3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe
Size

184KB
MD5

13cb184f1176bc93213dbf430a5eeaf9
SHA1

ff84a33e7580d82d8e428eef9e92288fe8f25431
SHA256

3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b
SHA512

41efb829e8d7c7cced9f1e0a4dd9396efd54a28f883630a7982cc9fd03efdbf1dc00d9a14f64db11e484c83d66b8645457fb6d9031fc44cc43c60f7369b79680
SSDEEP

1536:1Oe46AZlQoAgohx13I3AlIwSGcAy3ZcJDmdojwLNCVz0tBhlChj5nizps0:Y0zoAgoHhI3RjGTuerwLNWyBhl4ViF1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1448	Unicorn-4988.exe
2900	Unicorn-52134.exe
2916	Unicorn-36352.exe
2148	Unicorn-59472.exe
2380	Unicorn-47775.exe
2468	Unicorn-16302.exe
2332	Unicorn-48.exe
1384	Unicorn-45165.exe
908	Unicorn-5455.exe
2572	Unicorn-32097.exe
2556	Unicorn-47879.exe
1472	Unicorn-62352.exe
1728	Unicorn-11760.exe
932	Unicorn-34126.exe
1168	Unicorn-2845.exe
572	Unicorn-35518.exe
2536	Unicorn-41548.exe
628	Unicorn-19736.exe
800	Unicorn-21211.exe
1844	Unicorn-33162.exe
1940	Unicorn-34785.exe
2888	Unicorn-38123.exe
1548	Unicorn-29955.exe
576	Unicorn-55206.exe
268	Unicorn-53068.exe
1196	Unicorn-48429.exe
1704	Unicorn-48984.exe
2496	Unicorn-51719.exe
2648	Unicorn-1127.exe
2676	Unicorn-49581.exe
2680	Unicorn-22747.exe
2548	Unicorn-48019.exe
2624	Unicorn-1511.exe
2396	Unicorn-25461.exe
2336	Unicorn-31491.exe
2208	Unicorn-42351.exe
1216	Unicorn-50520.exe
2424	Unicorn-39659.exe
1996	Unicorn-45881.exe
2560	Unicorn-30099.exe
1644	Unicorn-427.exe
2812	Unicorn-4511.exe
2156	Unicorn-23540.exe
2936	Unicorn-53712.exe
1032	Unicorn-3120.exe
1944	Unicorn-23562.exe
608	Unicorn-7780.exe
2076	Unicorn-56234.exe
2052	Unicorn-35622.exe
3060	Unicorn-9534.exe
1584	Unicorn-47059.exe
2636	Unicorn-4080.exe
2828	Unicorn-50588.exe
2756	Unicorn-32114.exe
2376	Unicorn-49005.exe
2372	Unicorn-38144.exe
2304	Unicorn-42228.exe
864	Unicorn-32668.exe
1248	Unicorn-25892.exe
836	Unicorn-5279.exe
3036	Unicorn-15455.exe
1804	Unicorn-7308.exe
1992	Unicorn-50287.exe
1468	Unicorn-27729.exe

Loads dropped DLL 64 IoCs

pid	Process
2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe
2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe
1448	Unicorn-4988.exe
2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe
1448	Unicorn-4988.exe
2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe
2900	Unicorn-52134.exe
2900	Unicorn-52134.exe
1448	Unicorn-4988.exe
1448	Unicorn-4988.exe
2916	Unicorn-36352.exe
2916	Unicorn-36352.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2380	Unicorn-47775.exe
2380	Unicorn-47775.exe
2148	Unicorn-59472.exe
2148	Unicorn-59472.exe
2900	Unicorn-52134.exe
2900	Unicorn-52134.exe
2916	Unicorn-36352.exe
2916	Unicorn-36352.exe
2468	Unicorn-16302.exe
2468	Unicorn-16302.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
2172	WerFault.exe
2172	WerFault.exe
2172	WerFault.exe
2172	WerFault.exe
2172	WerFault.exe
1384	Unicorn-45165.exe
1384	Unicorn-45165.exe
2148	Unicorn-59472.exe
2148	Unicorn-59472.exe
2380	Unicorn-47775.exe
2380	Unicorn-47775.exe
2552	WerFault.exe
2552	WerFault.exe
2552	WerFault.exe
2552	WerFault.exe
908	Unicorn-5455.exe
908	Unicorn-5455.exe
2552	WerFault.exe
2556	Unicorn-47879.exe
2556	Unicorn-47879.exe
2572	Unicorn-32097.exe
2572	Unicorn-32097.exe
2468	Unicorn-16302.exe
2468	Unicorn-16302.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2628	2700	WerFault.exe	27
2832	1448	WerFault.exe	28
1976	2900	WerFault.exe	29
2172	2916	WerFault.exe	30
2552	2332	WerFault.exe	36
3016	2380	WerFault.exe	33
1244	2148	WerFault.exe	32
1836	2468	WerFault.exe	34
1544	932	WerFault.exe	45
1908	2536	WerFault.exe	49
1612	1384	WerFault.exe	37
1892	908	WerFault.exe	38
1100	2556	WerFault.exe	40
2012	2572	WerFault.exe	39
2412	1704	WerFault.exe	64
1136	1728	WerFault.exe	44
1104	1168	WerFault.exe	47
944	572	WerFault.exe	48
1984	1472	WerFault.exe	43
1696	628	WerFault.exe	50
2284	2396	WerFault.exe	76
1620	800	WerFault.exe	55
1920	1940	WerFault.exe	57
2684	268	WerFault.exe	62
2768	1844	WerFault.exe	56
2968	1548	WerFault.exe	59
2904	1196	WerFault.exe	63
2248	576	WerFault.exe	61
1484	2888	WerFault.exe	60
2504	2648	WerFault.exe	70
2448	2372	WerFault.exe	106
2436	2424	WerFault.exe	80
1760	836	WerFault.exe	110
2044	2348	WerFault.exe	141
2864	2548	WerFault.exe	73
1712	1644	WerFault.exe	88
2632	2156	WerFault.exe	91
2604	2936	WerFault.exe	92
2408	608	WerFault.exe	96
3080	1944	WerFault.exe	95
3096	2812	WerFault.exe	89
3128	2076	WerFault.exe	97
3152	2052	WerFault.exe	98
3184	2680	WerFault.exe	72
3564	3036	WerFault.exe	113
3572	2560	WerFault.exe	81
3580	2828	WerFault.exe	102
3588	2304	WerFault.exe	107
3596	2336	WerFault.exe	77
3604	2624	WerFault.exe	75
3612	1584	WerFault.exe	101
3628	2496	WerFault.exe	69
3620	1248	WerFault.exe	109
3640	864	WerFault.exe	108
3648	1032	WerFault.exe	93
3656	2756	WerFault.exe	104
3740	2376	WerFault.exe	105
3772	1996	WerFault.exe	82
3780	2676	WerFault.exe	71
3796	2636	WerFault.exe	103
3804	1216	WerFault.exe	79
3812	3060	WerFault.exe	100
3892	1056	WerFault.exe	130
4072	1668	WerFault.exe	146

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe
1448	Unicorn-4988.exe
2900	Unicorn-52134.exe
2916	Unicorn-36352.exe
2148	Unicorn-59472.exe
2380	Unicorn-47775.exe
2468	Unicorn-16302.exe
2332	Unicorn-48.exe
1384	Unicorn-45165.exe
908	Unicorn-5455.exe
2572	Unicorn-32097.exe
2556	Unicorn-47879.exe
1472	Unicorn-62352.exe
932	Unicorn-34126.exe
1728	Unicorn-11760.exe
1168	Unicorn-2845.exe
2536	Unicorn-41548.exe
572	Unicorn-35518.exe
628	Unicorn-19736.exe
800	Unicorn-21211.exe
1844	Unicorn-33162.exe
1940	Unicorn-34785.exe
2888	Unicorn-38123.exe
268	Unicorn-53068.exe
1196	Unicorn-48429.exe
1704	Unicorn-48984.exe
576	Unicorn-55206.exe
1548	Unicorn-29955.exe
2496	Unicorn-51719.exe
2648	Unicorn-1127.exe
2676	Unicorn-49581.exe
2680	Unicorn-22747.exe
2548	Unicorn-48019.exe
2624	Unicorn-1511.exe
2396	Unicorn-25461.exe
2208	Unicorn-42351.exe
2336	Unicorn-31491.exe
2424	Unicorn-39659.exe
1216	Unicorn-50520.exe
1996	Unicorn-45881.exe
2560	Unicorn-30099.exe
2812	Unicorn-4511.exe
1644	Unicorn-427.exe
2156	Unicorn-23540.exe
2936	Unicorn-53712.exe
1032	Unicorn-3120.exe
1944	Unicorn-23562.exe
608	Unicorn-7780.exe
2076	Unicorn-56234.exe
2052	Unicorn-35622.exe
1584	Unicorn-47059.exe
3060	Unicorn-9534.exe
2636	Unicorn-4080.exe
2756	Unicorn-32114.exe
2828	Unicorn-50588.exe
2376	Unicorn-49005.exe
2304	Unicorn-42228.exe
2372	Unicorn-38144.exe
864	Unicorn-32668.exe
1248	Unicorn-25892.exe
836	Unicorn-5279.exe
3036	Unicorn-15455.exe
1804	Unicorn-7308.exe
1468	Unicorn-27729.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 1448	2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe	28
PID 2700 wrote to memory of 1448	2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe	28
PID 2700 wrote to memory of 1448	2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe	28
PID 2700 wrote to memory of 1448	2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe	28
PID 1448 wrote to memory of 2900	1448	Unicorn-4988.exe	29
PID 1448 wrote to memory of 2900	1448	Unicorn-4988.exe	29
PID 1448 wrote to memory of 2900	1448	Unicorn-4988.exe	29
PID 1448 wrote to memory of 2900	1448	Unicorn-4988.exe	29
PID 2700 wrote to memory of 2916	2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe	30
PID 2700 wrote to memory of 2916	2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe	30
PID 2700 wrote to memory of 2916	2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe	30
PID 2700 wrote to memory of 2916	2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe	30
PID 2700 wrote to memory of 2628	2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe	31
PID 2700 wrote to memory of 2628	2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe	31
PID 2700 wrote to memory of 2628	2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe	31
PID 2700 wrote to memory of 2628	2700	3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe	31
PID 2900 wrote to memory of 2148	2900	Unicorn-52134.exe	32
PID 2900 wrote to memory of 2148	2900	Unicorn-52134.exe	32
PID 2900 wrote to memory of 2148	2900	Unicorn-52134.exe	32
PID 2900 wrote to memory of 2148	2900	Unicorn-52134.exe	32
PID 1448 wrote to memory of 2380	1448	Unicorn-4988.exe	33
PID 1448 wrote to memory of 2380	1448	Unicorn-4988.exe	33
PID 1448 wrote to memory of 2380	1448	Unicorn-4988.exe	33
PID 1448 wrote to memory of 2380	1448	Unicorn-4988.exe	33
PID 2916 wrote to memory of 2468	2916	Unicorn-36352.exe	34
PID 2916 wrote to memory of 2468	2916	Unicorn-36352.exe	34
PID 2916 wrote to memory of 2468	2916	Unicorn-36352.exe	34
PID 2916 wrote to memory of 2468	2916	Unicorn-36352.exe	34
PID 1448 wrote to memory of 2832	1448	Unicorn-4988.exe	35
PID 1448 wrote to memory of 2832	1448	Unicorn-4988.exe	35
PID 1448 wrote to memory of 2832	1448	Unicorn-4988.exe	35
PID 1448 wrote to memory of 2832	1448	Unicorn-4988.exe	35
PID 2380 wrote to memory of 2332	2380	Unicorn-47775.exe	36
PID 2380 wrote to memory of 2332	2380	Unicorn-47775.exe	36
PID 2380 wrote to memory of 2332	2380	Unicorn-47775.exe	36
PID 2380 wrote to memory of 2332	2380	Unicorn-47775.exe	36
PID 2148 wrote to memory of 1384	2148	Unicorn-59472.exe	37
PID 2148 wrote to memory of 1384	2148	Unicorn-59472.exe	37
PID 2148 wrote to memory of 1384	2148	Unicorn-59472.exe	37
PID 2148 wrote to memory of 1384	2148	Unicorn-59472.exe	37
PID 2900 wrote to memory of 908	2900	Unicorn-52134.exe	38
PID 2900 wrote to memory of 908	2900	Unicorn-52134.exe	38
PID 2900 wrote to memory of 908	2900	Unicorn-52134.exe	38
PID 2900 wrote to memory of 908	2900	Unicorn-52134.exe	38
PID 2916 wrote to memory of 2572	2916	Unicorn-36352.exe	39
PID 2916 wrote to memory of 2572	2916	Unicorn-36352.exe	39
PID 2916 wrote to memory of 2572	2916	Unicorn-36352.exe	39
PID 2916 wrote to memory of 2572	2916	Unicorn-36352.exe	39
PID 2468 wrote to memory of 2556	2468	Unicorn-16302.exe	40
PID 2468 wrote to memory of 2556	2468	Unicorn-16302.exe	40
PID 2468 wrote to memory of 2556	2468	Unicorn-16302.exe	40
PID 2468 wrote to memory of 2556	2468	Unicorn-16302.exe	40
PID 2900 wrote to memory of 1976	2900	Unicorn-52134.exe	41
PID 2900 wrote to memory of 1976	2900	Unicorn-52134.exe	41
PID 2900 wrote to memory of 1976	2900	Unicorn-52134.exe	41
PID 2900 wrote to memory of 1976	2900	Unicorn-52134.exe	41
PID 2916 wrote to memory of 2172	2916	Unicorn-36352.exe	42
PID 2916 wrote to memory of 2172	2916	Unicorn-36352.exe	42
PID 2916 wrote to memory of 2172	2916	Unicorn-36352.exe	42
PID 2916 wrote to memory of 2172	2916	Unicorn-36352.exe	42
PID 1384 wrote to memory of 1472	1384	Unicorn-45165.exe	43
PID 1384 wrote to memory of 1472	1384	Unicorn-45165.exe	43
PID 1384 wrote to memory of 1472	1384	Unicorn-45165.exe	43
PID 1384 wrote to memory of 1472	1384	Unicorn-45165.exe	43

C:\Users\Admin\AppData\Local\Temp\3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe
"C:\Users\Admin\AppData\Local\Temp\3ce86c8e3a4d9a22726579f617f74e1df7c13b83cee6b3bdc60840f44e16757b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45165.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62352.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50588.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24797.exe
        10⤵
        
        PID:1668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 220
        11⤵
        Program crash
        
        PID:4072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
        10⤵
        Program crash
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        9⤵
        
        PID:2544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 224
        10⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
        9⤵
        Program crash
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4080.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
        9⤵
        
        PID:1160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 224
        10⤵
        
        PID:3340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
        9⤵
        Program crash
        
        PID:3796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
        8⤵
        Program crash
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30099.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
        9⤵
        Program crash
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
        8⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 244
        9⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
        8⤵
        Program crash
        
        PID:3572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 240
        7⤵
        Program crash
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 244
        9⤵
        Program crash
        
        PID:2448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 248
        8⤵
        Program crash
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32668.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32581.exe
        8⤵
        
        PID:1652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 220
        9⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 236
        8⤵
        Program crash
        
        PID:3640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
        7⤵
        Program crash
        
        PID:2248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
        6⤵
        Program crash
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11760.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50536.exe
        10⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
        11⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
        12⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-422.exe
        13⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 220
        14⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        13⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24175.exe
        14⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40890.exe
        15⤵
        
        PID:7420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        16⤵
        
        PID:8512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
        17⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 236
        16⤵
        
        PID:8400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 236
        15⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
        14⤵
        
        PID:7788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 240
        13⤵
        
        PID:2088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 236
        12⤵
        
        PID:6136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        11⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 216
        10⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        9⤵
        Program crash
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
        8⤵
        
        PID:1068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 224
        9⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        8⤵
        Program crash
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50287.exe
        8⤵
        Executes dropped EXE
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51714.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
        10⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
        11⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61299.exe
        12⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-225.exe
        13⤵
        
        PID:7076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        14⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
        15⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
        16⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
        16⤵
        
        PID:8796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 236
        15⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
        14⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
        13⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
        12⤵
        
        PID:6904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 236
        11⤵
        
        PID:6096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
        10⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        9⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
        8⤵
        Program crash
        
        PID:2632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 240
        7⤵
        Program crash
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        8⤵
        Program crash
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15455.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
        8⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        9⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29535.exe
        10⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18134.exe
        11⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10588.exe
        12⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50910.exe
        13⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
        14⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60028.exe
        15⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36759.exe
        16⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37748.exe
        17⤵
        
        PID:8460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26259.exe
        18⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 236
        18⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
        17⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 236
        16⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
        15⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
        14⤵
        
        PID:6912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 236
        13⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 236
        12⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9197.exe
        11⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        12⤵
        
        PID:5244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 224
        13⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 236
        12⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 240
        11⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
        10⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63873.exe
        11⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        12⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19712.exe
        13⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43417.exe
        14⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17216.exe
        15⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60882.exe
        16⤵
        
        PID:8696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
        17⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
        16⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 236
        15⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        14⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 236
        13⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 236
        12⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
        11⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60827.exe
        12⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49338.exe
        13⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63531.exe
        14⤵
        
        PID:8028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 224
        15⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 236
        14⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 236
        13⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 236
        12⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 240
        11⤵
        
        PID:6320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 240
        10⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
        9⤵
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
        8⤵
        Program crash
        
        PID:3564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
        7⤵
        Program crash
        
        PID:2504
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
        6⤵
        Program crash
        
        PID:1136
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5455.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2845.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33162.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48019.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56234.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        9⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7173.exe
        10⤵
        
        PID:3224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 200
        11⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
        10⤵
        
        PID:4292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        9⤵
        Program crash
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22061.exe
        8⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63390.exe
        9⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 224
        10⤵
        
        PID:3364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
        9⤵
        Program crash
        
        PID:3892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 220
        8⤵
        Program crash
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
        8⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 224
        9⤵
        
        PID:3180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
        8⤵
        Program crash
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
        7⤵
        Program crash
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1511.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35622.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17231.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10681.exe
        9⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39841.exe
        10⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28596.exe
        11⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
        12⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
        13⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
        14⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13899.exe
        15⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        16⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32050.exe
        17⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 236
        17⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
        16⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 236
        15⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 236
        14⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 236
        13⤵
        
        PID:6156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
        12⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 236
        11⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
        10⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
        9⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        8⤵
        Program crash
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
        7⤵
        
        PID:1980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 224
        8⤵
        
        PID:3244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 220
        7⤵
        Program crash
        
        PID:3604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
        6⤵
        Program crash
        
        PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34785.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53712.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7308.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21564.exe
        9⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58974.exe
        11⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
        12⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 224
        13⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 236
        12⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
        11⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
        10⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9493.exe
        11⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 224
        12⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 236
        11⤵
        
        PID:6272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 220
        10⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 216
        9⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
        8⤵
        Program crash
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
        7⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 224
        8⤵
        
        PID:3332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        7⤵
        Program crash
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3120.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
        7⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23941.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
        9⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        10⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        11⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe
        12⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
        13⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51580.exe
        14⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28402.exe
        15⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
        16⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        15⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
        14⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 236
        13⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 236
        12⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
        11⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 236
        10⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
        11⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        12⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29167.exe
        13⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36570.exe
        14⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        15⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 236
        15⤵
        
        PID:8636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
        14⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 236
        13⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 236
        12⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 236
        11⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 236
        10⤵
        
        PID:832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 240
        9⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
        8⤵
        
        PID:4556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
        7⤵
        Program crash
        
        PID:3648
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
        6⤵
        Program crash
        
        PID:1920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
        5⤵
        Program crash
        
        PID:1892
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 320
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:932
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 320
        5⤵
        Program crash
        
        PID:1544
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3016
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2832
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35518.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29955.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31491.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32114.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        10⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
        11⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7.exe
        12⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50334.exe
        13⤵
        
        PID:5632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 224
        14⤵
        
        PID:6856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 236
        13⤵
        
        PID:6288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 236
        12⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
        11⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
        12⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        13⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
        14⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        15⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6502.exe
        16⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54520.exe
        17⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 236
        16⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
        15⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
        14⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 236
        13⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 236
        12⤵
        
        PID:6408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 240
        11⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 216
        10⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
        9⤵
        Program crash
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
        8⤵
        
        PID:2596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 224
        9⤵
        
        PID:3296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
        8⤵
        Program crash
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9550.exe
        9⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
        10⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57952.exe
        11⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31476.exe
        12⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
        13⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
        14⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52327.exe
        15⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42592.exe
        16⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29720.exe
        17⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        17⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        16⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 236
        15⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 236
        14⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 236
        13⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 236
        12⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 236
        11⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
        10⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 220
        9⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
        8⤵
        Program crash
        
        PID:3740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        7⤵
        Program crash
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50520.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42228.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
        8⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
        9⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23697.exe
        10⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
        11⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26489.exe
        12⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32104.exe
        13⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25301.exe
        14⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25680.exe
        15⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        16⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 236
        16⤵
        
        PID:5772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 236
        15⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 236
        14⤵
        
        PID:8152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 236
        13⤵
        
        PID:7532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
        12⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 236
        11⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43540.exe
        10⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        11⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
        12⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
        13⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        14⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38316.exe
        15⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
        16⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
        16⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
        15⤵
        
        PID:8652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 236
        14⤵
        
        PID:1688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 236
        13⤵
        
        PID:7676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 236
        12⤵
        
        PID:7104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 236
        11⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 240
        10⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 216
        9⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        8⤵
        Program crash
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
        7⤵
        
        PID:2824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 224
        8⤵
        
        PID:3352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
        7⤵
        Program crash
        
        PID:3804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
        6⤵
        Program crash
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53068.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22747.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23562.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55414.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4838.exe
        10⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        11⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
        12⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
        13⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33085.exe
        14⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
        15⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
        16⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39471.exe
        17⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 236
        16⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 236
        15⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 236
        14⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 236
        13⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 236
        12⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 236
        11⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
        10⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43728.exe
        11⤵
        
        PID:5420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
        12⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10059.exe
        13⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe
        14⤵
        
        PID:7948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7078.exe
        15⤵
        
        PID:9020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 224
        16⤵
        
        PID:5476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 236
        15⤵
        
        PID:9032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
        14⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 236
        13⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
        12⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 236
        11⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 240
        10⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
        9⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        8⤵
        Program crash
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
        8⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
        9⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24704.exe
        10⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
        11⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        12⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        13⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
        14⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17987.exe
        15⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30810.exe
        16⤵
        
        PID:8976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
        15⤵
        
        PID:1812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
        14⤵
        
        PID:3492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
        13⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 236
        12⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 236
        11⤵
        
        PID:5856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 236
        10⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        9⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
        8⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        7⤵
        Program crash
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7780.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49955.exe
        9⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
        10⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        11⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 224
        12⤵
        
        PID:6872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 236
        11⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        10⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
        9⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        8⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 236
        7⤵
        Program crash
        
        PID:2408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
        6⤵
        Program crash
        
        PID:2684
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        5⤵
        Program crash
        
        PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19736.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25461.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 224
        7⤵
        Program crash
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        7⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3520.exe
        8⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
        9⤵
        
        PID:4944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25088.exe
        10⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
        11⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32540.exe
        12⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47584.exe
        13⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
        14⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        15⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
        15⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
        14⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 236
        13⤵
        
        PID:7392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 236
        12⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
        11⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 236
        10⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13390.exe
        9⤵
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        11⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12306.exe
        12⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22800.exe
        13⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6035.exe
        14⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7073.exe
        15⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 236
        14⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 236
        13⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
        12⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 236
        11⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 236
        10⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 240
        9⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 216
        8⤵
        
        PID:4580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
        7⤵
        Program crash
        
        PID:3612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
        6⤵
        Program crash
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42351.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3800.exe
        7⤵
        
        PID:2472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 224
        8⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 216
        7⤵
        Program crash
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26913.exe
        6⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 188
        7⤵
        Program crash
        
        PID:2044
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
        6⤵
        
        PID:3704
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
        5⤵
        Program crash
        
        PID:1696
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
      4⤵
      Program crash
      PID:1836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        5⤵
        Program crash
        
        PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48984.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1704
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 224
        5⤵
        Program crash
        
        PID:2412
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
      4⤵
      Program crash
      PID:2012
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2172
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
  2⤵
  - Program crash
  PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11760.exe

Filesize
184KB

MD5
d2fbb8c7b217025daf8f30ad3bd6ba5a

SHA1
3f84001c250066ac6ccf63780fc2477cfa605138

SHA256
7a0d2c05c0f5e0a7f4404955677f2a1051009cd04fe1b8ba660af9b445b037d6

SHA512
5d9dcdcd6e4aa2039e582839fd91682d420f469007da443e44e3d5eab13d2db9453edf1da89bb292d1fda47281051f3dca53fd9369b087ea2e7704d3408b335c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe

Filesize
184KB

MD5
f65194a5e9a41d9c01323be1d43031a9

SHA1
4458790ebd742e7cc404d9d3c18b872d2f24a57d

SHA256
d72f4aca6dee94d3f9d9d5933cf5081431dd2e99e961248442239385d2417cd5

SHA512
33e37c9a7303d11e29ef84b14f87985364d4007fae5f0d4da6ff287a593bda42708264a04607a15158274362049688551e8d5bd28015f5abc3813a43a40eef17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe

Filesize
184KB

MD5
56114fd50ceacf79158cb2e493b5125d

SHA1
7a7b59bbe7d84d6294b843b1bc7470ef77c36261

SHA256
a8723b901147fa2589d0c3fc4ca5493d2dd469d5523fc28a33f288aaae62b96c

SHA512
46b97b60a698e874d6e58772040ded06691eec585eb50f796fd5521acd18cc7ebe209fcc7162cc66cf61ee4ca418600514a54553c27a803d3ff2c81180de2bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe

Filesize
184KB

MD5
17328069182c387d72b14904b780ba6e

SHA1
b875253381598f5f37d61864107917bb8355341e

SHA256
fe320fdbb023824f1455f42407ae0211813baa3d9fc024854d6fb622e71dbcb4

SHA512
efeb76988d5061924070a2c7c07928d02672e03e08b193e27afe7f515e65695bc62a2525c459005a2bd93e6a02fa6df5980d775d3c34301f479ca3dca6007bbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6354.exe

Filesize
184KB

MD5
d46fcf26167561140de8dc43a513193a

SHA1
6712cc1deb425135a89ef195679066af9ed8eb78

SHA256
310668ed4775994e07f720842197b3249c145d0be1658d30c23d0d4cb8497fa6

SHA512
c521b6886b7bd82d8ae01fa8667419bb7fd838324b7370c0898cce1182f987e36c34a20fbc120301f568b21b552e3321ca6ad02905f25a697211c1f460242bd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6502.exe

Filesize
184KB

MD5
7097c948ae986127636272005285376f

SHA1
0e740bdfc2d389fe1fdd019b9d41a2c57dabb49b

SHA256
c7e923c0f875ef0e20f356407ec3075f8272232d681f078c4d67f7d9e5ab1476

SHA512
bf472b1458ccb705bc5e6849d66552e449a0e87fcfd0ea7b470fd3df27ce564b6150d4747fae3934e98708a37cb367b60619e2d4125345ad1670169df49221e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe

Filesize
184KB

MD5
b04e8ee8852b4e219fcdc94d5ba56592

SHA1
feab7fe3aa0fc68a13d3ffd762443911cdc9edbb

SHA256
df1771de708ad0303c6b34fa86f53d91fc030199ce51eae99546bfa65cc8b86f

SHA512
162bd0478be6f73a333dc0f2dcd81bf8cf45b964b92c65488b4649e2b9456320055168ad76ccb8dee80577504073b4be6968a9e60d4d051d38d254de78faecef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe

Filesize
184KB

MD5
60f7f04feeb4596faf6d815014630e90

SHA1
a599937ebe36179dd9a3faedab554fd58d2c46f2

SHA256
9c80c26b2a7c0120dca0707c103ec88570b442acefb28d4da90f98c9118c89cf

SHA512
31ed03a36edb1f54463db5ecd4119aedaa152c2da814cd7b9a06ae789097131b60a91345877ff8c914ae075d97f1ea6fe128bb323dffc8d2293c33fa1c743fc7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45165.exe

Filesize
184KB

MD5
4a42b0a5958080c2ca12a2f1f4316ac4

SHA1
2bcff5cfb571576aa72b200a99fbbde93edf0a78

SHA256
c2cdff90c1823c24921923dc8b4382fa3adb619f42c0e03c501f344de3223da2

SHA512
cda9819bdae207aee752f65d8dce64539a17c94cbfd4c4bdb9dbfc2253fd015bb6431b49bab34b472967f8bef26e493018061e9ac0e48a8f3c11916a085042df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe

Filesize
184KB

MD5
6da651128b12b7e585f005a4cbca3b06

SHA1
811b58b19097c2be67784b142e78e1d1eb441575

SHA256
fe20f02b77c38e20817365c276412950be0fe20a57293d59cd56c02c47ee6ff6

SHA512
cad88244effc5f8192cfacc83d5c6dbcf9b5d8b6a4deaca7a6301826de4449fd767448284cdea809f5e82049e8bcfe7fee6d4308f7a407700f8a25d4a5d564ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48.exe

Filesize
184KB

MD5
3967eac62596930cf30cc633613cadf2

SHA1
b9af25b4c7a7e8a130f924059c3b9f800fd67cdc

SHA256
b085683c0fb59462ee3f43470ccca22c367d186b0324a90f69c15e7ce459df10

SHA512
00139724fcce90330dc1726b932feac0acea8f9ada15618de573e0528b049a0303bdadb65338dd305e9586405f0fd9a1f75aea27b62af27a5f200251ffe275c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4988.exe

Filesize
184KB

MD5
8f3d886bc96ed62e3310009b179b0d6d

SHA1
d7562f1eae8ac6eacb78f707bbff77237f225e2e

SHA256
cb87f1895cfbeace1fde27f9ef83cc12c9ef21ad7272bf8af4b87215118aa0e4

SHA512
e03e7e76c77972b17850522ee104bf07c4663f87809ac9e60337d26a10ea4c281c6c925e64792a244bfd0de4ae66b4588338e1b8511c472080a705ca34ae9898

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe

Filesize
184KB

MD5
2355da1e5a52c6c885927e8173e7fb9e

SHA1
4f950d9449a11ee016a93af39226fd8fa18de62c

SHA256
c8d9dd5a806c88f0f0a72c92e6ac3f263038ae2b187bf0868a592aeb7d07d93b

SHA512
bf97fdc130dfbd5abd42ae31989de25d154b2cad61e2c93877788ccbe5613ea99e96c8491baab902250f0e203021ecf8c654f69d5adb7b0b5a287d6648a57ed2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5455.exe

Filesize
184KB

MD5
e564d9796ffb25fa8c3ad72046a1eac5

SHA1
cbb6d5943e833df9030e0f682b0fa71a07921a2f

SHA256
ed582f04f94767a5086825599da515c54dbe40cd4a7f84de59087e8e25b394f6

SHA512
3fe17e63b528b7367c7d8355206af0814351dc60b50674f16be2a5e73dc92dff30e8aa5cb808ae78e5e15f26db4012bc9ecd714584f16c883a244e7559cc8bf3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe

Filesize
184KB

MD5
51e26d35c357f5d0ee0672e7664eb1b0

SHA1
1a8a2f3ac5482aa023cf67d5947185cab46a0a03

SHA256
86a296c51b39387667f41cffff3959f5da6b664cbda56f7c6a47d67655f33bee

SHA512
3e5e8a4b6f49d554284767126c77d6172de786aab1ded5bd3c1194420ff9adaec812229ddfc58ceae40ee375c25e772c7d1cb8808d406b668bdc1318633ad97a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62352.exe

Filesize
184KB

MD5
867ab079e9419a211174a3e7b940a8bd

SHA1
a8f3fa91be04322fabbd1318b3135b6ad7cfbbc5

SHA256
bdef3ac43fd9459b5328661936c936cdca830011366517882fff6cffea4988cd

SHA512
846d609a452f175ba6bdad009d29ce4310b363d32a9cfdafd0f0cf122efdab2c5229dcf18c309782d2dd8e260e759025b2f9bad8cbad6a510d68039b9053efa3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads