791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe
Size

184KB
MD5

2d79affb2ed74bac511ed528db30ac98
SHA1

58f47fbd8f2422428903a4359dafd6350c086c9b
SHA256

791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0
SHA512

65bb7cd7d8caae4101f0cd0418f6cce1a95f6be62c2b903e1b557fd545c23a7feb4d96e555396d32c5c35035e6b20119d36f27869592cd2de53370a277095f93
SSDEEP

3072:GF64hxou7QPBd7Eden0Lbwq/ElowiFHnA:GFJoTP7EPLMq/ElowiFH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2888	Unicorn-62711.exe
2588	Unicorn-37967.exe
2584	Unicorn-61917.exe
2400	Unicorn-47478.exe
2488	Unicorn-5054.exe
2496	Unicorn-6445.exe
2356	Unicorn-23057.exe
828	Unicorn-54914.exe
1472	Unicorn-31801.exe
2656	Unicorn-5158.exe
1648	Unicorn-20103.exe
2164	Unicorn-62418.exe
1180	Unicorn-49097.exe
1236	Unicorn-49097.exe
2704	Unicorn-56388.exe
2716	Unicorn-36522.exe
324	Unicorn-37914.exe
1932	Unicorn-31369.exe
2000	Unicorn-44691.exe
1780	Unicorn-53456.exe
1536	Unicorn-19200.exe
1144	Unicorn-8915.exe
1248	Unicorn-62563.exe
3060	Unicorn-29144.exe
2964	Unicorn-51702.exe
2072	Unicorn-52257.exe
1632	Unicorn-14753.exe
2040	Unicorn-52257.exe
540	Unicorn-33228.exe
884	Unicorn-41396.exe
2536	Unicorn-49455.exe
2684	Unicorn-64400.exe
2860	Unicorn-39725.exe
2436	Unicorn-1193.exe
3008	Unicorn-21805.exe
2088	Unicorn-15028.exe
764	Unicorn-5262.exe
1436	Unicorn-48241.exe
1620	Unicorn-14177.exe
2196	Unicorn-34043.exe
856	Unicorn-10093.exe
1428	Unicorn-42211.exe
1800	Unicorn-38127.exe
1612	Unicorn-18261.exe
1752	Unicorn-7400.exe
1300	Unicorn-46295.exe
2644	Unicorn-61240.exe
636	Unicorn-61240.exe
2772	Unicorn-57369.exe
2780	Unicorn-57369.exe
3004	Unicorn-14945.exe
1788	Unicorn-56300.exe
1140	Unicorn-48687.exe
1708	Unicorn-13129.exe
1864	Unicorn-28074.exe
1196	Unicorn-54546.exe
2292	Unicorn-54546.exe
2688	Unicorn-3954.exe
2392	Unicorn-3399.exe
2416	Unicorn-19544.exe
1672	Unicorn-53539.exe
2320	Unicorn-43232.exe
948	Unicorn-44816.exe
852	Unicorn-30426.exe

Loads dropped DLL 64 IoCs

pid	Process
2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe
2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe
2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe
2888	Unicorn-62711.exe
2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe
2888	Unicorn-62711.exe
2584	Unicorn-61917.exe
2584	Unicorn-61917.exe
2888	Unicorn-62711.exe
2888	Unicorn-62711.exe
2588	Unicorn-37967.exe
2588	Unicorn-37967.exe
1164	WerFault.exe
1164	WerFault.exe
1164	WerFault.exe
1164	WerFault.exe
1164	WerFault.exe
2488	Unicorn-5054.exe
2488	Unicorn-5054.exe
2584	Unicorn-61917.exe
2400	Unicorn-47478.exe
2584	Unicorn-61917.exe
2400	Unicorn-47478.exe
2496	Unicorn-6445.exe
2496	Unicorn-6445.exe
2588	Unicorn-37967.exe
2588	Unicorn-37967.exe
1824	WerFault.exe
1824	WerFault.exe
1824	WerFault.exe
1824	WerFault.exe
1824	WerFault.exe
1592	WerFault.exe
1592	WerFault.exe
1592	WerFault.exe
1592	WerFault.exe
1592	WerFault.exe
1648	Unicorn-20103.exe
1648	Unicorn-20103.exe
828	Unicorn-54914.exe
1472	Unicorn-31801.exe
1472	Unicorn-31801.exe
828	Unicorn-54914.exe
2400	Unicorn-47478.exe
2656	Unicorn-5158.exe
2656	Unicorn-5158.exe
2400	Unicorn-47478.exe
2496	Unicorn-6445.exe
2496	Unicorn-6445.exe
2356	Unicorn-23057.exe
2356	Unicorn-23057.exe
2488	Unicorn-5054.exe
2488	Unicorn-5054.exe
2192	WerFault.exe
2192	WerFault.exe
2192	WerFault.exe
2192	WerFault.exe
2192	WerFault.exe
2028	WerFault.exe
2028	WerFault.exe
2028	WerFault.exe
2028	WerFault.exe
2028	WerFault.exe
2760	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2408	2612	WerFault.exe	27
1164	2888	WerFault.exe	28
1824	2584	WerFault.exe	29
1592	2588	WerFault.exe	30
2192	2488	WerFault.exe	33
2028	2400	WerFault.exe	32
2760	2496	WerFault.exe	34
2468	1648	WerFault.exe	40
2312	1472	WerFault.exe	38
2148	828	WerFault.exe	37
2528	2656	WerFault.exe	39
2380	2356	WerFault.exe	36
680	2164	WerFault.exe	43
1312	1180	WerFault.exe	45
528	2704	WerFault.exe	47
2044	1236	WerFault.exe	44
2948	324	WerFault.exe	49
1464	2000	WerFault.exe	50
3000	1932	WerFault.exe	48
2224	2716	WerFault.exe	46
1560	1780	WerFault.exe	54
2956	1536	WerFault.exe	55
268	2964	WerFault.exe	58
1896	2040	WerFault.exe	62
1584	1248	WerFault.exe	57
816	2072	WerFault.exe	61
1992	2536	WerFault.exe	72
2628	2684	WerFault.exe	73
2504	1632	WerFault.exe	63
2372	2088	WerFault.exe	77
2740	1436	WerFault.exe	79
1496	764	WerFault.exe	78
1280	3060	WerFault.exe	59
924	856	WerFault.exe	82
944	1300	WerFault.exe	87
2896	2644	WerFault.exe	88
1740	1620	WerFault.exe	80
3096	2436	WerFault.exe	75
3124	1144	WerFault.exe	56
3308	1800	WerFault.exe	85
3628	1428	WerFault.exe	83
3660	2196	WerFault.exe	81
3680	1752	WerFault.exe	86
3728	3008	WerFault.exe	76
3764	2772	WerFault.exe	91
3780	884	WerFault.exe	64
3788	1140	WerFault.exe	96
3836	540	WerFault.exe	60
3852	2860	WerFault.exe	74
4072	2416	WerFault.exe	109
3332	636	WerFault.exe	89
3356	2652	WerFault.exe	118
3448	2180	WerFault.exe	133
3516	2320	WerFault.exe	111
3528	2272	WerFault.exe	116
3796	3004	WerFault.exe	93
3916	112	WerFault.exe	131
3940	1724	WerFault.exe	123
3968	2664	WerFault.exe	132
3980	1788	WerFault.exe	94
4028	2688	WerFault.exe	107
4040	2780	WerFault.exe	92
4056	704	WerFault.exe	124
4092	1920	WerFault.exe	127

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe
2888	Unicorn-62711.exe
2584	Unicorn-61917.exe
2588	Unicorn-37967.exe
2400	Unicorn-47478.exe
2488	Unicorn-5054.exe
2496	Unicorn-6445.exe
2356	Unicorn-23057.exe
2656	Unicorn-5158.exe
1472	Unicorn-31801.exe
1648	Unicorn-20103.exe
828	Unicorn-54914.exe
2164	Unicorn-62418.exe
1180	Unicorn-49097.exe
1236	Unicorn-49097.exe
2704	Unicorn-56388.exe
324	Unicorn-37914.exe
2716	Unicorn-36522.exe
1932	Unicorn-31369.exe
2000	Unicorn-44691.exe
1780	Unicorn-53456.exe
1536	Unicorn-19200.exe
1144	Unicorn-8915.exe
1248	Unicorn-62563.exe
2964	Unicorn-51702.exe
2072	Unicorn-52257.exe
3060	Unicorn-29144.exe
2040	Unicorn-52257.exe
1632	Unicorn-14753.exe
540	Unicorn-33228.exe
884	Unicorn-41396.exe
2536	Unicorn-49455.exe
2684	Unicorn-64400.exe
2860	Unicorn-39725.exe
2436	Unicorn-1193.exe
2088	Unicorn-15028.exe
3008	Unicorn-21805.exe
764	Unicorn-5262.exe
1436	Unicorn-48241.exe
1620	Unicorn-14177.exe
2196	Unicorn-34043.exe
1428	Unicorn-42211.exe
856	Unicorn-10093.exe
1612	Unicorn-18261.exe
1800	Unicorn-38127.exe
1752	Unicorn-7400.exe
1300	Unicorn-46295.exe
2644	Unicorn-61240.exe
636	Unicorn-61240.exe
2772	Unicorn-57369.exe
2780	Unicorn-57369.exe
3004	Unicorn-14945.exe
1788	Unicorn-56300.exe
1140	Unicorn-48687.exe
1708	Unicorn-13129.exe
1196	Unicorn-54546.exe
1864	Unicorn-28074.exe
2688	Unicorn-3954.exe
2292	Unicorn-54546.exe
2392	Unicorn-3399.exe
2416	Unicorn-19544.exe
1672	Unicorn-53539.exe
2320	Unicorn-43232.exe
948	Unicorn-44816.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2888	2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe	28
PID 2612 wrote to memory of 2888	2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe	28
PID 2612 wrote to memory of 2888	2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe	28
PID 2612 wrote to memory of 2888	2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe	28
PID 2612 wrote to memory of 2588	2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe	30
PID 2612 wrote to memory of 2588	2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe	30
PID 2612 wrote to memory of 2588	2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe	30
PID 2612 wrote to memory of 2588	2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe	30
PID 2888 wrote to memory of 2584	2888	Unicorn-62711.exe	29
PID 2888 wrote to memory of 2584	2888	Unicorn-62711.exe	29
PID 2888 wrote to memory of 2584	2888	Unicorn-62711.exe	29
PID 2888 wrote to memory of 2584	2888	Unicorn-62711.exe	29
PID 2612 wrote to memory of 2408	2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe	31
PID 2612 wrote to memory of 2408	2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe	31
PID 2612 wrote to memory of 2408	2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe	31
PID 2612 wrote to memory of 2408	2612	791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe	31
PID 2584 wrote to memory of 2400	2584	Unicorn-61917.exe	32
PID 2584 wrote to memory of 2400	2584	Unicorn-61917.exe	32
PID 2584 wrote to memory of 2400	2584	Unicorn-61917.exe	32
PID 2584 wrote to memory of 2400	2584	Unicorn-61917.exe	32
PID 2888 wrote to memory of 2488	2888	Unicorn-62711.exe	33
PID 2888 wrote to memory of 2488	2888	Unicorn-62711.exe	33
PID 2888 wrote to memory of 2488	2888	Unicorn-62711.exe	33
PID 2888 wrote to memory of 2488	2888	Unicorn-62711.exe	33
PID 2588 wrote to memory of 2496	2588	Unicorn-37967.exe	34
PID 2588 wrote to memory of 2496	2588	Unicorn-37967.exe	34
PID 2588 wrote to memory of 2496	2588	Unicorn-37967.exe	34
PID 2588 wrote to memory of 2496	2588	Unicorn-37967.exe	34
PID 2888 wrote to memory of 1164	2888	Unicorn-62711.exe	35
PID 2888 wrote to memory of 1164	2888	Unicorn-62711.exe	35
PID 2888 wrote to memory of 1164	2888	Unicorn-62711.exe	35
PID 2888 wrote to memory of 1164	2888	Unicorn-62711.exe	35
PID 2488 wrote to memory of 2356	2488	Unicorn-5054.exe	36
PID 2488 wrote to memory of 2356	2488	Unicorn-5054.exe	36
PID 2488 wrote to memory of 2356	2488	Unicorn-5054.exe	36
PID 2488 wrote to memory of 2356	2488	Unicorn-5054.exe	36
PID 2584 wrote to memory of 828	2584	Unicorn-61917.exe	37
PID 2584 wrote to memory of 828	2584	Unicorn-61917.exe	37
PID 2584 wrote to memory of 828	2584	Unicorn-61917.exe	37
PID 2584 wrote to memory of 828	2584	Unicorn-61917.exe	37
PID 2400 wrote to memory of 1472	2400	Unicorn-47478.exe	38
PID 2400 wrote to memory of 1472	2400	Unicorn-47478.exe	38
PID 2400 wrote to memory of 1472	2400	Unicorn-47478.exe	38
PID 2400 wrote to memory of 1472	2400	Unicorn-47478.exe	38
PID 2496 wrote to memory of 2656	2496	Unicorn-6445.exe	39
PID 2496 wrote to memory of 2656	2496	Unicorn-6445.exe	39
PID 2496 wrote to memory of 2656	2496	Unicorn-6445.exe	39
PID 2496 wrote to memory of 2656	2496	Unicorn-6445.exe	39
PID 2588 wrote to memory of 1648	2588	Unicorn-37967.exe	40
PID 2588 wrote to memory of 1648	2588	Unicorn-37967.exe	40
PID 2588 wrote to memory of 1648	2588	Unicorn-37967.exe	40
PID 2588 wrote to memory of 1648	2588	Unicorn-37967.exe	40
PID 2584 wrote to memory of 1824	2584	Unicorn-61917.exe	41
PID 2584 wrote to memory of 1824	2584	Unicorn-61917.exe	41
PID 2584 wrote to memory of 1824	2584	Unicorn-61917.exe	41
PID 2584 wrote to memory of 1824	2584	Unicorn-61917.exe	41
PID 2588 wrote to memory of 1592	2588	Unicorn-37967.exe	42
PID 2588 wrote to memory of 1592	2588	Unicorn-37967.exe	42
PID 2588 wrote to memory of 1592	2588	Unicorn-37967.exe	42
PID 2588 wrote to memory of 1592	2588	Unicorn-37967.exe	42
PID 1648 wrote to memory of 2164	1648	Unicorn-20103.exe	43
PID 1648 wrote to memory of 2164	1648	Unicorn-20103.exe	43
PID 1648 wrote to memory of 2164	1648	Unicorn-20103.exe	43
PID 1648 wrote to memory of 2164	1648	Unicorn-20103.exe	43

C:\Users\Admin\AppData\Local\Temp\791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe
"C:\Users\Admin\AppData\Local\Temp\791706ba8bcfd83fe40f62e9959478760dac51ad4eb71449b5dd8ab4876583c0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62711.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62711.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31801.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8915.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46295.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19928.exe
        9⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1126.exe
        10⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64987.exe
        11⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61578.exe
        12⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28673.exe
        13⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
        13⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
        12⤵
        
        PID:6908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        11⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        10⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
        9⤵
        Program crash
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8230.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-846.exe
        10⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2735.exe
        11⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4863.exe
        12⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49267.exe
        13⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
        12⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        11⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
        10⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
        9⤵
        Program crash
        
        PID:3356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
        8⤵
        Program crash
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51972.exe
        9⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13648.exe
        10⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36306.exe
        11⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11184.exe
        12⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        12⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
        11⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
        10⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        9⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        8⤵
        Program crash
        
        PID:2896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 240
        7⤵
        Program crash
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62563.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28074.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        9⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28631.exe
        10⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        11⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 236
        11⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        10⤵
        
        PID:6940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
        9⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
        8⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 216
        7⤵
        Program crash
        
        PID:1584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 240
        6⤵
        Program crash
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9813.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38542.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58023.exe
        10⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34640.exe
        11⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
        12⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2689.exe
        13⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 236
        13⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
        12⤵
        
        PID:8184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
        11⤵
        
        PID:6588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
        10⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        9⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
        10⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-587.exe
        11⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34083.exe
        12⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
        11⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
        10⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 220
        9⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
        8⤵
        Program crash
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
        7⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
        8⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe
        9⤵
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
        10⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 224
        11⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 236
        10⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
        9⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 216
        8⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 220
        7⤵
        Program crash
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50654.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47421.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29134.exe
        9⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7587.exe
        10⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
        11⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10940.exe
        12⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
        12⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        11⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        10⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 216
        9⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
        8⤵
        Program crash
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9273.exe
        7⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
        8⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
        9⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24490.exe
        10⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
        11⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
        10⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        9⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 236
        8⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 240
        7⤵
        Program crash
        
        PID:3332
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        6⤵
        Program crash
        
        PID:2224
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19544.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41775.exe
        9⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58023.exe
        10⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51168.exe
        11⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33452.exe
        12⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36221.exe
        13⤵
        
        PID:552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
        12⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
        11⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        10⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 216
        9⤵
        Program crash
        
        PID:4072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 236
        8⤵
        Program crash
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33498.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14551.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7203.exe
        10⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
        11⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
        12⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
        11⤵
        
        PID:7324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        10⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        9⤵
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
        8⤵
        Program crash
        
        PID:3516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 220
        7⤵
        Program crash
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14177.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
        8⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        9⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31096.exe
        11⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55071.exe
        12⤵
        
        PID:280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
        12⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 236
        11⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 220
        10⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
        9⤵
        
        PID:4692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        8⤵
        Program crash
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
        7⤵
        Program crash
        
        PID:1740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
        6⤵
        Program crash
        
        PID:2044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 216
        5⤵
        Program crash
        
        PID:2148
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37914.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31168.exe
        8⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52818.exe
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
        10⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        11⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
        11⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        10⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
        9⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
        8⤵
        
        PID:4336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
        7⤵
        Program crash
        
        PID:3096
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 216
        6⤵
        Program crash
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38127.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40540.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        8⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46897.exe
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
        10⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10561.exe
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        11⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
        10⤵
        
        PID:6844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
        9⤵
        
        PID:5676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
        8⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
        7⤵
        Program crash
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
        6⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17271.exe
        7⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47089.exe
        8⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59824.exe
        9⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
        10⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 216
        10⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
        9⤵
        
        PID:7316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 216
        8⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 236
        7⤵
        Program crash
        
        PID:4056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        6⤵
        Program crash
        
        PID:1896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
        5⤵
        Program crash
        
        PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44691.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30426.exe
        7⤵
        Executes dropped EXE
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22206.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45195.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17043.exe
        10⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
        11⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        12⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
        11⤵
        
        PID:8160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
        10⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
        9⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21.exe
        9⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42201.exe
        10⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
        11⤵
        
        PID:8352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
        11⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 236
        10⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        9⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 220
        8⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 236
        7⤵
        Program crash
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37202.exe
        6⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        7⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22720.exe
        8⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55828.exe
        9⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 188
        10⤵
        
        PID:5744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
        9⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25988.exe
        7⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55527.exe
        8⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14842.exe
        9⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43011.exe
        10⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 236
        10⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
        9⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        8⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        7⤵
        
        PID:4468
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
        6⤵
        Program crash
        
        PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18261.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65044.exe
        6⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52081.exe
        7⤵
        
        PID:488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 220
        8⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        7⤵
        Program crash
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        6⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
        7⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
        8⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        9⤵
        
        PID:7884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        9⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
        8⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 216
        7⤵
        
        PID:5260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        6⤵
        
        PID:3092
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
        5⤵
        Program crash
        
        PID:1464
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2192
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5158.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15028.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
        10⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10410.exe
        11⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61246.exe
        12⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36880.exe
        13⤵
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
        12⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        11⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
        10⤵
        
        PID:5024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 236
        9⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
        8⤵
        Program crash
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3954.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10664.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32315.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14977.exe
        11⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        12⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
        11⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
        10⤵
        
        PID:6364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 216
        9⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
        8⤵
        Program crash
        
        PID:4028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        7⤵
        Program crash
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21805.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19897.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5065.exe
        10⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5439.exe
        11⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40663.exe
        12⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
        11⤵
        
        PID:7712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 220
        10⤵
        
        PID:7088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
        9⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58469.exe
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35024.exe
        9⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
        10⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43037.exe
        11⤵
        
        PID:3456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 236
        11⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
        10⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
        9⤵
        
        PID:6776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 220
        8⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
        7⤵
        Program crash
        
        PID:3728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 220
        6⤵
        Program crash
        
        PID:528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24012.exe
        7⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        8⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34889.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        10⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65055.exe
        11⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55071.exe
        12⤵
        
        PID:2396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 236
        12⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
        11⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        10⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
        9⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        8⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        9⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
        10⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
        11⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
        11⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
        10⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        9⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 220
        8⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
        7⤵
        Program crash
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12314.exe
        6⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-742.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        8⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        9⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        10⤵
        
        PID:7896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
        10⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 220
        9⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
        8⤵
        
        PID:4288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
        7⤵
        
        PID:3256
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        6⤵
        Program crash
        
        PID:816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
        5⤵
        Program crash
        
        PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31369.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14753.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18309.exe
        9⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        10⤵
        
        PID:6556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54007.exe
        11⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
        11⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        10⤵
        
        PID:7188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
        9⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 216
        8⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 236
        7⤵
        Program crash
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53539.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41090.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
        8⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe
        9⤵
        
        PID:6852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 220
        10⤵
        
        PID:8924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 236
        9⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        8⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
        7⤵
        
        PID:4152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
        6⤵
        Program crash
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44816.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53918.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-737.exe
        8⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45221.exe
        9⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        10⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 236
        10⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        9⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        8⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 236
        7⤵
        
        PID:3688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 236
        6⤵
        Program crash
        
        PID:924
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        5⤵
        Program crash
        
        PID:3000
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62418.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53456.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36648.exe
        8⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55589.exe
        9⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1588.exe
        10⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe
        11⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24397.exe
        12⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        12⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
        11⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 216
        10⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 236
        9⤵
        Program crash
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21525.exe
        8⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58490.exe
        9⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        10⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44049.exe
        11⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
        11⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        10⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
        9⤵
        
        PID:5376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        8⤵
        Program crash
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12698.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63949.exe
        8⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
        9⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57110.exe
        10⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52061.exe
        11⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        11⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
        10⤵
        
        PID:6716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 216
        9⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        8⤵
        Program crash
        
        PID:3968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        7⤵
        Program crash
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14945.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32564.exe
        7⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18833.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        9⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64956.exe
        10⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52393.exe
        11⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
        12⤵
        
        PID:4872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 236
        12⤵
        
        PID:4852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        11⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
        10⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        9⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
        8⤵
        Program crash
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7711.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22720.exe
        8⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62844.exe
        9⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37728.exe
        10⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
        11⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
        10⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        9⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 216
        8⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
        7⤵
        Program crash
        
        PID:3796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
        6⤵
        Program crash
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64400.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31708.exe
        10⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48034.exe
        11⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28219.exe
        12⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        11⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 220
        10⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        9⤵
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        8⤵
        
        PID:4124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        7⤵
        Program crash
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33991.exe
        7⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        8⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43109.exe
        9⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17116.exe
        10⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4835.exe
        11⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 236
        11⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
        10⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 236
        9⤵
        
        PID:5684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
        8⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        7⤵
        
        PID:4356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        6⤵
        Program crash
        
        PID:2628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
        5⤵
        Program crash
        
        PID:680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19200.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39725.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56300.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        7⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32891.exe
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4017.exe
        9⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22835.exe
        10⤵
        
        PID:8996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
        10⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
        9⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 216
        8⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 216
        7⤵
        Program crash
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5490.exe
        6⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11562.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5506.exe
        8⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        9⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52694.exe
        10⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29231.exe
        11⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        10⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        9⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
        8⤵
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23658.exe
        7⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46482.exe
        8⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18268.exe
        9⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22298.exe
        10⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        9⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        8⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 220
        7⤵
        
        PID:4348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        6⤵
        Program crash
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48687.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39170.exe
        6⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        7⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        8⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54266.exe
        9⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        10⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15224.exe
        11⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        10⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
        9⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
        8⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28273.exe
        9⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
        9⤵
        
        PID:8316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 220
        8⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        7⤵
        
        PID:4792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
        6⤵
        Program crash
        
        PID:3788
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
        5⤵
        Program crash
        
        PID:2956
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
      4⤵
      Program crash
      PID:2468
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1592
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
  2⤵
  - Program crash
  PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10047.exe

Filesize
184KB

MD5
df70f95523b7dbc48c5f70b8420bcf70

SHA1
3686680b2cf0aedbbd47ef0fd9e514956c138ebe

SHA256
23ffcf8a2c924c882156a44c340a4b7ab19ec6366d7dbe984d1cfa6659134120

SHA512
e47f5bcc01f6b75c9c5568bef62ec2fc7dad412b75cf50a331beac7935b874432613e4fd05ff815b06bee4ae9fb746ccf4082928002c29a2adaae5e09dc55b02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe

Filesize
184KB

MD5
599787424ffc0547892f8be52d803152

SHA1
3396facc5b3114ce6dd95d5cfa0766994ba5eb62

SHA256
10b4fb2bcf9302115b58f6dcc1b680f122d4675dfb400403661f1b4c38e0a09a

SHA512
d5e79f3a92ca775c2b74929010003d29b1be3e93e6689a635c39dc7972ed4809d3d8d99e58a6524e72be0f7d68d7e753d7bbae718243c19d11ca795a1ca39831

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28673.exe

Filesize
184KB

MD5
e885a16d7a5f646d6f3e48a93be8ed1f

SHA1
a1c82c88189bba04bb4f6a893dc506ef4c6840ac

SHA256
7b31eb170342517470ca07a3153c90973e0ac8b74cf9fadcd0f261b0484cb508

SHA512
a3f8dbb7b1925aa02d34c5dd8f0db5e92103533c8a793c83731f49edda93aef0f39da40b8f30d895cf8770429084fe9164b80870e30df93a665e41a4717a7fa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31801.exe

Filesize
184KB

MD5
591a4735ed53b725cdd5b400238f3fa0

SHA1
14b985bbc6d5dd7a106b4cfb6dfe6a98741770e6

SHA256
2955ceb052a001cbc1f88c8590324cb80dae2922f06c0c54c8567361013ad369

SHA512
e02687d1edaa899408bab9cf8a7684a00ef6c8d5e5fe4f28b62582e52f4b205d8fc5d5748bde6920f11bf57b6f91ae516e1cee1e371ce786ab6cf4e164e9b878

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37967.exe

Filesize
184KB

MD5
09e405dcc636b28907634a817826bd99

SHA1
0bcbb2158d4b844bddb014a92cb20bd8f32085bf

SHA256
baedf3888f750c7241682df4dc21e5ff7d240125e2aa9a787eec83bd2058c693

SHA512
f55079c00674f9e5ea643387d581cb79d3f9f59d727aa29c6e0a8c1e2640ebc215a086c6dcc5b80c8b4458b06afcb94d7f9d48f67d44bc9ebd8e5ea7c3605053

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5158.exe

Filesize
184KB

MD5
5dff93f2e987c4a2470cfdba27fb5015

SHA1
9c33a2a4cb9992fd304a214cb8741513296e143b

SHA256
3a06b969444f74f43e17bd36f6337981637e87cda035c5ec4f48794822cca647

SHA512
bc4fee859f266ca52dda917339c89d07d53dc4e724ea8efb089ae0a347206b5e17fcb46e49acc8f97d5cc1a1972a4b7ee931ddc5a0675cdcf8704e1f4cad9e86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5864.exe

Filesize
184KB

MD5
9bc88e1a0e65740c0e185cb842d0e768

SHA1
7ee047f227093ce278db39be92fb97f94cbc3791

SHA256
0f29892183088b2c90d774f0c4face09261356abb6f24502b385f309c03cba89

SHA512
b47235293907f3ffb4ca50e8229fbecbdd0bea65ce7d5ffb58ebdf1e78ce972c46ea44286213b2da860bac93cfaac07284a4f4c542e894222cb356beb396d137

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe

Filesize
184KB

MD5
e6ec8d300a9ca88a5c843203663942b3

SHA1
bda3e4dc330391eceff104c136e2a7083a86428b

SHA256
8557588bb9336c4fadf6301ea7c4a9ce64920c76b9ab0751a7d4be210d8e3710

SHA512
773cf74d60c527f6e44ba342ba1563e60aa6f74bd9579071d3425d9333a691bc347f4de0f1e160e801f91fd04b9b40283ae36d616a4f619246c48da8c00dc272

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe

Filesize
184KB

MD5
4a0fe829fbfa201447fa9ac64c73ce37

SHA1
41eec7000fd32985db02709f1766cd008512b3b3

SHA256
aff1983be181a72b8ecc3261c9c7aa7939de32a2e04b578f3e38107feff89fcd

SHA512
739b7b9e79f3d465f9301e1ac03616eec93b5c2c4fe7038f64449c69bba7ed67385667f8d4e784693240616e9250ac3ecc486cdf1b061373e79b19eaae62863c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe

Filesize
184KB

MD5
4111f462e76f8e97dc635b9ac6c5d304

SHA1
cd236f4f969237e0cd82662b0c8e71312803c465

SHA256
2a0ac4cd8ada19047cdb6b7298701db58e69098f0a3abd89011a6f4568ea2b02

SHA512
6075a0a48398ed8ea49ca137f28b9c61daee68efd041df36edc1136f85e5f85d215231f7c7b703215cef7c24c360741636609aa762fd8752e82cbbaa05cc7beb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe

Filesize
184KB

MD5
94890a32130a2c84f050933b7478b0b7

SHA1
0c2e4949a5e2ec8892f652b166bf6c3c0357b13d

SHA256
1c183e0e74899531c9cc8a4a616ba640147f39af0664d523cbeac259a65e6a82

SHA512
4adc30968c9d265d70b7c6b264811db65685bf6184622c9c8c120c05584315c7441d7bc2432ce2cbf24284b2e945be60f6dec3426323c983c1a4cf3ad8a8c458

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe

Filesize
184KB

MD5
977be39e060fe1a5640d4d7299819c45

SHA1
37e4ac2e1c7f623d0568d8de701d3520a68ecf74

SHA256
44eaf7ba52bae54902fac18fd8c0afd560d32e1c150a564cb1ce7eb60204c932

SHA512
31a95cfbd6afc47e9e3d37ae511720fbfaef96ce8c3e8d2795ca409a6bbdfc5cafda09f17f1736f56b76308bbc7273b42c3aaf83d4738af79f97e478216326e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe

Filesize
184KB

MD5
37749e1affb49e4703d496c648b487a6

SHA1
5ce9f4b161e71889ea6dc40591ad32da763ca139

SHA256
a93cfacdeb58b2bdeb7a608af28a2ec36c341f9c9dfdce596e7fe73caf98ed11

SHA512
24587c38fb8e8ae8343b2afb79b4c0c2c9a3b396218152fdafbcc92c5a05b5980a1d5ed0bb4cf74bdc1001df6dbaefcff22a8a3094c222cf7209dae206cf4c70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62418.exe

Filesize
184KB

MD5
a7d0c9e659d21557ee7cb50162a3bffa

SHA1
ad53becf7af226d921781c48e59cf9cccdad530c

SHA256
8e2fe6f5c23a0fcc5b119901a001ce7e4618a30392f04cffef9b727fe0b7cbca

SHA512
425baf1fe772234f95ce1ccd8ac332257ae41e439b4d69a4fa247249b199947944029a5cbd0169053d412840471a5cd563b6df824e9b9f3c2ca672a087add446

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62711.exe

Filesize
184KB

MD5
4f2ee2ed03a868d9cc52a7ffa15daff3

SHA1
3076f77f7bc6b28d5559887bb3f88f348f0b11ec

SHA256
7c9e05536cc6e3c87a5aca29920c4e5819c520140c06155ba712150b60cff0c3

SHA512
0aad03ec58f05dd014f50cde3887697313080b0045c77ac57f78b14c631105268a36b8e26c1d84220b18e4a8fb744e89d873a8fd985dbb28d7ac89d409c96520

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe

Filesize
184KB

MD5
66bf749e5aa123a61711c2dd62435757

SHA1
afb9ef7559e13ba4e9a116c36187f14ec25ef2a9

SHA256
84960042022799912b6c9bc92222a520692cec0cc2b887b74a110d7d2a03f4f9

SHA512
20231042dea05ec64e25960106400194e249ee434f3fee81ec5d08a537c3c53ada34e40e28558acdfda3095b3a15fed87e5da2189a38f7283b19dd026982512f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads