257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475

Analysis

max time kernel
151s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe
Size

184KB
MD5

5400e6d9dde9f9203a091aef80dd1271
SHA1

3ca7d6ba2c865fe5512b826560e7544bf51fdd81
SHA256

257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475
SHA512

f56d637c3fc00fb73756fc10eeddca6d5a8c9c7d74132bf8bd8d0a3a011b99c9c702d5cc1f0c63006d92e0bc3fa7083dfd461e9e00cb59c015a97ccb2de3e497
SSDEEP

3072:om8+7RoTfe7bd7e9WzS89fE4hlnViFun3:omHoSB7et8tE4hlnViFu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2884	Unicorn-21703.exe
2984	Unicorn-11479.exe
2492	Unicorn-14172.exe
2868	Unicorn-1988.exe
2608	Unicorn-12849.exe
2460	Unicorn-63441.exe
548	Unicorn-17915.exe
1272	Unicorn-23068.exe
1276	Unicorn-63586.exe
2540	Unicorn-1064.exe
2428	Unicorn-47572.exe
632	Unicorn-52808.exe
2084	Unicorn-55501.exe
676	Unicorn-5553.exe
2144	Unicorn-9637.exe
2552	Unicorn-40364.exe
896	Unicorn-24582.exe
2928	Unicorn-45003.exe
840	Unicorn-56700.exe
1096	Unicorn-34417.exe
1092	Unicorn-49362.exe
596	Unicorn-26249.exe
1196	Unicorn-36363.exe
1984	Unicorn-39055.exe
2052	Unicorn-44531.exe
2060	Unicorn-14359.exe
1372	Unicorn-64951.exe
3004	Unicorn-36939.exe
3012	Unicorn-6212.exe
2308	Unicorn-16519.exe
2828	Unicorn-17073.exe
2576	Unicorn-36917.exe
2396	Unicorn-43737.exe
2400	Unicorn-41276.exe
2364	Unicorn-50836.exe
1204	Unicorn-36446.exe
1440	Unicorn-47307.exe
2668	Unicorn-48698.exe
1316	Unicorn-39124.exe
1888	Unicorn-62237.exe
1920	Unicorn-53322.exe
1972	Unicorn-43016.exe
2456	Unicorn-34848.exe
1492	Unicorn-8760.exe
584	Unicorn-27234.exe
2216	Unicorn-40878.exe
2936	Unicorn-47655.exe
2916	Unicorn-62066.exe
2948	Unicorn-32710.exe
1456	Unicorn-29948.exe
3036	Unicorn-39508.exe
908	Unicorn-23726.exe
3016	Unicorn-62813.exe
3000	Unicorn-29394.exe
2632	Unicorn-59305.exe
2528	Unicorn-20410.exe
2524	Unicorn-34800.exe
1584	Unicorn-62834.exe
2660	Unicorn-19856.exe
1008	Unicorn-29970.exe
1112	Unicorn-22356.exe
1896	Unicorn-21802.exe
2816	Unicorn-42222.exe
760	Unicorn-7411.exe

Loads dropped DLL 64 IoCs

pid	Process
1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe
1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe
2884	Unicorn-21703.exe
2884	Unicorn-21703.exe
1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe
1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe
2984	Unicorn-11479.exe
2884	Unicorn-21703.exe
2984	Unicorn-11479.exe
2884	Unicorn-21703.exe
2492	Unicorn-14172.exe
2492	Unicorn-14172.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2780	WerFault.exe
2868	Unicorn-1988.exe
2868	Unicorn-1988.exe
2984	Unicorn-11479.exe
2984	Unicorn-11479.exe
2608	Unicorn-12849.exe
2608	Unicorn-12849.exe
2460	Unicorn-63441.exe
2492	Unicorn-14172.exe
2492	Unicorn-14172.exe
2460	Unicorn-63441.exe
932	WerFault.exe
932	WerFault.exe
932	WerFault.exe
932	WerFault.exe
940	WerFault.exe
940	WerFault.exe
940	WerFault.exe
940	WerFault.exe
932	WerFault.exe
940	WerFault.exe
548	Unicorn-17915.exe
548	Unicorn-17915.exe
2868	Unicorn-1988.exe
2868	Unicorn-1988.exe
2540	Unicorn-1064.exe
2540	Unicorn-1064.exe
1272	Unicorn-23068.exe
2428	Unicorn-47572.exe
1272	Unicorn-23068.exe
2428	Unicorn-47572.exe
2608	Unicorn-12849.exe
2608	Unicorn-12849.exe
2460	Unicorn-63441.exe
2460	Unicorn-63441.exe
1276	Unicorn-63586.exe
1276	Unicorn-63586.exe
332	WerFault.exe
332	WerFault.exe
332	WerFault.exe
332	WerFault.exe
1548	WerFault.exe
1548	WerFault.exe
1548	WerFault.exe
1548	WerFault.exe
332	WerFault.exe
1548	WerFault.exe
1108	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2468	1808	WerFault.exe	27
2780	2884	WerFault.exe	28
932	2492	WerFault.exe	30
940	2984	WerFault.exe	29
332	2868	WerFault.exe	32
1548	2608	WerFault.exe	33
1108	2460	WerFault.exe	34
1624	548	WerFault.exe	36
2736	2540	WerFault.exe	40
2412	2428	WerFault.exe	39
2592	1272	WerFault.exe	38
1816	1276	WerFault.exe	37
1720	632	WerFault.exe	45
2180	2084	WerFault.exe	46
1696	676	WerFault.exe	47
2196	2552	WerFault.exe	49
2856	2144	WerFault.exe	48
2444	896	WerFault.exe	50
2100	840	WerFault.exe	52
2848	2928	WerFault.exe	51
1528	1096	WerFault.exe	56
1900	1092	WerFault.exe	57
2964	2828	WerFault.exe	67
2784	1196	WerFault.exe	59
2340	2060	WerFault.exe	62
1580	2052	WerFault.exe	61
1288	1204	WerFault.exe	76
2416	596	WerFault.exe	58
1704	3004	WerFault.exe	64
436	2668	WerFault.exe	79
696	2400	WerFault.exe	72
1968	2364	WerFault.exe	73
2032	1244	WerFault.exe	130
2572	2456	WerFault.exe	84
776	584	WerFault.exe	86
1960	1984	WerFault.exe	60
2472	2948	WerFault.exe	91
1632	3036	WerFault.exe	92
2056	2216	WerFault.exe	87
3100	908	WerFault.exe	93
3132	1492	WerFault.exe	85
3160	1972	WerFault.exe	83
3196	3012	WerFault.exe	65
3324	2308	WerFault.exe	66
3520	2276	WerFault.exe	129
3532	1920	WerFault.exe	82
3660	1456	WerFault.exe	90
3888	2916	WerFault.exe	89
3924	1440	WerFault.exe	77
3988	1316	WerFault.exe	80
3996	1888	WerFault.exe	81
4092	1372	WerFault.exe	63
3152	2576	WerFault.exe	68
3344	3000	WerFault.exe	100
3372	3016	WerFault.exe	101
3444	2396	WerFault.exe	71
3552	1656	WerFault.exe	128
3592	1060	WerFault.exe	133
3620	1112	WerFault.exe	111
3684	2528	WerFault.exe	108
3716	2524	WerFault.exe	105
3780	1896	WerFault.exe	110
3796	268	WerFault.exe	117
3856	2912	WerFault.exe	122

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe
2884	Unicorn-21703.exe
2984	Unicorn-11479.exe
2492	Unicorn-14172.exe
2608	Unicorn-12849.exe
2868	Unicorn-1988.exe
2460	Unicorn-63441.exe
548	Unicorn-17915.exe
2540	Unicorn-1064.exe
2428	Unicorn-47572.exe
1272	Unicorn-23068.exe
1276	Unicorn-63586.exe
632	Unicorn-52808.exe
2084	Unicorn-55501.exe
676	Unicorn-5553.exe
2144	Unicorn-9637.exe
2552	Unicorn-40364.exe
896	Unicorn-24582.exe
2928	Unicorn-45003.exe
840	Unicorn-56700.exe
1096	Unicorn-34417.exe
1092	Unicorn-49362.exe
596	Unicorn-26249.exe
1196	Unicorn-36363.exe
1984	Unicorn-39055.exe
2060	Unicorn-14359.exe
2052	Unicorn-44531.exe
1372	Unicorn-64951.exe
3004	Unicorn-36939.exe
3012	Unicorn-6212.exe
2308	Unicorn-16519.exe
2828	Unicorn-17073.exe
2576	Unicorn-36917.exe
2396	Unicorn-43737.exe
2400	Unicorn-41276.exe
2364	Unicorn-50836.exe
1204	Unicorn-36446.exe
1440	Unicorn-47307.exe
2668	Unicorn-48698.exe
1316	Unicorn-39124.exe
1888	Unicorn-62237.exe
1920	Unicorn-53322.exe
1972	Unicorn-43016.exe
2456	Unicorn-34848.exe
1492	Unicorn-8760.exe
584	Unicorn-27234.exe
2216	Unicorn-40878.exe
1456	Unicorn-29948.exe
2936	Unicorn-47655.exe
2916	Unicorn-62066.exe
2948	Unicorn-32710.exe
3036	Unicorn-39508.exe
908	Unicorn-23726.exe
3000	Unicorn-29394.exe
3016	Unicorn-62813.exe
2528	Unicorn-20410.exe
2524	Unicorn-34800.exe
2632	Unicorn-59305.exe
1008	Unicorn-29970.exe
1112	Unicorn-22356.exe
1896	Unicorn-21802.exe
2660	Unicorn-19856.exe
1584	Unicorn-62834.exe
2816	Unicorn-42222.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 2884	1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe	28
PID 1808 wrote to memory of 2884	1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe	28
PID 1808 wrote to memory of 2884	1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe	28
PID 1808 wrote to memory of 2884	1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe	28
PID 2884 wrote to memory of 2984	2884	Unicorn-21703.exe	29
PID 2884 wrote to memory of 2984	2884	Unicorn-21703.exe	29
PID 2884 wrote to memory of 2984	2884	Unicorn-21703.exe	29
PID 2884 wrote to memory of 2984	2884	Unicorn-21703.exe	29
PID 1808 wrote to memory of 2492	1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe	30
PID 1808 wrote to memory of 2492	1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe	30
PID 1808 wrote to memory of 2492	1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe	30
PID 1808 wrote to memory of 2492	1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe	30
PID 2984 wrote to memory of 2868	2984	Unicorn-11479.exe	32
PID 2984 wrote to memory of 2868	2984	Unicorn-11479.exe	32
PID 2984 wrote to memory of 2868	2984	Unicorn-11479.exe	32
PID 2984 wrote to memory of 2868	2984	Unicorn-11479.exe	32
PID 2884 wrote to memory of 2608	2884	Unicorn-21703.exe	33
PID 2884 wrote to memory of 2608	2884	Unicorn-21703.exe	33
PID 2884 wrote to memory of 2608	2884	Unicorn-21703.exe	33
PID 2884 wrote to memory of 2608	2884	Unicorn-21703.exe	33
PID 2492 wrote to memory of 2460	2492	Unicorn-14172.exe	34
PID 2492 wrote to memory of 2460	2492	Unicorn-14172.exe	34
PID 2492 wrote to memory of 2460	2492	Unicorn-14172.exe	34
PID 2492 wrote to memory of 2460	2492	Unicorn-14172.exe	34
PID 1808 wrote to memory of 2468	1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe	31
PID 1808 wrote to memory of 2468	1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe	31
PID 1808 wrote to memory of 2468	1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe	31
PID 1808 wrote to memory of 2468	1808	257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe	31
PID 2884 wrote to memory of 2780	2884	Unicorn-21703.exe	35
PID 2884 wrote to memory of 2780	2884	Unicorn-21703.exe	35
PID 2884 wrote to memory of 2780	2884	Unicorn-21703.exe	35
PID 2884 wrote to memory of 2780	2884	Unicorn-21703.exe	35
PID 2868 wrote to memory of 548	2868	Unicorn-1988.exe	36
PID 2868 wrote to memory of 548	2868	Unicorn-1988.exe	36
PID 2868 wrote to memory of 548	2868	Unicorn-1988.exe	36
PID 2868 wrote to memory of 548	2868	Unicorn-1988.exe	36
PID 2984 wrote to memory of 1276	2984	Unicorn-11479.exe	37
PID 2984 wrote to memory of 1276	2984	Unicorn-11479.exe	37
PID 2984 wrote to memory of 1276	2984	Unicorn-11479.exe	37
PID 2984 wrote to memory of 1276	2984	Unicorn-11479.exe	37
PID 2608 wrote to memory of 1272	2608	Unicorn-12849.exe	38
PID 2608 wrote to memory of 1272	2608	Unicorn-12849.exe	38
PID 2608 wrote to memory of 1272	2608	Unicorn-12849.exe	38
PID 2608 wrote to memory of 1272	2608	Unicorn-12849.exe	38
PID 2492 wrote to memory of 2540	2492	Unicorn-14172.exe	40
PID 2492 wrote to memory of 2540	2492	Unicorn-14172.exe	40
PID 2492 wrote to memory of 2540	2492	Unicorn-14172.exe	40
PID 2492 wrote to memory of 2540	2492	Unicorn-14172.exe	40
PID 2460 wrote to memory of 2428	2460	Unicorn-63441.exe	39
PID 2460 wrote to memory of 2428	2460	Unicorn-63441.exe	39
PID 2460 wrote to memory of 2428	2460	Unicorn-63441.exe	39
PID 2460 wrote to memory of 2428	2460	Unicorn-63441.exe	39
PID 2492 wrote to memory of 932	2492	Unicorn-14172.exe	41
PID 2492 wrote to memory of 932	2492	Unicorn-14172.exe	41
PID 2492 wrote to memory of 932	2492	Unicorn-14172.exe	41
PID 2492 wrote to memory of 932	2492	Unicorn-14172.exe	41
PID 2984 wrote to memory of 940	2984	Unicorn-11479.exe	42
PID 2984 wrote to memory of 940	2984	Unicorn-11479.exe	42
PID 2984 wrote to memory of 940	2984	Unicorn-11479.exe	42
PID 2984 wrote to memory of 940	2984	Unicorn-11479.exe	42
PID 548 wrote to memory of 632	548	Unicorn-17915.exe	45
PID 548 wrote to memory of 632	548	Unicorn-17915.exe	45
PID 548 wrote to memory of 632	548	Unicorn-17915.exe	45
PID 548 wrote to memory of 632	548	Unicorn-17915.exe	45

C:\Users\Admin\AppData\Local\Temp\257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe
"C:\Users\Admin\AppData\Local\Temp\257856e639d488c6b156eb96e408fa15bc500b4f4a4bd6eec876e4dc9d0e4475.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43737.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29394.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
        10⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28102.exe
        11⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54329.exe
        12⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5686.exe
        13⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38110.exe
        14⤵
        
        PID:7392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51888.exe
        15⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 236
        15⤵
        
        PID:8724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 236
        14⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 236
        13⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
        12⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 216
        11⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
        10⤵
        Program crash
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
        9⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26924.exe
        10⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
        11⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        12⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 200
        13⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
        12⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
        11⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
        10⤵
        
        PID:4708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
        9⤵
        Program crash
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe
        10⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe
        11⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        12⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
        13⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38603.exe
        14⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56273.exe
        15⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 236
        15⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 236
        14⤵
        
        PID:3368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        13⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 236
        12⤵
        
        PID:5644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        11⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
        10⤵
        
        PID:4504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
        9⤵
        Program crash
        
        PID:3372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
        8⤵
        Program crash
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41276.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7411.exe
        8⤵
        Executes dropped EXE
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42772.exe
        9⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        10⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21164.exe
        11⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43779.exe
        12⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36600.exe
        13⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        14⤵
        
        PID:8692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41603.exe
        15⤵
        
        PID:9080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 236
        14⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 236
        13⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 236
        12⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 236
        11⤵
        
        PID:5336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
        10⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
        9⤵
        
        PID:4024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
        8⤵
        Program crash
        
        PID:696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 240
        7⤵
        Program crash
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50836.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19856.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
        9⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64915.exe
        10⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8200.exe
        11⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
        12⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
        13⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47908.exe
        14⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 236
        13⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
        12⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        11⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
        10⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
        9⤵
        
        PID:3724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
        8⤵
        Program crash
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35092.exe
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38595.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17555.exe
        11⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
        12⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24011.exe
        13⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
        13⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 236
        12⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 236
        11⤵
        
        PID:7072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 236
        10⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 216
        9⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        8⤵
        Program crash
        
        PID:3684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
        7⤵
        Program crash
        
        PID:1900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
        6⤵
        Program crash
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36446.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4069.exe
        9⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        10⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52933.exe
        11⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        12⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
        13⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62298.exe
        14⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 236
        13⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 236
        12⤵
        
        PID:7904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
        11⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 216
        10⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
        9⤵
        
        PID:3864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 236
        8⤵
        Program crash
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34800.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24682.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
        9⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        10⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
        11⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        12⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6496.exe
        13⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        14⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
        13⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 236
        12⤵
        
        PID:8216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 236
        11⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        10⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        9⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 216
        8⤵
        Program crash
        
        PID:3716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
        7⤵
        Program crash
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47307.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29970.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8812.exe
        8⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40110.exe
        9⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        10⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        11⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11467.exe
        12⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe
        13⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 236
        13⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 236
        12⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
        11⤵
        
        PID:7308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 236
        10⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
        9⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 216
        8⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
        7⤵
        Program crash
        
        PID:3924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        6⤵
        Program crash
        
        PID:2180
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56700.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34848.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9933.exe
        8⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49762.exe
        9⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40411.exe
        10⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        11⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40025.exe
        12⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58826.exe
        13⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46154.exe
        14⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34923.exe
        14⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 236
        13⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
        12⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
        11⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        10⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 216
        9⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 216
        8⤵
        Program crash
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16710.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
        8⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7245.exe
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
        10⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
        11⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64477.exe
        12⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26061.exe
        13⤵
        
        PID:8864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 236
        13⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
        12⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
        11⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        10⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
        9⤵
        
        PID:5400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 216
        8⤵
        
        PID:4164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
        7⤵
        Program crash
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44744.exe
        7⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47240.exe
        8⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23691.exe
        9⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
        10⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
        11⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48032.exe
        12⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19216.exe
        13⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 236
        13⤵
        
        PID:4432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 236
        12⤵
        
        PID:8288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        11⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 236
        10⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
        9⤵
        
        PID:4116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
        8⤵
        
        PID:3736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 216
        7⤵
        Program crash
        
        PID:776
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        6⤵
        Program crash
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53322.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60504.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37209.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18647.exe
        9⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62580.exe
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        11⤵
        
        PID:6308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51670.exe
        12⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3839.exe
        13⤵
        
        PID:8680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 236
        13⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
        12⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 236
        11⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
        10⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        9⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
        8⤵
        
        PID:3228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        7⤵
        Program crash
        
        PID:3532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        6⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23914.exe
        7⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18839.exe
        8⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40105.exe
        9⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63164.exe
        10⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58063.exe
        11⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22449.exe
        12⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
        12⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
        11⤵
        
        PID:7560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        10⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 236
        9⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 216
        8⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 216
        7⤵
        Program crash
        
        PID:3796
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        6⤵
        Program crash
        
        PID:2964
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
        5⤵
        Program crash
        
        PID:1816
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12849.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12849.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62066.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        8⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12896.exe
        9⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe
        10⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16753.exe
        11⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        12⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51042.exe
        13⤵
        
        PID:8496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        14⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 236
        13⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 236
        12⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
        11⤵
        
        PID:6944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 236
        10⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
        9⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
        8⤵
        Program crash
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
        7⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
        8⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        9⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
        10⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
        11⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8961.exe
        12⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 236
        12⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
        11⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
        10⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
        9⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
        8⤵
        
        PID:3808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        7⤵
        Program crash
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29948.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23063.exe
        7⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
        8⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
        9⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        10⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1322.exe
        11⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        11⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62199.exe
        12⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10959.exe
        13⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 236
        12⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 240
        11⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
        10⤵
        
        PID:6936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
        9⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
        8⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
        7⤵
        Program crash
        
        PID:3660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
        6⤵
        Program crash
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12429.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27007.exe
        8⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 240
        9⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        8⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 216
        7⤵
        
        PID:3644
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        6⤵
        Program crash
        
        PID:2340
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
        5⤵
        Program crash
        
        PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43016.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
        8⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
        10⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46527.exe
        11⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29558.exe
        12⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4934.exe
        13⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 236
        13⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 236
        12⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
        11⤵
        
        PID:2808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
        10⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
        9⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
        8⤵
        Program crash
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        7⤵
        Program crash
        
        PID:3160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53467.exe
        6⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
        7⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34381.exe
        8⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
        9⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 240
        10⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        9⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        8⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
        7⤵
        
        PID:4248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        6⤵
        Program crash
        
        PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
        6⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44116.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1023.exe
        8⤵
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13579.exe
        10⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
        11⤵
        
        PID:7736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21982.exe
        12⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
        12⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        11⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 236
        10⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 236
        9⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51210.exe
        8⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28764.exe
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        10⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
        11⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        12⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 236
        11⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 236
        10⤵
        
        PID:7668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 236
        9⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 240
        8⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 216
        7⤵
        
        PID:4156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        6⤵
        Program crash
        
        PID:3132
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
        5⤵
        Program crash
        
        PID:2444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1548
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40364.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64951.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39508.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16099.exe
        10⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47806.exe
        11⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4700.exe
        12⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53808.exe
        13⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5401.exe
        14⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 236
        14⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
        13⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        12⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
        11⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        10⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
        9⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 216
        8⤵
        Program crash
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        7⤵
        
        PID:2276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 200
        8⤵
        Program crash
        
        PID:3520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
        7⤵
        Program crash
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        7⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61822.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27116.exe
        9⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 220
        10⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
        9⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
        8⤵
        Program crash
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
        7⤵
        Program crash
        
        PID:3100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        6⤵
        Program crash
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61957.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31096.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37033.exe
        10⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50528.exe
        11⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
        12⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30233.exe
        13⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        13⤵
        
        PID:1544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
        12⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
        11⤵
        
        PID:2124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        10⤵
        
        PID:952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
        9⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        8⤵
        Program crash
        
        PID:3552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
        7⤵
        Program crash
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        6⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 200
        7⤵
        Program crash
        
        PID:2032
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        6⤵
        Program crash
        
        PID:3152
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        5⤵
        Program crash
        
        PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45003.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36939.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32710.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33369.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2507.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        9⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        10⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        11⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
        12⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56268.exe
        13⤵
        
        PID:5804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
        12⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
        11⤵
        
        PID:8124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 236
        10⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
        9⤵
        
        PID:5364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
        8⤵
        
        PID:4120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
        7⤵
        Program crash
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
        6⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54038.exe
        7⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56939.exe
        8⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10722.exe
        9⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48577.exe
        10⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52604.exe
        11⤵
        
        PID:8408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23103.exe
        12⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 236
        11⤵
        
        PID:9132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
        10⤵
        
        PID:8116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
        9⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
        8⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
        7⤵
        
        PID:3404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
        6⤵
        Program crash
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47655.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        5⤵
        Program crash
        
        PID:2848
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42222.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14479.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11633.exe
        10⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38738.exe
        11⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8961.exe
        12⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
        12⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
        11⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 236
        10⤵
        
        PID:2436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
        9⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
        8⤵
        
        PID:4304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
        7⤵
        Program crash
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
        6⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        7⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
        8⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57536.exe
        9⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
        10⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39418.exe
        11⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
        12⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 236
        12⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
        10⤵
        
        PID:7396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        9⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 216
        8⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
        7⤵
        
        PID:4048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
        6⤵
        Program crash
        
        PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62237.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
        6⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59020.exe
        7⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
        8⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
        9⤵
        
        PID:6268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43865.exe
        10⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        11⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
        11⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
        10⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        9⤵
        
        PID:6748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
        8⤵
        
        PID:6052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
        7⤵
        
        PID:4212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 236
        6⤵
        Program crash
        
        PID:3996
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 240
        5⤵
        Program crash
        
        PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21802.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23914.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        9⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
        10⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
        11⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        12⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 236
        12⤵
        
        PID:4992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 236
        11⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
        10⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 236
        9⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        8⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 216
        7⤵
        Program crash
        
        PID:3780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        6⤵
        Program crash
        
        PID:436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20982.exe
        6⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
        7⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39830.exe
        8⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57404.exe
        10⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34405.exe
        11⤵
        
        PID:8652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42345.exe
        12⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
        11⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 236
        10⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
        9⤵
        
        PID:6264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        8⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
        7⤵
        
        PID:4584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 236
        6⤵
        Program crash
        
        PID:3620
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 220
        5⤵
        Program crash
        
        PID:1960
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
      4⤵
      Program crash
      PID:2736
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:932
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
  2⤵
  - Program crash
  PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe

Filesize
184KB

MD5
154504abac49d38b16823954b5fac767

SHA1
6718c0059d8d8fc56d2bfda99406d3dfb31a8e32

SHA256
1ff36736b8dc6af6f4c9a6eba1c1e41321ce6f9329a23d63c533a0a2ac0c8b1e

SHA512
ed700bf8ea5c61e863f2df4d4c8911899b10211744d2a2500aa55c65bc993f7a5240a3b4d1dd9715b38943470a96e74f5a83539e115641840978860203e15731

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11467.exe

Filesize
184KB

MD5
3d326979e0dde680e771d28f73bec399

SHA1
52c308c18b2f4a51239fd58454423bf4ad17bbc3

SHA256
8bd27b3223693a0aaf9af25bc4606e5434f058e0f7aa7220e239f6efc9b894f5

SHA512
6a52562f3dfb9cd5292abf4d456c9dd13493adb3ea522d65e2533bd7b42d2d914d50a07b91ff4cbeaa2384ce027d04698c688c44455f20bb74e4b50d3683d58d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe

Filesize
184KB

MD5
27ef6167df870b5a31172f055c1d5c6c

SHA1
3735cafdb194fa862008d99a3367957a52012a75

SHA256
c1450d449c345468853020d7348285e08da2f28b6df0f7e3ad573018b0d9c56e

SHA512
3c6f87f402688c5ea569007792cab436ff98c9145128ac2dc88c2258c526b661a10bd2c56e21169d655e662d0cee5f1df5faf11f8a081cae9bc59039be2c36d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6212.exe

Filesize
184KB

MD5
dfb8b8732cd692513bef283962fb359e

SHA1
b9cc0fce26ec9d20ec166190bd2725054a87b07f

SHA256
ab84bce7acc186c01e25f95933d35a61869639c3fb4cd9f581a42ec806c7cf9c

SHA512
10207189f7d82b4f1e041cd00946b07a0ba8ce863c65711f39c3980b534d40b60dc623c61919ed401ceeb60894e0a5c0888c9bd2a8228dfc925856f0067fde9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63441.exe

Filesize
184KB

MD5
26d6b10056f0519109c9b6c585b7c948

SHA1
284b688f7e97a0e95f22acea5769e18b3b059d5c

SHA256
017f90fd07a6f992dff6b4fa7aedfd0a4f81d4ccb3a4a5fa99991979cbd50dcf

SHA512
da964b53b8e5e1ef35d5ca7482bd1d70218d52852c1fde12552d42ff7ef5bc00f049acbd95fe990346accefa45d1b002d55529df8879f9a2c64b83c3694f07fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe

Filesize
184KB

MD5
52ec5bb128a52b49131cd1ecfeb4b1fa

SHA1
5fe34c3827d86521930ada65d9c18a6b68989e60

SHA256
dca243d2e596ffaf0669546f9e3f822276e4ea9ed74b5bcdfa73b73dabef3c1b

SHA512
c97789c5df5074c06372e456daea9b200656e1d6e3be10ce568b02c62a4cada982d8299506e3a215fd25cc4a73069aabf39cbb7b5569181f7b3659c87f58cc1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe

Filesize
184KB

MD5
cee1b3de8ca67437ac9f01ce69e0749c

SHA1
34dfc2b4cea5c13dc169bec82d6c7c3ffca16899

SHA256
eb93be4b1f64084cd82bd94b09a4b89cec8f4631865d15e793970a378a6af1ee

SHA512
938a23b2f1b1233e125f0eae8e0e9433735d8a975930849fb6b9748db7e123423e1be664c25a4bedd7ac801a93f85f9dc39d90b846dbd22b3c9d675948f8d0a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12849.exe

Filesize
184KB

MD5
1d648e60eab1370109d6d1f15d824ceb

SHA1
f17e478a6b7ddc23931205df6cf8d7d16e473bf9

SHA256
fd70220a9048acd9aa9e0ffd268c7437910fe7d9b251a786561cae5a108a6a94

SHA512
7b5ce6826b00061dee518fb37bfe57ac407f04096bcf6dfd3fcf828f4b15e140bb048cb45210500df4b6fb7c0236844580a9eb22ee81780a389b62f04665d444

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe

Filesize
184KB

MD5
2b22e51f2ce9b92a51aaff4f2ce16e8a

SHA1
76e1bf6b3550128bf2a0bae486e3c03fd8993d3b

SHA256
7328a9059f33d10afbe8e80012c6c78f037096b17d317c87ba37964c6f1edb63

SHA512
1c0dff9f6d7bde0d12193fd094345bfe513130830fe0ccbb49a732fe0d59fbd1ef2e9790d89815a0d33d6dc1b573e3b3b1279d7b42a27210c7487f805b727ef3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe

Filesize
184KB

MD5
b20fc824f53d1abbacd13dc7bf6037fe

SHA1
2255a8af2d33b179f752f39eb6aaa60cec5bc0ae

SHA256
8ac026cbb375af81eb65d7d5959a15be0b8d9c061b527132fd1d235c4734c849

SHA512
cc33aa10ef8232e082c124b2c9d13d421bb5a4f55a53f32fd7e20ed679a06e3ab8a3c9aa517bbedf2a62a5ada8349462770b7af3aecaa3f662896e236c60241f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1988.exe

Filesize
184KB

MD5
bb08a901351a6cbfe67be2319c292c4d

SHA1
8140d684ec6b62c9003521788520c9464c8063e9

SHA256
d218b910cfa4050802958d10f57d45b1a4b7985a697edbbb8c186ef1f1393420

SHA512
8f890ddc8a43e8b3a6dec9c4029b19701ec31404202e26cdb8e576de3cd2cf1d3e8e6a2d2ca321163a77c05669b6c77f4d1219f9f03c190b49b3718b0bdbc1ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe

Filesize
184KB

MD5
315b413a808f55830eb8c0aa14b114ae

SHA1
fed7f2eb1590f63d83e6c14f6a5d36101191e2e9

SHA256
cfb3697f28943a62e5c76bc73672028c2afb7b008719c93ab76a34f375a8e919

SHA512
9c9bf54539576c49b1cb1076fee8773cfe8254e6eb1260b8f4d5345335ae74e0812901de161d2927f4dd629ac5aad4e63c59c0dae3b3ca31bb6552c92206a944

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47572.exe

Filesize
184KB

MD5
5a1b3cdf3cee525e2c51f78de3dfb8a5

SHA1
24eaabedbe7544cf8e81ea9cd8a52b0d5751bbe9

SHA256
6ba7e587bd1e7e0cf79fc61fcb78a9cacbb5d9333f5a78411ba28afe143e3a06

SHA512
dbe675cc6b2323a3b9de250207e37f814374d07b837e9d5d7f074264ef37b6ccac50feaa7d11aba28273ff9eabae2145a4e8ccdcc2e2f7e40b017ba2375f6133

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52808.exe

Filesize
184KB

MD5
930b12da4a1bfbbacdd1033c90e3cf74

SHA1
6b8b49fd300f16638daa9298ac44ae9dc6eb65ca

SHA256
6627e87e20fdeccea65a99492aed356b75c2f10d04f73c323b76e08c55e06316

SHA512
7a16d3cebc00499a84602e437811fdf7c85e2e07b62ccabc32bf0eda8f6cd372dce229fc99c4a85057faa8b39a6c35181da311629c3ecfbad5f162d9b46d2d17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe

Filesize
184KB

MD5
d9c385b9a943fe2792cb5461afabb197

SHA1
4c0f7a91d6b7e261e787c45a9cc887c8e91fdadf

SHA256
19624a0c4e1c353962b88b42d979124cca8730e2a7931dd33008b7f0dcc60c34

SHA512
2875dd41ff5b286dfe1c28db17b80d90c649c959cca03d2257b5577c6eb9585107e7bf60e4deb7e251319f300abd542385a78282a8f8d1aa1cdc366d65043dcf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe

Filesize
184KB

MD5
27ced6f2b30ce1fc2b0ede23032c3865

SHA1
47ad61d61c2a00de290b76cd48ff5cfbd4a2c3d8

SHA256
be3a232668c5841cc1275a7e34ebeb136fc446d29a42cc0e05b7e8a6038a8b7d

SHA512
7d669a3e5802c4372af7733b74442168582280ab9b9a9d4d7c4fc5c922e8a12b5870ec2538edb4428a28c5ee73197a3ff1e6403fdc1fbd629b380715d07aa20a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads