ba17d7ebdcbe8ca62c8227d518abdee484d83012a18183e7d638a63cc251fcd677671a87e0dc9dc242645c5943858eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe

Filesize
184KB

MD5
2d7cb3fb5bc102f111d2a51a67c18783

SHA1
0850bccf80c812c0044af721fd961bbfd76160fe

SHA256
4d53f8c7ca9b2e1c4a0f4bd9a22d5d21990109ee0996565d1fd9587fed1b7397

SHA512
3efb9731127d9d6de3718902f4b6bfe122f77e47ee972c1c3a89d700973b10277a43e23b887a348a28e9d622de1e2941ce4331e973629775b633a5ad8712b426

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36768.exe

Filesize
184KB

MD5
49055cb0d368d45ae3ed81b97cf0bd3c

SHA1
256974915b877cd02b638d2bc92cc6c47a9203e1

SHA256
5f6356688618dcce6b6110fafa4cef1fdc0b793c53a7eb25ac5d23c5ec08eb48

SHA512
26ae3b7cb8c4ab703ef3032ff370413769790ea8b8b65e90b02e941e6f340fbfa190fce03798648dc5eb8b4cb49468eca11eb068cb49dca36b39e00d70b34323

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59564.exe

Filesize
184KB

MD5
fdf70d3930810a548ba5d5cb2d5d916d

SHA1
2eee87850d3329839e5fe461eb7ab1b05ecec56b

SHA256
d096246a09dc648613ae261775ab26eb802d870386722e4a1a8959aaa4c21f02

SHA512
21be84145d11573f07f8341cee3e31dda54bc726c96860a56f750eb1599e072e1da64442fc3de6d64b35b06512a222bd6e4ac19e6cf909b0a173e31a9b54e4df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe

Filesize
184KB

MD5
78971e1d64eaaea6e0cd6c6ebbd9512d

SHA1
f66606a8420a970ae84ce0c533d2d70764a80d94

SHA256
bc35c08c2057f255a38e59fad03b7d2af2ddf788430e321dbb8de17a63dafb37

SHA512
9392ecf73aa4d4284e041d6e30da6f98a672d969278afa58ad22cbff5f484c3e3cfa80d51debec67880a66a5ec0f4b8d2bb9583d853a9cebbacab8fd35f9cefe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe

Filesize
184KB

MD5
2deb9b123a47e9c449a37eb79da0f57a

SHA1
8861121e554e5a8337c42c0d612a1a3cec7884b9

SHA256
bfb0f8e51eb312f7274c1d808ca4cd4174be437713715ff7a41715c40bef43d4

SHA512
f21d9692f823eb7771d9b23a1ed69df1f2d2d7bfcff395f69337e9630833861d8a4d03b9baf860fb80d35bdb024b1750b3344dd7c3325810bbec88478efc8327

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe

Filesize
184KB

MD5
831244997edc51856b56cfb3b575b8f5

SHA1
9c65a73e7c5661097b4fb7c878018d41288181c4

SHA256
8e6ed52dded72b9d51994d492ffde5f4dc08aadfbc5dc83f10dabbed0a95622c

SHA512
9100f201ce7cb9e1736269ebe85902b578d693aae03a3b1ee7febd06cad933e4be6a291a16eee006cd9f86dab21c7c5292bf07de1b13bf52e99fc7766f06ede6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe

Filesize
184KB

MD5
ff287529c29615e1d6a8ed47cd4cb54a

SHA1
57bb8f1229fc8b9cda02ad320e76fe56ebdaed18

SHA256
e88ebd78a0d63fd533ecaa111a40759901326b8d295d2e95be839e53e6093f13

SHA512
214fbc3601c1499eca2c067f4d6b7faeab05724ad20e7e3759082a63c87fa3e7ce23fa23fe148fba3d81012c99e7b064f25a7b265419fda19e9abecff57214ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe

Filesize
184KB

MD5
f5a889bcc38561389212db34d476dece

SHA1
13d5257776b30b8bda4af67f2c508fd32f6e94c6

SHA256
2283b72a955b5e6bdf55935746fb20b8e14d33242d65aa4e58f82cc9189caf2d

SHA512
19247d631d4aa9943b98bf073077d7155141371ee94289bc9dd7e0999db40529089f4735e2e8ba363b421566fd98fb450b3f274acfabd452fe0e0fbb3c91023c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33495.exe

Filesize
184KB

MD5
39bbb39ee78f020508934dc916e8e148

SHA1
dafbe6b7c4ae6967f5b05545f13aaea95df80a7e

SHA256
1d76f72951703768d929b5dd82f8ec02aa778d9e8b1e2278a44b2f1fac537466

SHA512
84ef7ad7cb10ff67b6bd0bf46c6da67ffccea5007b21ecbb603dc0fab9072886a1ca56ed81a7afe458d151289d79c75cb4c36aab63a134b331f2f70d8b54aff3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43282.exe

Filesize
184KB

MD5
0868c5cbff558bd1c1516cea0359cb8b

SHA1
af3e2f702e7eb678536cb1899100ca7af3d143ed

SHA256
2b31bfa60e0034882dd58720cab9bc8f145abb1821a531008f783fb423cc427f

SHA512
2992a68f6a524b1f94cd48d409e7443081e276d87f7a4b8c5b0da741caaf97b6694526ab7e73a7568ee4c193cab4da1c772a3c0ef3a4fe7804f30e04f25ac441

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46385.exe

Filesize
184KB

MD5
fb4832e175b24115df8a13086dc038ad

SHA1
9e5583f13d8bd247726ab0de771606a3bff1aa0a

SHA256
b83ea08f92d09b74ea45e7d61dcf64f47c185017d03ab5fe99baf4a330f75c08

SHA512
edb4c5680f7f80432975b7314368a5e35c9922817363eb87c8ef39f65c21ebd8f9910b8203991f25f8d6a1ce10106c254888d9df80e6d65a9c6cc78f16e83d30

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48113.exe

Filesize
184KB

MD5
d4f0c0560dd1eb71a6c4dd198d1cb826

SHA1
53444b55ee1a1d36808f36880afba69cafc1df05

SHA256
1b6216ea86a4944312a989f337118fd0f939a2cf2eec68b0bd100222779d332e

SHA512
30ed954e5d5fa6c378b3c4e933b57a99f2bf7c62d93c75d031819a6bb5825d95cbf0dd019d416aa6e0aef1a72dfdb7c9d8272a615efeed88ac4b86bf54d445c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60500.exe

Filesize
184KB

MD5
203edc997b2488e9dd2547f203ca2250

SHA1
2e8a59f8aa3875a232b913df82faeb95f892a12c

SHA256
36b075bf9dca0cb5b5c0a933f0176855a33d8c3fec52f0405b2e50453e1a298e

SHA512
72ee9655beedcbe1e3778d2ebe1d700b520ed6d66773567e3c37aa5042a3f851bb920cc07a3300c16136c11b52d9490ef284ad8fbe3b916c06c2fcd2c37fa39f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads