d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/05/2024, 03:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe
Size

184KB
MD5

7a3ba56de4ddabbbf93f39640b0b6d38
SHA1

fa33474cd42e1b49aafde0c90e0c43a5c7002e10
SHA256

d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae
SHA512

ef422c0e4c9463d48f06dffb12d0748c8181297d86623d0924a41fd16757c7b9507ea69b81400d2f93dd36ed59636f1332ad7920f358d3a8c1bdb30698b262d3
SSDEEP

3072:EXn3bxoT7ExK/sEWeqcLGKekhlnniF0n3:EXtoC4sERL1ekhlnniF0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1448	Unicorn-15737.exe
1068	Unicorn-54932.exe
2860	Unicorn-35258.exe
2480	Unicorn-41400.exe
2528	Unicorn-25387.exe
2380	Unicorn-34889.exe
2496	Unicorn-48080.exe
472	Unicorn-18169.exe
1188	Unicorn-37956.exe
1788	Unicorn-19709.exe
1924	Unicorn-40644.exe
2292	Unicorn-35661.exe
1984	Unicorn-55527.exe
2364	Unicorn-46882.exe
2140	Unicorn-33042.exe
2932	Unicorn-28936.exe
2808	Unicorn-31589.exe
2676	Unicorn-63877.exe
2904	Unicorn-61609.exe
872	Unicorn-12408.exe
816	Unicorn-15938.exe
1652	Unicorn-13768.exe
1468	Unicorn-10623.exe
2944	Unicorn-39280.exe
1760	Unicorn-3592.exe
3044	Unicorn-52471.exe
852	Unicorn-6415.exe
2844	Unicorn-5382.exe
1588	Unicorn-57152.exe
1164	Unicorn-36601.exe
1916	Unicorn-7759.exe
1100	Unicorn-24288.exe
2196	Unicorn-4422.exe
2200	Unicorn-56083.exe
2400	Unicorn-57300.exe
2404	Unicorn-57300.exe
2544	Unicorn-53771.exe
1556	Unicorn-24903.exe
2984	Unicorn-60398.exe
1372	Unicorn-27150.exe
1356	Unicorn-37517.exe
1932	Unicorn-4269.exe
1140	Unicorn-33886.exe
1368	Unicorn-48193.exe
828	Unicorn-64949.exe
1708	Unicorn-35614.exe
1620	Unicorn-912.exe
1132	Unicorn-50113.exe
1452	Unicorn-46776.exe
2244	Unicorn-30439.exe
2264	Unicorn-50305.exe
432	Unicorn-46200.exe
2912	Unicorn-36408.exe
2012	Unicorn-49921.exe
2024	Unicorn-30055.exe
1740	Unicorn-15874.exe
2456	Unicorn-45401.exe
2468	Unicorn-30107.exe
2548	Unicorn-19740.exe
2784	Unicorn-22428.exe
1948	Unicorn-35234.exe
1344	Unicorn-17938.exe
1968	Unicorn-44623.exe
2280	Unicorn-60767.exe

Loads dropped DLL 64 IoCs

pid	Process
612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe
612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe
1448	Unicorn-15737.exe
1448	Unicorn-15737.exe
612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe
612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe
1068	Unicorn-54932.exe
1448	Unicorn-15737.exe
1448	Unicorn-15737.exe
1068	Unicorn-54932.exe
2552	WerFault.exe
2552	WerFault.exe
2552	WerFault.exe
2552	WerFault.exe
2552	WerFault.exe
2528	Unicorn-25387.exe
2528	Unicorn-25387.exe
1068	Unicorn-54932.exe
1068	Unicorn-54932.exe
2480	Unicorn-41400.exe
2480	Unicorn-41400.exe
692	WerFault.exe
692	WerFault.exe
692	WerFault.exe
692	WerFault.exe
692	WerFault.exe
2380	Unicorn-34889.exe
2380	Unicorn-34889.exe
2528	Unicorn-25387.exe
2528	Unicorn-25387.exe
2496	Unicorn-48080.exe
2496	Unicorn-48080.exe
2480	Unicorn-41400.exe
472	Unicorn-18169.exe
2480	Unicorn-41400.exe
472	Unicorn-18169.exe
1568	WerFault.exe
1568	WerFault.exe
1568	WerFault.exe
1568	WerFault.exe
1568	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1788	Unicorn-19709.exe
1788	Unicorn-19709.exe
1188	Unicorn-37956.exe
1188	Unicorn-37956.exe
2380	Unicorn-34889.exe
2380	Unicorn-34889.exe
2292	Unicorn-35661.exe
2292	Unicorn-35661.exe
1984	Unicorn-55527.exe
1984	Unicorn-55527.exe
472	Unicorn-18169.exe
472	Unicorn-18169.exe
1924	Unicorn-40644.exe
1924	Unicorn-40644.exe
2496	Unicorn-48080.exe
2496	Unicorn-48080.exe
1172	WerFault.exe
1172	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2504	612	WerFault.exe	27
2552	1448	WerFault.exe	28
692	1068	WerFault.exe	29
1568	2528	WerFault.exe	32
1552	2480	WerFault.exe	33
1172	2380	WerFault.exe	35
2284	2496	WerFault.exe	36
2964	472	WerFault.exe	37
2704	1788	WerFault.exe	40
2412	1188	WerFault.exe	39
2020	2292	WerFault.exe	42
1736	1984	WerFault.exe	43
2816	1924	WerFault.exe	41
2836	2364	WerFault.exe	46
1156	2932	WerFault.exe	48
2052	2676	WerFault.exe	50
1592	2140	WerFault.exe	47
1964	2904	WerFault.exe	51
2708	2808	WerFault.exe	49
2308	816	WerFault.exe	52
484	872	WerFault.exe	53
2452	1760	WerFault.exe	60
2328	2196	WerFault.exe	67
2460	1100	WerFault.exe	68
2716	1588	WerFault.exe	64
2512	1468	WerFault.exe	58
2320	1652	WerFault.exe	57
2312	2844	WerFault.exe	63
1700	2984	WerFault.exe	79
1672	2404	WerFault.exe	72
1732	2400	WerFault.exe	73
2340	2944	WerFault.exe	59
1988	1372	WerFault.exe	81
2864	1556	WerFault.exe	78
2580	1356	WerFault.exe	80
1948	1368	WerFault.exe	84
2008	3044	WerFault.exe	61
3208	2012	WerFault.exe	94
3628	1916	WerFault.exe	66
3668	2544	WerFault.exe	76
3692	1932	WerFault.exe	82
3720	1132	WerFault.exe	88
3736	852	WerFault.exe	62
3776	2200	WerFault.exe	69
3816	2024	WerFault.exe	95
3840	2264	WerFault.exe	91
3880	1620	WerFault.exe	87
3904	1708	WerFault.exe	86
3996	1164	WerFault.exe	65
3256	1632	WerFault.exe	116
3364	2912	WerFault.exe	93
3500	2280	WerFault.exe	114
3544	2268	WerFault.exe	136
3548	2244	WerFault.exe	90
3572	640	WerFault.exe	137
3568	432	WerFault.exe	92
3376	2548	WerFault.exe	107
3636	3324	WerFault.exe	172
3648	2600	WerFault.exe	127
3744	1452	WerFault.exe	89
2916	1544	WerFault.exe	133
3852	1820	WerFault.exe	132
3928	828	WerFault.exe	85
3952	2784	WerFault.exe	108

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe
1448	Unicorn-15737.exe
1068	Unicorn-54932.exe
2480	Unicorn-41400.exe
2528	Unicorn-25387.exe
2380	Unicorn-34889.exe
2496	Unicorn-48080.exe
472	Unicorn-18169.exe
1188	Unicorn-37956.exe
1788	Unicorn-19709.exe
1924	Unicorn-40644.exe
2292	Unicorn-35661.exe
1984	Unicorn-55527.exe
2364	Unicorn-46882.exe
2140	Unicorn-33042.exe
2932	Unicorn-28936.exe
2676	Unicorn-63877.exe
2808	Unicorn-31589.exe
2904	Unicorn-61609.exe
872	Unicorn-12408.exe
816	Unicorn-15938.exe
1652	Unicorn-13768.exe
1468	Unicorn-10623.exe
2944	Unicorn-39280.exe
1760	Unicorn-3592.exe
3044	Unicorn-52471.exe
852	Unicorn-6415.exe
2844	Unicorn-5382.exe
1164	Unicorn-36601.exe
1588	Unicorn-57152.exe
1916	Unicorn-7759.exe
1100	Unicorn-24288.exe
2200	Unicorn-56083.exe
2196	Unicorn-4422.exe
2400	Unicorn-57300.exe
2404	Unicorn-57300.exe
2544	Unicorn-53771.exe
1556	Unicorn-24903.exe
2984	Unicorn-60398.exe
1372	Unicorn-27150.exe
1356	Unicorn-37517.exe
1932	Unicorn-4269.exe
1368	Unicorn-48193.exe
828	Unicorn-64949.exe
1708	Unicorn-35614.exe
1132	Unicorn-50113.exe
1620	Unicorn-912.exe
2244	Unicorn-30439.exe
1452	Unicorn-46776.exe
2264	Unicorn-50305.exe
432	Unicorn-46200.exe
2012	Unicorn-49921.exe
2024	Unicorn-30055.exe
2912	Unicorn-36408.exe
1740	Unicorn-15874.exe
2456	Unicorn-45401.exe
2468	Unicorn-30107.exe
2548	Unicorn-19740.exe
2784	Unicorn-22428.exe
1344	Unicorn-17938.exe
1968	Unicorn-44623.exe
2280	Unicorn-60767.exe
2120	Unicorn-27772.exe
1632	Unicorn-63398.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 612 wrote to memory of 1448	612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe	28
PID 612 wrote to memory of 1448	612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe	28
PID 612 wrote to memory of 1448	612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe	28
PID 612 wrote to memory of 1448	612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe	28
PID 1448 wrote to memory of 1068	1448	Unicorn-15737.exe	29
PID 1448 wrote to memory of 1068	1448	Unicorn-15737.exe	29
PID 1448 wrote to memory of 1068	1448	Unicorn-15737.exe	29
PID 1448 wrote to memory of 1068	1448	Unicorn-15737.exe	29
PID 612 wrote to memory of 2860	612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe	30
PID 612 wrote to memory of 2860	612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe	30
PID 612 wrote to memory of 2860	612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe	30
PID 612 wrote to memory of 2860	612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe	30
PID 612 wrote to memory of 2504	612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe	31
PID 612 wrote to memory of 2504	612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe	31
PID 612 wrote to memory of 2504	612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe	31
PID 612 wrote to memory of 2504	612	d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe	31
PID 1448 wrote to memory of 2480	1448	Unicorn-15737.exe	33
PID 1448 wrote to memory of 2480	1448	Unicorn-15737.exe	33
PID 1448 wrote to memory of 2480	1448	Unicorn-15737.exe	33
PID 1448 wrote to memory of 2480	1448	Unicorn-15737.exe	33
PID 1068 wrote to memory of 2528	1068	Unicorn-54932.exe	32
PID 1068 wrote to memory of 2528	1068	Unicorn-54932.exe	32
PID 1068 wrote to memory of 2528	1068	Unicorn-54932.exe	32
PID 1068 wrote to memory of 2528	1068	Unicorn-54932.exe	32
PID 1448 wrote to memory of 2552	1448	Unicorn-15737.exe	34
PID 1448 wrote to memory of 2552	1448	Unicorn-15737.exe	34
PID 1448 wrote to memory of 2552	1448	Unicorn-15737.exe	34
PID 1448 wrote to memory of 2552	1448	Unicorn-15737.exe	34
PID 2528 wrote to memory of 2380	2528	Unicorn-25387.exe	35
PID 2528 wrote to memory of 2380	2528	Unicorn-25387.exe	35
PID 2528 wrote to memory of 2380	2528	Unicorn-25387.exe	35
PID 2528 wrote to memory of 2380	2528	Unicorn-25387.exe	35
PID 1068 wrote to memory of 2496	1068	Unicorn-54932.exe	36
PID 1068 wrote to memory of 2496	1068	Unicorn-54932.exe	36
PID 1068 wrote to memory of 2496	1068	Unicorn-54932.exe	36
PID 1068 wrote to memory of 2496	1068	Unicorn-54932.exe	36
PID 2480 wrote to memory of 472	2480	Unicorn-41400.exe	37
PID 2480 wrote to memory of 472	2480	Unicorn-41400.exe	37
PID 2480 wrote to memory of 472	2480	Unicorn-41400.exe	37
PID 2480 wrote to memory of 472	2480	Unicorn-41400.exe	37
PID 1068 wrote to memory of 692	1068	Unicorn-54932.exe	38
PID 1068 wrote to memory of 692	1068	Unicorn-54932.exe	38
PID 1068 wrote to memory of 692	1068	Unicorn-54932.exe	38
PID 1068 wrote to memory of 692	1068	Unicorn-54932.exe	38
PID 2380 wrote to memory of 1188	2380	Unicorn-34889.exe	39
PID 2380 wrote to memory of 1188	2380	Unicorn-34889.exe	39
PID 2380 wrote to memory of 1188	2380	Unicorn-34889.exe	39
PID 2380 wrote to memory of 1188	2380	Unicorn-34889.exe	39
PID 2528 wrote to memory of 1788	2528	Unicorn-25387.exe	40
PID 2528 wrote to memory of 1788	2528	Unicorn-25387.exe	40
PID 2528 wrote to memory of 1788	2528	Unicorn-25387.exe	40
PID 2528 wrote to memory of 1788	2528	Unicorn-25387.exe	40
PID 2496 wrote to memory of 1924	2496	Unicorn-48080.exe	41
PID 2496 wrote to memory of 1924	2496	Unicorn-48080.exe	41
PID 2496 wrote to memory of 1924	2496	Unicorn-48080.exe	41
PID 2496 wrote to memory of 1924	2496	Unicorn-48080.exe	41
PID 2480 wrote to memory of 2292	2480	Unicorn-41400.exe	42
PID 2480 wrote to memory of 2292	2480	Unicorn-41400.exe	42
PID 2480 wrote to memory of 2292	2480	Unicorn-41400.exe	42
PID 2480 wrote to memory of 2292	2480	Unicorn-41400.exe	42
PID 472 wrote to memory of 1984	472	Unicorn-18169.exe	43
PID 472 wrote to memory of 1984	472	Unicorn-18169.exe	43
PID 472 wrote to memory of 1984	472	Unicorn-18169.exe	43
PID 472 wrote to memory of 1984	472	Unicorn-18169.exe	43

C:\Users\Admin\AppData\Local\Temp\d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe
"C:\Users\Admin\AppData\Local\Temp\d6e5ba232a1065dc47b9734c471fb5b044e1b31fede675e19eed7171b16fa4ae.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15737.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15737.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34889.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33042.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        10⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
        11⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        12⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
        13⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
        14⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1908.exe
        15⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        15⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        14⤵
        
        PID:6896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
        13⤵
        
        PID:6168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
        12⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
        11⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        10⤵
        Program crash
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53943.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35589.exe
        10⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53034.exe
        11⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50052.exe
        12⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27192.exe
        13⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59732.exe
        14⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
        14⤵
        
        PID:8696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 236
        13⤵
        
        PID:7864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
        12⤵
        
        PID:6380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
        11⤵
        
        PID:5040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        10⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        9⤵
        Program crash
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30055.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56967.exe
        10⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
        11⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38626.exe
        12⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        13⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        13⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
        12⤵
        
        PID:7132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
        11⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 216
        10⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        9⤵
        Program crash
        
        PID:3816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
        8⤵
        Program crash
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52471.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        10⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 220
        11⤵
        Program crash
        
        PID:3636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        10⤵
        Program crash
        
        PID:3256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
        9⤵
        Program crash
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57046.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35205.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2873.exe
        10⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64660.exe
        11⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        12⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28212.exe
        13⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
        13⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
        12⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
        11⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        10⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        9⤵
        
        PID:3600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
        8⤵
        Program crash
        
        PID:2008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 240
        7⤵
        Program crash
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60398.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19740.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
        11⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48964.exe
        12⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32220.exe
        13⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56628.exe
        14⤵
        
        PID:4144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        14⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 236
        13⤵
        
        PID:7448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
        12⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 216
        11⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        10⤵
        Program crash
        
        PID:3376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
        9⤵
        Program crash
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
        8⤵
        Executes dropped EXE
        
        PID:1948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
        8⤵
        Program crash
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49558.exe
        8⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56232.exe
        9⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30689.exe
        10⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5594.exe
        11⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
        12⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        13⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
        13⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
        12⤵
        
        PID:7968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        11⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        10⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 236
        9⤵
        
        PID:1348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 236
        8⤵
        Program crash
        
        PID:2580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
        7⤵
        Program crash
        
        PID:1156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19709.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57300.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15874.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-145.exe
        10⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36421.exe
        11⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14947.exe
        12⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14666.exe
        13⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1908.exe
        14⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
        14⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 236
        13⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 236
        12⤵
        
        PID:5592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
        11⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
        10⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
        9⤵
        Program crash
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42776.exe
        9⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63745.exe
        10⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35854.exe
        11⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
        12⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19032.exe
        13⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 236
        13⤵
        
        PID:8432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        12⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
        11⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        10⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
        9⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        8⤵
        Program crash
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44623.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe
        9⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21834.exe
        10⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47020.exe
        11⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8880.exe
        12⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
        12⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        11⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
        10⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
        9⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        8⤵
        Program crash
        
        PID:3668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
        7⤵
        Program crash
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57300.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
        9⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
        10⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22647.exe
        11⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20721.exe
        12⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10235.exe
        13⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 236
        13⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
        12⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
        11⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 216
        10⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 216
        9⤵
        Program crash
        
        PID:3952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
        8⤵
        Program crash
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        8⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7458.exe
        9⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20158.exe
        10⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24075.exe
        11⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
        12⤵
        
        PID:3760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
        12⤵
        
        PID:8220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 236
        11⤵
        
        PID:6532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 236
        10⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
        9⤵
        
        PID:4704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
        8⤵
        
        PID:4056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
        7⤵
        Program crash
        
        PID:2512
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
        6⤵
        Program crash
        
        PID:2704
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48080.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7759.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50113.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        9⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        10⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36141.exe
        11⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21714.exe
        12⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55886.exe
        13⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
        13⤵
        
        PID:8564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        12⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
        11⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 236
        10⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 236
        9⤵
        Program crash
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        8⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4626.exe
        9⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17693.exe
        10⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
        11⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40593.exe
        12⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        12⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        11⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
        10⤵
        
        PID:5892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
        9⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
        8⤵
        Program crash
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30439.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26035.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        9⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18110.exe
        10⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe
        11⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56906.exe
        12⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        13⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 236
        13⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 236
        12⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 236
        11⤵
        
        PID:6700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 216
        10⤵
        
        PID:5272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
        9⤵
        Program crash
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
        8⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        9⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63700.exe
        10⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
        11⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65347.exe
        12⤵
        
        PID:8860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57545.exe
        12⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 220
        12⤵
        
        PID:8964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
        11⤵
        
        PID:8148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
        10⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 216
        9⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        8⤵
        Program crash
        
        PID:3548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
        7⤵
        Program crash
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4422.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36408.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9091.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe
        9⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
        10⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        11⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2215.exe
        12⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8419.exe
        13⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
        13⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 236
        12⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
        11⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
        10⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23158.exe
        10⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5396.exe
        11⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
        12⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 236
        12⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
        11⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        10⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
        9⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        8⤵
        Program crash
        
        PID:3364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
        7⤵
        Program crash
        
        PID:2328
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        6⤵
        Program crash
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56083.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50305.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31385.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
        9⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe
        10⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22015.exe
        11⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44516.exe
        12⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
        12⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 236
        11⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        10⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
        9⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
        8⤵
        Program crash
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29967.exe
        7⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54578.exe
        10⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49630.exe
        11⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
        11⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        10⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
        9⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 236
        8⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
        7⤵
        Program crash
        
        PID:3776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41987.exe
        7⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51790.exe
        8⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        9⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
        10⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32527.exe
        11⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
        12⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
        12⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 236
        11⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        10⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 216
        9⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 236
        8⤵
        Program crash
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48261.exe
        7⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
        8⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52958.exe
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38038.exe
        10⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25908.exe
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
        11⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 236
        10⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        9⤵
        
        PID:6476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        8⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 240
        7⤵
        Program crash
        
        PID:3568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
        6⤵
        Program crash
        
        PID:484
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        5⤵
        Program crash
        
        PID:2284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55527.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63877.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22652.exe
        10⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe
        11⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33856.exe
        12⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33092.exe
        12⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51629.exe
        13⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6136.exe
        14⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 236
        14⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
        13⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 220
        12⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
        11⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
        10⤵
        Program crash
        
        PID:3500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 236
        9⤵
        Program crash
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27772.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12291.exe
        9⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55606.exe
        10⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17712.exe
        11⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14391.exe
        12⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        13⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
        13⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 236
        12⤵
        
        PID:2324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
        11⤵
        
        PID:5708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        10⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 216
        9⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
        8⤵
        Program crash
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15228.exe
        9⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1548.exe
        10⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        11⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
        12⤵
        
        PID:3156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
        12⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
        11⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
        10⤵
        
        PID:5884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
        9⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
        8⤵
        Program crash
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        7⤵
        Program crash
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5382.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33886.exe
        7⤵
        Executes dropped EXE
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
        9⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
        10⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54021.exe
        11⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52446.exe
        12⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
        12⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 236
        11⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        10⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        9⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        8⤵
        
        PID:3436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        7⤵
        Program crash
        
        PID:2312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
        6⤵
        Program crash
        
        PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61609.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24288.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-912.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16393.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58887.exe
        9⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
        10⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51589.exe
        11⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
        12⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
        12⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 236
        11⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
        10⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 216
        9⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 216
        8⤵
        Program crash
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        7⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
        8⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59067.exe
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        10⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41178.exe
        11⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        12⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 236
        12⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 236
        11⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        10⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 216
        9⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
        8⤵
        Program crash
        
        PID:2916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
        7⤵
        Program crash
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        8⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
        9⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        10⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35625.exe
        11⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48627.exe
        12⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 236
        12⤵
        
        PID:8572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
        11⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        10⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 236
        9⤵
        
        PID:4472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
        8⤵
        Program crash
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58190.exe
        8⤵
        
        PID:4940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        9⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23954.exe
        10⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52062.exe
        11⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
        11⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 236
        10⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
        9⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 216
        8⤵
        
        PID:5432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
        7⤵
        Program crash
        
        PID:3744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 220
        6⤵
        Program crash
        
        PID:1964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 240
        5⤵
        Program crash
        
        PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31589.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48193.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65318.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        9⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8906.exe
        10⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46539.exe
        11⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-539.exe
        12⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 240
        13⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        12⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
        11⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 216
        10⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
        9⤵
        
        PID:4084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 236
        8⤵
        Program crash
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
        7⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40664.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        9⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6393.exe
        10⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63279.exe
        11⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
        12⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 236
        12⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 236
        11⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        10⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
        9⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 236
        8⤵
        
        PID:4052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        7⤵
        Program crash
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64949.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
        7⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38867.exe
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
        10⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49324.exe
        11⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36755.exe
        12⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 236
        12⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
        11⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 236
        10⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
        9⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
        8⤵
        Program crash
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51551.exe
        7⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25946.exe
        8⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16804.exe
        9⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18905.exe
        10⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59623.exe
        11⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 236
        11⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
        10⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
        9⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 216
        8⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
        7⤵
        Program crash
        
        PID:3928
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
        6⤵
        Program crash
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36601.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35614.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48873.exe
        7⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45368.exe
        9⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
        10⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5170.exe
        11⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 236
        11⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
        10⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
        9⤵
        
        PID:2068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 216
        8⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
        7⤵
        Program crash
        
        PID:3904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54519.exe
        6⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31617.exe
        7⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-743.exe
        9⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32827.exe
        10⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 240
        11⤵
        
        PID:4200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
        10⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 236
        9⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
        8⤵
        
        PID:5768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        7⤵
        
        PID:4896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 240
        6⤵
        Program crash
        
        PID:3996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
        5⤵
        Program crash
        
        PID:2020
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 240
  2⤵
  - Program crash
  PID:2504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe

Filesize
184KB

MD5
d1b5975048bb4a544f75604b07aee305

SHA1
1f1c397488c5615ebea4be1921cc59d3acabb2a9

SHA256
f77393f8a383cd23a1a56bbef895b036fcb934697e16bd9856d2c970eb2508e9

SHA512
f48b6f4e712b198536ae9370b19c0cc1254c095722a6339c9ca292ab05ee5fd0a875d10a11391b8f079840e2ae24d25bc5b1ef6a2549dabce7d6deb30784e2ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35205.exe

Filesize
184KB

MD5
ef54f86599a4e64ef77b7f4590f868fc

SHA1
ffda82b9c0ca53cf022aea34f8baad371325ecf5

SHA256
4317e71140c7feaf59161dcd7527e96d166b1af044801b51bd01252e24791382

SHA512
32593b1d390899510a30e7b3168ef1f88836901915032739be95e49ba1e3455555cf74981c45bea5ed41b0827a0cb79ceb212565be5f42d80cc68ae19c5327b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe

Filesize
184KB

MD5
c855944321f4ffa616ca142d131d4de8

SHA1
91188eeef0b5f504a78fd52d78ba747ae4555176

SHA256
7ccdf070440efac518a629d7b4bfd39a4bb79632f6818b59ed62c6b2f7864b5b

SHA512
ad86f40a6978206efc809383644a06323b764790bfd4121ee822eda34d4cdc455e2d7d890d8869f5cb1439d03b0f407ce858b50350837b22d9b9df36c2155a90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe

Filesize
184KB

MD5
0671a0de439c8e5363cb2f1aa09c79cf

SHA1
96a9aef788d871100cca3c726ea64da4350d7117

SHA256
46664c66469592de9271464a9f1a6f7a4bb311cb7e47ac4e98114b00a5a0fa00

SHA512
4894fb34c985c2b605bf354694894c6e2ad6a19f13c9263d980e0ad0a2707dcaf7654ba6258ef279da15bea28d6626c54a03f848ed98b5782c8c4e3d42e32924

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38867.exe

Filesize
184KB

MD5
be7f815bd259430a046998689e02cb01

SHA1
108b32d13c14c9f92871455f9a303cc4c35a34a6

SHA256
675b1b8b3953f8d3403ba72efc789c856a81206ed8c2f9baef8c99a75a05d805

SHA512
ae03d7676c7125eeac3bba88161e4e2833547cded08a6020a10b656a11fe624c4b2e7ae723d2ebc24054cf7b7ede7d10320917e64db6b0972dfc0d3140bcf946

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe

Filesize
184KB

MD5
4b31cb24c2da5de302b8b0aa4f449f93

SHA1
14daa622c8afc5ae93086a34c90f4c0ecc7ea842

SHA256
c07d4bee91d33e1bf7bc0e82ca97855d9e9c87a4ca207d34a778f1de6b19f364

SHA512
fb7bcec7b8eca86f4a5ed441faa73dd49ef57804cd2e0c9b8db790e65ed1201c3f8dc3dcbad3aa664ef7a58577f6b142009571376a8c9c0ef4a5b79d1e2b19ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe

Filesize
184KB

MD5
f2b8ecfa3d6e91a7a966dc0f1ad6829b

SHA1
496926d5edd397891bb0d41ad833ffe029103ea8

SHA256
7623c7ccd2f56d6f65ab24dc22f78f0bd524bbda60fd97529a9bf6de98e9601c

SHA512
e84986bc812dbdc7cadb793a8f6af349edc6cd84c557e85fefa38e82f4149538e5c9ba3d9e12729539f38c239d40bc3377ff9c4e4cfd76887842575c2f98804b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15737.exe

Filesize
184KB

MD5
0990338a81218d07bd2b99a507ffa3cc

SHA1
c7d94f32f86158d32592bba99728c03abe9ce939

SHA256
e4a7b6693e6a8f8db066f3dc974bd11642a8f4ec27abf27eaf676413eefd7091

SHA512
7e58fafc5a62bbe980a4dda9cf4d7b02e0eceec5fcac6cebce17f24e84b3928a48c7bd14d2b04d256cb405f3d0274dcac839c6d19817a8e77397bb57a0cd9089

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe

Filesize
184KB

MD5
2bf739dd1f08a85ca7b95cfe7433c65a

SHA1
2046461e2804fb331fa10b0dcbfb4c0bbbb9dea1

SHA256
e8902b2618179baf2c8accba41a34c3ef4aaa87480dede5642583e3ea7e6798e

SHA512
c863a54cc993e12ed25ba331bbc3a97e348a641fdd8aae65f08ee4857e8c4db00feeb7dc5d702ef87c29eb17729e5ce1ff7e9d4d86a021ecd48eb8943b9e6871

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19709.exe

Filesize
184KB

MD5
8503464aacfb9262577a9e93f6888c50

SHA1
3ab979e2b0d9ba67133b61b9ce8f9b25346ec5fd

SHA256
15f89d20a08dba4836ccc4f0a638e42799bc23d8ca4b614572817c3b54489c17

SHA512
66c8ea06587a00efbf076ea443a4112982eb7e334805a8550da0a2c2c00785b686f71cb1fe36089466ec0dadb7dbf9010d5e057b9610365e5932705be0aca8fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25387.exe

Filesize
184KB

MD5
4eea6548c4c931f2d1cda9f2ef4dbe8d

SHA1
e20e308566e14d5c8d76ff7a1d33b094d17f1192

SHA256
ce654bd11f78b09303cde87f7fdd77180bcbcab5483737d926120869c537ec79

SHA512
7318b6b7972ec8a62b763c909d21c3ce8c46ff1e401e61196a476355e1651ad2edbf55565875ba15637aaf5c94ff35d56f8a9cfc5ecfe1d35447b222ad338303

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34889.exe

Filesize
184KB

MD5
01bd9b8a7d2465037e57f073ef56f39e

SHA1
366ef8815d6fa86c3ef130389f46f6489586bf79

SHA256
f4950239a63782ce243780e882863777cfcfdb11890bd28c73f93d84516c1952

SHA512
14553fd8e21fda69d76ffe382d82ae6c5bbc859a7733a8bfcf38cadf8b76d993d0f5ac9c542a06689d5e7efbf6ea1a74e51de28c72d7fdb19af1f85156b0723c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35258.exe

Filesize
184KB

MD5
3c812b8d53970f6fc39e15634ceec048

SHA1
be0c71cc4a74f0b43236a6bb616a9df998ffabe9

SHA256
726dc99d33a2534ea04379ccef8595954e031570301005eb5f9d32d1c85aad94

SHA512
34e2e3ede4a1a22e33fa23786930e8a9037276ce23a21f989e1f4749632e84bc7b7043ac4defd0c43d05b80a9efd486e218bf86c1c6218b5e50a463ddd2d697f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35661.exe

Filesize
184KB

MD5
3940c04ba4846bf0ef63474296b47444

SHA1
715cfbc6389d090f674152956a2a7205942c472b

SHA256
d8b5fab044bb388802935078dab6c729390c4a9af1083f05ff7f2cc1a1e593b4

SHA512
e5bd446b3a7c014f05342d362fab5f2b08ae0d36dcbe3e5c6e4a557514e3db773ec9b3bfd1cd3cfe6704b9b086e9eea8177d65f29eab2518c844ea2736918d72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37956.exe

Filesize
184KB

MD5
bb4389e0e166a218007f0c4718bf3cf5

SHA1
ab8ccb33e8c95c7b1b4a007beba61d688444e84e

SHA256
173be426562817681c389cd603d221666132da1a68589bb6afedc4e69cc48383

SHA512
33d841755959cd3c250b0080abd4baf6d05295130258b39a5bdb1bce317dcf8818db6483fb707ad2f68c6f613341157c4c5d109cfca16ab7e90ca3a7b6b11a6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe

Filesize
184KB

MD5
2cd24e85f2b7aaadb11f3f966b4dc9c5

SHA1
0ebc884da2a423b933cfd45b2332fd885ea89170

SHA256
c6875ec744e07f8cb735b3f000806ca9007c0d8bb830ce6ec3c36c44fcd03abc

SHA512
f99b9be2dc09560fb19bf4a95d34980c475f351088c1d825734cdf375ceca65e891bebb391a066aff3140f2dab373e26b97f3f294859117ef81eaa9ab25c61c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41400.exe

Filesize
184KB

MD5
73116263949b4de235e6cd7ececd61f7

SHA1
8947993b3ce175ab29fa08016d8af63f3bae6241

SHA256
3f08c07dff41b0e2737405e29c22541811f636fdf9039f0eb65aea202e691c05

SHA512
80b9f54c46e2fdd8b48e478b27a91500c833cbf5f6caf0e4403be08a6d37584e002e11147f389c850404fb80408a09be31a1b60808150a0cc58718f78e9ffed1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48080.exe

Filesize
184KB

MD5
eb3c6ea1d7a9e304e4a8818f094f889b

SHA1
a5242c650a97e7c368c75c5abb5a59dbdf88737d

SHA256
e7920d800bf575ff4a751f9d5a47a14fd1f0605c30dcdf30f00d5c7ae30c33b0

SHA512
f359c011ba2a69cfa464a4654b217eeef06b10e944f8cdc4e611939775d1e8987c1e4b1d7cdaf542bf9e14519c47a23537c19e32ed1cb42050a5c9373848092c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54932.exe

Filesize
184KB

MD5
4eebe91cb8ea6d0aa4738b86d7ebd13c

SHA1
6fddec2baba2f0cb007df0f318ea32d8be49f2d5

SHA256
d5abdd7daeb823432ffddaf56b85397b6fa27f4c70a14ebe6db7915dde9e82dc

SHA512
238595f3ac5c5ec16230ab341d687af9f0f66397971e9023a55b078f260cfc5edc3cd527d1ea175085ec5579c760c3472063b6d89e2fb537871190b7b6317003

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55527.exe

Filesize
184KB

MD5
b3611a98e4e0fc2ad0beaa653d02b0c3

SHA1
031af4c8abcbbcf84806420f2a2439742a7db3a5

SHA256
74f2814d013088ba06d53c7d9a12ab9773c3b047770afe1d9852f17a1caf7ba5

SHA512
5bda34b1389dc65d4c7ae6851f784d9320e0c9a276d3a4923140ae5cd8291ca63b915910b9253d038563a436cd91a25cee6309d9e616d1de49f0b5547b9ff180

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads