5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/05/2024, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe
Size

184KB
MD5

04a776d8c73449c56aec0fe1c3759575
SHA1

384a2de07ca25703228001716143df0611eb6d7c
SHA256

5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2
SHA512

783e7281a9c4b619ac4b771da0aa5ee987ff8b3fcc5a552b67ac475b7ba3ad43479acff6445becb73a7846cf4ff373c2e2a6a758f407039870686cedf1db3f4f
SSDEEP

3072:vw5uaUoiNpUFdpjYeBYWp9+1IVY2Ep1XRHHnD5QlADlhlnVOFE:vwGo7jpjqWn+1IgVachlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1448	Unicorn-55595.exe
2208	Unicorn-9938.exe
2456	Unicorn-64614.exe
2528	Unicorn-61132.exe
2384	Unicorn-60577.exe
2388	Unicorn-49285.exe
2784	Unicorn-51423.exe
268	Unicorn-23197.exe
2128	Unicorn-34978.exe
368	Unicorn-33586.exe
1988	Unicorn-64313.exe
924	Unicorn-45284.exe
1820	Unicorn-64334.exe
2436	Unicorn-41859.exe
2240	Unicorn-13078.exe
860	Unicorn-50582.exe
2996	Unicorn-8994.exe
2568	Unicorn-31553.exe
432	Unicorn-42413.exe
872	Unicorn-60696.exe
1684	Unicorn-15024.exe
1120	Unicorn-14230.exe
848	Unicorn-33259.exe
3020	Unicorn-28128.exe
2680	Unicorn-46602.exe
2916	Unicorn-34158.exe
2928	Unicorn-14292.exe
2344	Unicorn-36850.exe
1588	Unicorn-48548.exe
2064	Unicorn-2040.exe
1740	Unicorn-21906.exe
1160	Unicorn-13737.exe
1296	Unicorn-36104.exe
2200	Unicorn-3986.exe
2376	Unicorn-55214.exe
2408	Unicorn-55214.exe
2868	Unicorn-4622.exe
1188	Unicorn-53652.exe
1912	Unicorn-27010.exe
2124	Unicorn-29702.exe
2292	Unicorn-4451.exe
1984	Unicorn-46060.exe
1668	Unicorn-11249.exe
1700	Unicorn-44669.exe
1544	Unicorn-36308.exe
824	Unicorn-61327.exe
2932	Unicorn-19972.exe
2776	Unicorn-26517.exe
2728	Unicorn-25125.exe
1268	Unicorn-23310.exe
2444	Unicorn-23310.exe
1792	Unicorn-55660.exe
1564	Unicorn-63273.exe
1628	Unicorn-19226.exe
3004	Unicorn-429.exe
1428	Unicorn-21255.exe
1584	Unicorn-5473.exe
2152	Unicorn-51981.exe
1068	Unicorn-19671.exe
2656	Unicorn-43621.exe
2796	Unicorn-16979.exe
2296	Unicorn-19479.exe
1444	Unicorn-8618.exe
692	Unicorn-46122.exe

Loads dropped DLL 64 IoCs

pid	Process
612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe
612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe
612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe
1448	Unicorn-55595.exe
612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe
1448	Unicorn-55595.exe
1448	Unicorn-55595.exe
1448	Unicorn-55595.exe
2208	Unicorn-9938.exe
2208	Unicorn-9938.exe
2640	WerFault.exe
2640	WerFault.exe
2640	WerFault.exe
2640	WerFault.exe
2640	WerFault.exe
2528	Unicorn-61132.exe
2528	Unicorn-61132.exe
2384	Unicorn-60577.exe
2384	Unicorn-60577.exe
2208	Unicorn-9938.exe
2208	Unicorn-9938.exe
1108	WerFault.exe
1108	WerFault.exe
1108	WerFault.exe
1108	WerFault.exe
1108	WerFault.exe
2388	Unicorn-49285.exe
2388	Unicorn-49285.exe
2528	Unicorn-61132.exe
2528	Unicorn-61132.exe
2784	Unicorn-51423.exe
2384	Unicorn-60577.exe
2784	Unicorn-51423.exe
2384	Unicorn-60577.exe
268	Unicorn-23197.exe
268	Unicorn-23197.exe
1508	WerFault.exe
1508	WerFault.exe
1508	WerFault.exe
1508	WerFault.exe
1508	WerFault.exe
1388	WerFault.exe
1388	WerFault.exe
1388	WerFault.exe
1388	WerFault.exe
1388	WerFault.exe
368	Unicorn-33586.exe
368	Unicorn-33586.exe
924	Unicorn-45284.exe
924	Unicorn-45284.exe
2784	Unicorn-51423.exe
2784	Unicorn-51423.exe
1820	Unicorn-64334.exe
1820	Unicorn-64334.exe
1988	Unicorn-64313.exe
1988	Unicorn-64313.exe
268	Unicorn-23197.exe
268	Unicorn-23197.exe
2388	Unicorn-49285.exe
2128	Unicorn-34978.exe
2388	Unicorn-49285.exe
2128	Unicorn-34978.exe
940	WerFault.exe
940	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2580	612	WerFault.exe	27
2640	1448	WerFault.exe	28
1108	2208	WerFault.exe	29
1508	2528	WerFault.exe	32
1388	2384	WerFault.exe	33
940	2388	WerFault.exe	35
1476	2784	WerFault.exe	36
2964	268	WerFault.exe	37
2672	368	WerFault.exe	40
2664	924	WerFault.exe	41
2508	1820	WerFault.exe	43
2412	1988	WerFault.exe	42
2544	2128	WerFault.exe	39
2836	2436	WerFault.exe	46
1596	2996	WerFault.exe	49
2040	2240	WerFault.exe	47
1592	860	WerFault.exe	48
2484	2568	WerFault.exe	50
2992	432	WerFault.exe	51
2564	872	WerFault.exe	53
2316	1684	WerFault.exe	52
2856	1160	WerFault.exe	67
2876	1740	WerFault.exe	66
2480	2200	WerFault.exe	69
1920	2680	WerFault.exe	60
2120	2916	WerFault.exe	61
1956	1120	WerFault.exe	57
2732	3020	WerFault.exe	59
2268	2344	WerFault.exe	63
240	1188	WerFault.exe	80
960	1912	WerFault.exe	81
2756	848	WerFault.exe	58
3044	2292	WerFault.exe	83
2700	1588	WerFault.exe	64
1636	1984	WerFault.exe	84
2692	1668	WerFault.exe	85
3160	1544	WerFault.exe	87
3332	2776	WerFault.exe	90
3488	3004	WerFault.exe	97
3788	1296	WerFault.exe	68
3804	2376	WerFault.exe	76
3828	2408	WerFault.exe	75
3844	2868	WerFault.exe	77
3892	2928	WerFault.exe	62
3932	1700	WerFault.exe	86
3940	2124	WerFault.exe	82
3996	2064	WerFault.exe	65
4056	824	WerFault.exe	88
3120	2932	WerFault.exe	89
3192	2444	WerFault.exe	93
3204	2728	WerFault.exe	91
3656	2276	WerFault.exe	137
3764	2140	WerFault.exe	117
3852	1124	WerFault.exe	123
3948	2296	WerFault.exe	111
3976	2400	WerFault.exe	127
4004	1584	WerFault.exe	103
4028	2892	WerFault.exe	136
4036	2720	WerFault.exe	135
4092	1268	WerFault.exe	92
3140	1792	WerFault.exe	94
3180	1564	WerFault.exe	95
3208	2872	WerFault.exe	134
3288	1628	WerFault.exe	96

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe
1448	Unicorn-55595.exe
2208	Unicorn-9938.exe
2456	Unicorn-64614.exe
2528	Unicorn-61132.exe
2384	Unicorn-60577.exe
2388	Unicorn-49285.exe
2784	Unicorn-51423.exe
268	Unicorn-23197.exe
2128	Unicorn-34978.exe
368	Unicorn-33586.exe
924	Unicorn-45284.exe
1820	Unicorn-64334.exe
1988	Unicorn-64313.exe
2436	Unicorn-41859.exe
2240	Unicorn-13078.exe
860	Unicorn-50582.exe
2996	Unicorn-8994.exe
2568	Unicorn-31553.exe
432	Unicorn-42413.exe
1684	Unicorn-15024.exe
872	Unicorn-60696.exe
1120	Unicorn-14230.exe
848	Unicorn-33259.exe
3020	Unicorn-28128.exe
2928	Unicorn-14292.exe
2916	Unicorn-34158.exe
2680	Unicorn-46602.exe
2344	Unicorn-36850.exe
1588	Unicorn-48548.exe
2064	Unicorn-2040.exe
1160	Unicorn-13737.exe
1740	Unicorn-21906.exe
1296	Unicorn-36104.exe
2200	Unicorn-3986.exe
2408	Unicorn-55214.exe
2376	Unicorn-55214.exe
2868	Unicorn-4622.exe
1188	Unicorn-53652.exe
1912	Unicorn-27010.exe
2124	Unicorn-29702.exe
2292	Unicorn-4451.exe
1984	Unicorn-46060.exe
1668	Unicorn-11249.exe
1700	Unicorn-44669.exe
1544	Unicorn-36308.exe
824	Unicorn-61327.exe
2932	Unicorn-19972.exe
2728	Unicorn-25125.exe
1268	Unicorn-23310.exe
2776	Unicorn-26517.exe
1564	Unicorn-63273.exe
1792	Unicorn-55660.exe
2444	Unicorn-23310.exe
1628	Unicorn-19226.exe
3004	Unicorn-429.exe
1428	Unicorn-21255.exe
1584	Unicorn-5473.exe
2152	Unicorn-51981.exe
1068	Unicorn-19671.exe
2656	Unicorn-43621.exe
1444	Unicorn-8618.exe
1824	Unicorn-450.exe
2796	Unicorn-16979.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 612 wrote to memory of 1448	612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe	28
PID 612 wrote to memory of 1448	612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe	28
PID 612 wrote to memory of 1448	612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe	28
PID 612 wrote to memory of 1448	612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe	28
PID 612 wrote to memory of 2208	612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe	29
PID 612 wrote to memory of 2208	612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe	29
PID 612 wrote to memory of 2208	612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe	29
PID 612 wrote to memory of 2208	612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe	29
PID 1448 wrote to memory of 2456	1448	Unicorn-55595.exe	30
PID 1448 wrote to memory of 2456	1448	Unicorn-55595.exe	30
PID 1448 wrote to memory of 2456	1448	Unicorn-55595.exe	30
PID 1448 wrote to memory of 2456	1448	Unicorn-55595.exe	30
PID 612 wrote to memory of 2580	612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe	31
PID 612 wrote to memory of 2580	612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe	31
PID 612 wrote to memory of 2580	612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe	31
PID 612 wrote to memory of 2580	612	5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe	31
PID 1448 wrote to memory of 2528	1448	Unicorn-55595.exe	32
PID 1448 wrote to memory of 2528	1448	Unicorn-55595.exe	32
PID 1448 wrote to memory of 2528	1448	Unicorn-55595.exe	32
PID 1448 wrote to memory of 2528	1448	Unicorn-55595.exe	32
PID 2208 wrote to memory of 2384	2208	Unicorn-9938.exe	33
PID 2208 wrote to memory of 2384	2208	Unicorn-9938.exe	33
PID 2208 wrote to memory of 2384	2208	Unicorn-9938.exe	33
PID 2208 wrote to memory of 2384	2208	Unicorn-9938.exe	33
PID 1448 wrote to memory of 2640	1448	Unicorn-55595.exe	34
PID 1448 wrote to memory of 2640	1448	Unicorn-55595.exe	34
PID 1448 wrote to memory of 2640	1448	Unicorn-55595.exe	34
PID 1448 wrote to memory of 2640	1448	Unicorn-55595.exe	34
PID 2528 wrote to memory of 2388	2528	Unicorn-61132.exe	35
PID 2528 wrote to memory of 2388	2528	Unicorn-61132.exe	35
PID 2528 wrote to memory of 2388	2528	Unicorn-61132.exe	35
PID 2528 wrote to memory of 2388	2528	Unicorn-61132.exe	35
PID 2384 wrote to memory of 2784	2384	Unicorn-60577.exe	36
PID 2384 wrote to memory of 2784	2384	Unicorn-60577.exe	36
PID 2384 wrote to memory of 2784	2384	Unicorn-60577.exe	36
PID 2384 wrote to memory of 2784	2384	Unicorn-60577.exe	36
PID 2208 wrote to memory of 268	2208	Unicorn-9938.exe	37
PID 2208 wrote to memory of 268	2208	Unicorn-9938.exe	37
PID 2208 wrote to memory of 268	2208	Unicorn-9938.exe	37
PID 2208 wrote to memory of 268	2208	Unicorn-9938.exe	37
PID 2208 wrote to memory of 1108	2208	Unicorn-9938.exe	38
PID 2208 wrote to memory of 1108	2208	Unicorn-9938.exe	38
PID 2208 wrote to memory of 1108	2208	Unicorn-9938.exe	38
PID 2208 wrote to memory of 1108	2208	Unicorn-9938.exe	38
PID 2388 wrote to memory of 2128	2388	Unicorn-49285.exe	39
PID 2388 wrote to memory of 2128	2388	Unicorn-49285.exe	39
PID 2388 wrote to memory of 2128	2388	Unicorn-49285.exe	39
PID 2388 wrote to memory of 2128	2388	Unicorn-49285.exe	39
PID 2528 wrote to memory of 368	2528	Unicorn-61132.exe	40
PID 2528 wrote to memory of 368	2528	Unicorn-61132.exe	40
PID 2528 wrote to memory of 368	2528	Unicorn-61132.exe	40
PID 2528 wrote to memory of 368	2528	Unicorn-61132.exe	40
PID 2784 wrote to memory of 924	2784	Unicorn-51423.exe	41
PID 2784 wrote to memory of 924	2784	Unicorn-51423.exe	41
PID 2784 wrote to memory of 924	2784	Unicorn-51423.exe	41
PID 2784 wrote to memory of 924	2784	Unicorn-51423.exe	41
PID 2384 wrote to memory of 1988	2384	Unicorn-60577.exe	42
PID 2384 wrote to memory of 1988	2384	Unicorn-60577.exe	42
PID 2384 wrote to memory of 1988	2384	Unicorn-60577.exe	42
PID 2384 wrote to memory of 1988	2384	Unicorn-60577.exe	42
PID 268 wrote to memory of 1820	268	Unicorn-23197.exe	43
PID 268 wrote to memory of 1820	268	Unicorn-23197.exe	43
PID 268 wrote to memory of 1820	268	Unicorn-23197.exe	43
PID 268 wrote to memory of 1820	268	Unicorn-23197.exe	43

C:\Users\Admin\AppData\Local\Temp\5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe
"C:\Users\Admin\AppData\Local\Temp\5a571fa839e399884d797f1c8975a69d491b0c1bea4b693f38288c7b5e0caab2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61132.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61132.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49285.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15024.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36104.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27861.exe
        9⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65188.exe
        10⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59428.exe
        11⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7949.exe
        12⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        13⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 236
        13⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 236
        12⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
        11⤵
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 216
        10⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        9⤵
        Program crash
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42163.exe
        9⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
        10⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41115.exe
        11⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
        12⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 236
        12⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 236
        11⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
        10⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
        9⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
        8⤵
        Program crash
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55660.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38551.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33180.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
        10⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
        11⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        12⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
        13⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
        13⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        12⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        11⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 216
        10⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
        9⤵
        Program crash
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55925.exe
        9⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
        10⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
        11⤵
        
        PID:7572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49735.exe
        12⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
        12⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
        11⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        10⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        9⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
        8⤵
        Program crash
        
        PID:3140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
        7⤵
        Program crash
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63273.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24820.exe
        9⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        10⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62993.exe
        11⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe
        12⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
        13⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
        13⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
        12⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
        11⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
        10⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        9⤵
        Program crash
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        8⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        9⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62692.exe
        10⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
        11⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
        12⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        12⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 236
        11⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
        10⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
        9⤵
        
        PID:5268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        8⤵
        Program crash
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3226.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        8⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29750.exe
        9⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
        10⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8349.exe
        11⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41707.exe
        12⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
        12⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        11⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 236
        10⤵
        
        PID:7164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
        9⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        8⤵
        
        PID:3292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
        7⤵
        Program crash
        
        PID:2480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        6⤵
        Program crash
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60696.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48473.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26657.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63517.exe
        10⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40627.exe
        11⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
        12⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8318.exe
        13⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
        13⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        12⤵
        
        PID:7696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
        11⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
        10⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        9⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
        8⤵
        Program crash
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55058.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        8⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
        9⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
        10⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40150.exe
        11⤵
        
        PID:7216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6865.exe
        12⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
        12⤵
        
        PID:4664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
        11⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 236
        10⤵
        
        PID:6388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 216
        9⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
        8⤵
        Program crash
        
        PID:3976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
        7⤵
        Program crash
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        7⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7586.exe
        10⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8619.exe
        11⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
        11⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        10⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        9⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
        8⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        7⤵
        Program crash
        
        PID:3204
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
        6⤵
        Program crash
        
        PID:2564
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14230.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        9⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40487.exe
        10⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
        11⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56403.exe
        12⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9257.exe
        13⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
        13⤵
        
        PID:9088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 236
        12⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 236
        11⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
        10⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
        9⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
        8⤵
        Program crash
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46273.exe
        10⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44426.exe
        11⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17364.exe
        12⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
        12⤵
        
        PID:9212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        11⤵
        
        PID:7208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        10⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
        9⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 216
        8⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
        7⤵
        Program crash
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4622.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43621.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35640.exe
        8⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
        9⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62988.exe
        10⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
        11⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 236
        11⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
        10⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
        9⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        8⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
        7⤵
        Program crash
        
        PID:3844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
        6⤵
        Program crash
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33259.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55214.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21255.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17135.exe
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28562.exe
        10⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
        11⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        11⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        10⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 216
        9⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 236
        8⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
        7⤵
        Program crash
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        7⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        8⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24291.exe
        9⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        10⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1027.exe
        11⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
        11⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
        10⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        9⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        8⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 216
        7⤵
        Program crash
        
        PID:4004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 220
        6⤵
        Program crash
        
        PID:2756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 368 -s 240
        5⤵
        Program crash
        
        PID:2672
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1508
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2640
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51423.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45284.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13078.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11249.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        9⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34249.exe
        10⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53211.exe
        11⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        12⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50565.exe
        13⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
        14⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
        14⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
        13⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 236
        12⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
        11⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
        10⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 236
        9⤵
        Program crash
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
        8⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63221.exe
        9⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12754.exe
        10⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        10⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
        9⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        8⤵
        Program crash
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36308.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19309.exe
        8⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39018.exe
        9⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        10⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
        11⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        12⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4535.exe
        13⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        13⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
        12⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 216
        11⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        10⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 216
        9⤵
        Program crash
        
        PID:3852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
        8⤵
        Program crash
        
        PID:3160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
        7⤵
        Program crash
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5110.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20627.exe
        9⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
        10⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9537.exe
        11⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
        12⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        13⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 236
        12⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 236
        11⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        10⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        9⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
        8⤵
        Program crash
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54866.exe
        7⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        10⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5910.exe
        11⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
        12⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
        11⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 236
        10⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        9⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        8⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
        7⤵
        Program crash
        
        PID:2268
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 240
        6⤵
        Program crash
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50582.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16979.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48831.exe
        9⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63517.exe
        10⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        11⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20882.exe
        12⤵
        
        PID:7584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13362.exe
        13⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
        13⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
        12⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        11⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        10⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        9⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 236
        8⤵
        Program crash
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19479.exe
        7⤵
        Executes dropped EXE
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37067.exe
        9⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27799.exe
        10⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55116.exe
        11⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
        12⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
        12⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
        11⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
        10⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        9⤵
        
        PID:4948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
        8⤵
        Program crash
        
        PID:3948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 220
        7⤵
        Program crash
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29702.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-450.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5105.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3922.exe
        9⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
        10⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
        11⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe
        12⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
        11⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
        10⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        9⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 216
        8⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        7⤵
        Program crash
        
        PID:3940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 220
        6⤵
        Program crash
        
        PID:1592
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        5⤵
        Program crash
        
        PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31553.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48548.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32137.exe
        8⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33087.exe
        10⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
        11⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26580.exe
        12⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
        12⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        11⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        10⤵
        
        PID:5760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        9⤵
        
        PID:4072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 236
        8⤵
        Program crash
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30745.exe
        7⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe
        8⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27529.exe
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        10⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
        11⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        12⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 236
        12⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        11⤵
        
        PID:7632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
        10⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
        9⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
        8⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        7⤵
        Program crash
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        7⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
        8⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27140.exe
        9⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 220
        10⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
        9⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
        8⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
        7⤵
        Program crash
        
        PID:3120
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
        6⤵
        Program crash
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2040.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50419.exe
        7⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37072.exe
        8⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8369.exe
        9⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        10⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
        11⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60098.exe
        12⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 236
        12⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
        11⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 236
        10⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
        9⤵
        
        PID:5240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
        8⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62131.exe
        7⤵
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34929.exe
        8⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3870.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52869.exe
        10⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
        11⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 220
        11⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 220
        10⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
        9⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
        8⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 240
        7⤵
        Program crash
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49604.exe
        6⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64228.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14996.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
        9⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22392.exe
        10⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8458.exe
        11⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
        11⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
        10⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        9⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
        8⤵
        
        PID:5976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
        7⤵
        
        PID:5084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        6⤵
        Program crash
        
        PID:3996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
        5⤵
        Program crash
        
        PID:2412
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8994.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28128.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4451.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
        9⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
        10⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32651.exe
        11⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
        12⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10373.exe
        13⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 236
        13⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
        12⤵
        
        PID:7212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        11⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
        10⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 216
        9⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
        8⤵
        Program crash
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9941.exe
        7⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38909.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
        10⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
        11⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        12⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
        12⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
        11⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        10⤵
        
        PID:6372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
        9⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 216
        8⤵
        Program crash
        
        PID:3764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
        7⤵
        Program crash
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44669.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64425.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29034.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59345.exe
        9⤵
        
        PID:4700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
        10⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56538.exe
        11⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        11⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 236
        10⤵
        
        PID:7008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
        9⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
        8⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
        7⤵
        Program crash
        
        PID:3932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
        6⤵
        Program crash
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27010.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8618.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10128.exe
        8⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6615.exe
        9⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-217.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
        11⤵
        
        PID:8136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17504.exe
        12⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
        12⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 236
        11⤵
        
        PID:4088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 236
        10⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        9⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 236
        8⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        7⤵
        Program crash
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46122.exe
        6⤵
        Executes dropped EXE
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        7⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17135.exe
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
        9⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50207.exe
        10⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
        10⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        9⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        8⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 216
        7⤵
        
        PID:4836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        6⤵
        Program crash
        
        PID:3892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
        5⤵
        Program crash
        
        PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22407.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52116.exe
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37742.exe
        10⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
        11⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51982.exe
        12⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
        12⤵
        
        PID:4764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        11⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 236
        10⤵
        
        PID:6192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 216
        9⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
        8⤵
        Program crash
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45987.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        8⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        9⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
        10⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
        11⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 236
        11⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 236
        10⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        9⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
        8⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
        7⤵
        Program crash
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
        6⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30850.exe
        7⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
        8⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        9⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37772.exe
        10⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17447.exe
        11⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
        11⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
        10⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
        9⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
        8⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        7⤵
        Program crash
        
        PID:3656
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
        6⤵
        Program crash
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-429.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
        6⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        7⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
        8⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        9⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
        10⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
        10⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 236
        9⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        8⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 216
        7⤵
        
        PID:4592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
        6⤵
        Program crash
        
        PID:3488
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 240
        5⤵
        Program crash
        
        PID:2992
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
      4⤵
      Program crash
      PID:2964
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 240
  2⤵
  - Program crash
  PID:2580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exe

Filesize
184KB

MD5
ca74ed3b4945ca6034c1fe8428470938

SHA1
58f84f94f1bd863605f0f30c48c249e0f94f173c

SHA256
5de8c805b2cc597b2b08067e5f953781204b18402c581d12b64a8c26a9b478fb

SHA512
c1ee8e68b03ece74df286faa10f549499c1dc4d51052974c82c5bf1153f75c812089b82161d3776b21977ebb53ef47924741aadf461bf9f15662a80ef52a9640

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe

Filesize
184KB

MD5
0214819b6b5e3a3fe5918ed16b5e60c5

SHA1
6c4d55081e69db1bd029826f0cffc95c3c30334a

SHA256
29a90921de8e021405de0dc40153d9f45e7ea42c150444a54048344acf5bc5f4

SHA512
7a38d41624c6657e4de6ac2be92bbf2c8e971c461bb96c3cd2f162872485a8bcea64677ce665a1e14b6ddd251da5aa02bd93cb12f64c835f2c3d17f006327b89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33087.exe

Filesize
184KB

MD5
6dfb36238b6b6026573defbb98a0eef0

SHA1
d1c0df1b7122114d0ba228cf37020e8de657e9fa

SHA256
766b9cbbd9bdddc1109b8a00acd7f409c56a43a95a2b149b65015b2da5ec570a

SHA512
ade108904de5a401e77e25a2b23eb82b90818a6c3950f6f05e3039dd7072dac773726208ab34d3cb6394aa93fc52cc4a8363d5b7cd3cb0097e2e575a38f36c3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40617.exe

Filesize
184KB

MD5
ed693e2e0f01b78b5235ff3ee2dbf772

SHA1
78ff1f57dbd10d9e1aaed7e592ea7acbd7691db4

SHA256
c4857868a3e27eb2b667e6b69653517cce9841fdbd58cb9961edac22cca78988

SHA512
e221636d5300a6cd036d00a511e2463f6549279a5ee154c31390277e16ab89d59990f2bef28b9bf5385616892ed223640fc59fd1beab47390709f2ab7b4ecae9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe

Filesize
184KB

MD5
5399f501f896a3857fb5536285af3ee1

SHA1
8dc4a31a13fa153bb90c91bb1f6b7512aea5b0ac

SHA256
55ac60125888a914af337812bbafa7e8dbdc6f6b120a059e6e2b74902c26ffdf

SHA512
2be708a5c4a65b522dcd69e8997fc5f10a2b5254378a2e5c130422bc4e790ad829f4b37b1b40ead985f10c0816b9267b5c9f63eba5690e277c512a898cd1d487

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe

Filesize
184KB

MD5
15bd6b08a0ed64a9bfe67264fdbbc369

SHA1
b7588fda3666f2d69bb8e18dc132ab2177e0a271

SHA256
547e68550a68f680ba54488db2f303be3a00496164bfdde18e610354555fac92

SHA512
00bc467832d7df3fdaf6a6f3ec4df9025217925a6aeb461626614d9e6f267212b31d0cf0b32762a8a6226281f0263e56e7dec66fcb2f873d1adf3679b5255d0d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe

Filesize
184KB

MD5
428b450cd8d2c8491cfd6c1e088f9f97

SHA1
a119d964a60d2396b6a1a82a740b8d957e9327bf

SHA256
42e8c241fb33403c75da8f2138371abb12fbc604b2e98e0dd4c1d55d782238eb

SHA512
620e0f4f1e3e9ec054d642964a3bf59b3c031e7d8c9c63c3105963899624ac7ca54ac47e7342e54c53d5b0add9eeb682678384e535ebb66287cffe228d7b613f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe

Filesize
184KB

MD5
8c5f0ad9aa45fe94014e7b179ca73f3c

SHA1
47b28d1781479cae985e56833a6c7c1f24580843

SHA256
d9937e0dd88885d7d33d556dbee5be81650fff340d55e44c01be847e59cf6129

SHA512
cf31907c0d1d3efb3cd6dca16b9a52ef0889da455e822846ee61a7b8ebe4dcc53f295cb0b2daeb23c87bdaf35b64edb0038620d6e20f826ed1c0dba464586585

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe

Filesize
184KB

MD5
90ee1d51d2796f8fbf3b103bbcb65e5b

SHA1
66a73f32fec77678f39a19fb53e1e1d9735709d9

SHA256
62ee4b7d05223793fc9f08dae9fd3725d30ad001d53393feca621cc9d5eba63b

SHA512
6339511957081c9bc34b1b7a9d8de714bfafd789964cdc933ab5a2ad1c276a25741f9beb41a82e2d8ea87b1c8d2a6027891f2b76856f91f3e629c3be5f4c92fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45284.exe

Filesize
184KB

MD5
358cfc846d720043f4995092c1bd9b9d

SHA1
6c30f0bc25ef19d4c5d103d9649992e4c0b3b131

SHA256
2b0e0cc442f03912bdb0b942e10876074529ae1a8162c68cedac65809481a47c

SHA512
f78b973e9ba155c46201ad9474d360c92e50230a7ea931533ef4f544f43e82882047707b65fed0e122ff8b28eeb6b94c0c85cab61e977ee4c7ac85f12c0b0b2a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49285.exe

Filesize
184KB

MD5
fe5cf8d67e55bc268e0ee16d0bb46a64

SHA1
28ad460b829a67d7effcab418ec77e1c50af2433

SHA256
48927370573c4ce7c1792c5a904d5d06a3632e27c43d529ab2d91f2f1508da32

SHA512
43e3579a7d35fc650c76b9920e4a3e7983c754797e41d7ecd765e308445a6cfa121905b07f245137b2899811f5d4027836d6bb563aa9c3df4816d36e96f62f04

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51423.exe

Filesize
184KB

MD5
ea6255e0a2bbd191882329b39ce7a6b0

SHA1
48afcb9597ea9ad5b9559a7378863383e4811b65

SHA256
5000f46b74590b30adc6bc4050c9829e7e2e92038a69053b0e0c51cd360ee7ad

SHA512
788644dfe8efc77397d02a6d6bfb5b14411e4410c8cdcc590916d1261001f06ab3f010a2ea5c5ff12b34988ee0af248ef5b0d998ac253629a32e306a97cf0e63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe

Filesize
184KB

MD5
8b146d6a2e86b1eac276e5321e511b66

SHA1
7b7c4a06489106b050dde6fa9637aad2baf5551d

SHA256
a53595e80f0beb9e62be373ccab57f4e2d18e38ab04833ddf1c4c6fdf7badbd5

SHA512
9454e61c57446d6b1a0df283e84ef29c1c156fbcc839d96b8e1683d06fab6113b4c8a9f594947827dd1d6dbf4de0ada1cbeab8aa20fe43e61c3d5f053b00451e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe

Filesize
184KB

MD5
9f7c8da5f54d8fa0673777725ab46e4d

SHA1
6d99b14ad222ce9d84583afa451400f3b2da2018

SHA256
bf8b9d617b8139754f70f1c2e69f4de76d4d3a780694a06c9e97a553c28f8e65

SHA512
883e435f87a6f1baad138ac2ea8bb0d17d20e14beefb7970d44777cd7195494b5b36597ed9ec8d3e876e221f00ca1b03accc7224673ebefea09051b71ed6f7e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61132.exe

Filesize
184KB

MD5
8d6a93551865e84698d37eaa14328f56

SHA1
e532ad53ba4d454944939a67ae9a1e36055d36bb

SHA256
dacad5441fc3997198c1798d4200a57507e60709fdbc4d36e903a6936426ec7e

SHA512
1b292d63d5c4b1b7a646f7190f78ed5159d99fc49dbb7b49c36ef350a943add3db2067b3af34a4e5887894f58928a6be849595863c988c49332cb0503f75357d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64313.exe

Filesize
184KB

MD5
9e7c233bc56b7ab630a32ea4419705bc

SHA1
1ca445765204434657809b23261bb3611a1146cc

SHA256
2923ceb8d164b411fcccf10b15e850f387a78f1f3b264eb785df8d4dd0b5a283

SHA512
084210cd0751798b36b53fd1f7911fceb85a4a54193b5ce826e6f33f6274a64116705cbb45c97115922cb60e6099308375015307b044334e3e00296cc97407fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe

Filesize
184KB

MD5
f8c337e8a843993b28666a56cf0aead5

SHA1
1ef6f6f427afc1ebc87e293563ab09922cdd43da

SHA256
6c707425cf84f45371283c8e2dcab775e544ce40826223f6f60b5c92d68986af

SHA512
a5d86e11b7b6b71f71e79751aa6c9958f19e5d16af5a3c9ec35130da8eaa7c0329e01d7516cf94a012c373a6591c28bc311e238e37df568a526b38a1f6f56fb6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9938.exe

Filesize
184KB

MD5
29704fb186a15269933c6af0750e0f91

SHA1
a55eec051a8324cc4617e054d9c473c3567c9989

SHA256
24916eb09e85100ebe20a48363c04db5ea2ddd28fc4aeb97dbe2bda52f78fcab

SHA512
60870d52f26e58deb0d6c09509d498b5adb44b1fdd7655b65c5ba72713d54a704ae3dc50fab81f0b87bc5bd2df4c51854f9166579f9ae956679535f84f363fea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads