69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 22:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe
Size

184KB
MD5

0eab8edef7fa25b7aaaf1a0f6d81708c
SHA1

cc75756338cb7578d3dba9d7c526ba9766cfc00f
SHA256

69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647
SHA512

dc2b340f4d0fd302272645fc169c0dfb9f3162d369e5ba98352b8b9d10d7d12be1d648399974b58744a91342e6a6c5ae20bd0c77446098159da22298561529b1
SSDEEP

3072:ynU318oWyRhTdj8WRimLPg1ChlnViFGn:yndoVJj8sLo1ChlnViFG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2744	Unicorn-45540.exe
2664	Unicorn-21659.exe
2552	Unicorn-63246.exe
2872	Unicorn-3267.exe
2584	Unicorn-20673.exe
2576	Unicorn-14128.exe
1492	Unicorn-33008.exe
292	Unicorn-9058.exe
240	Unicorn-56142.exe
2304	Unicorn-43890.exe
2732	Unicorn-58835.exe
2044	Unicorn-23553.exe
1792	Unicorn-65140.exe
2508	Unicorn-19831.exe
2096	Unicorn-4886.exe
1836	Unicorn-802.exe
3060	Unicorn-27445.exe
2784	Unicorn-58171.exe
2976	Unicorn-3495.exe
1752	Unicorn-57377.exe
2924	Unicorn-14398.exe
780	Unicorn-50833.exe
2320	Unicorn-9053.exe
616	Unicorn-54746.exe
2056	Unicorn-11767.exe
1108	Unicorn-21882.exe
2120	Unicorn-2016.exe
1756	Unicorn-59385.exe
2200	Unicorn-36272.exe
1744	Unicorn-13713.exe
2052	Unicorn-51217.exe
2440	Unicorn-49064.exe
2484	Unicorn-18338.exe
2840	Unicorn-21030.exe
2432	Unicorn-36812.exe
588	Unicorn-4715.exe
1084	Unicorn-19660.exe
1428	Unicorn-45556.exe
2712	Unicorn-21606.exe
808	Unicorn-41280.exe
1988	Unicorn-9162.exe
1140	Unicorn-6168.exe
2472	Unicorn-60885.exe
1100	Unicorn-24451.exe
1636	Unicorn-57123.exe
804	Unicorn-33173.exe
3048	Unicorn-14144.exe
2204	Unicorn-40787.exe
2996	Unicorn-12561.exe
840	Unicorn-63153.exe
1060	Unicorn-58062.exe
2400	Unicorn-51285.exe
2124	Unicorn-27357.exe
1328	Unicorn-25965.exe
2356	Unicorn-55945.exe
2436	Unicorn-51861.exe
2340	Unicorn-19743.exe
3032	Unicorn-49723.exe
2344	Unicorn-14912.exe
1200	Unicorn-13329.exe
1264	Unicorn-29111.exe
1296	Unicorn-29111.exe
1208	Unicorn-44056.exe
864	Unicorn-43501.exe

Loads dropped DLL 64 IoCs

pid	Process
2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe
2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe
2744	Unicorn-45540.exe
2744	Unicorn-45540.exe
2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe
2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe
2552	Unicorn-63246.exe
2744	Unicorn-45540.exe
2664	Unicorn-21659.exe
2552	Unicorn-63246.exe
2664	Unicorn-21659.exe
2744	Unicorn-45540.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
584	WerFault.exe
2872	Unicorn-3267.exe
2872	Unicorn-3267.exe
2552	Unicorn-63246.exe
2552	Unicorn-63246.exe
2584	Unicorn-20673.exe
2584	Unicorn-20673.exe
2664	Unicorn-21659.exe
2664	Unicorn-21659.exe
2576	Unicorn-14128.exe
2576	Unicorn-14128.exe
2276	WerFault.exe
2276	WerFault.exe
2276	WerFault.exe
2276	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
1964	WerFault.exe
2276	WerFault.exe
1964	WerFault.exe
1492	Unicorn-33008.exe
1492	Unicorn-33008.exe
2872	Unicorn-3267.exe
2872	Unicorn-3267.exe
240	Unicorn-56142.exe
2584	Unicorn-20673.exe
240	Unicorn-56142.exe
2584	Unicorn-20673.exe
2732	Unicorn-58835.exe
2732	Unicorn-58835.exe
292	Unicorn-9058.exe
292	Unicorn-9058.exe
2304	Unicorn-43890.exe
2304	Unicorn-43890.exe
2576	Unicorn-14128.exe
2576	Unicorn-14128.exe
1696	WerFault.exe
1696	WerFault.exe
1696	WerFault.exe
1696	WerFault.exe
1696	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1072	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2760	2656	WerFault.exe	27
584	2744	WerFault.exe	28
2276	2552	WerFault.exe	30
1964	2664	WerFault.exe	29
1696	2872	WerFault.exe	32
1496	2584	WerFault.exe	34
1072	2576	WerFault.exe	33
1976	1492	WerFault.exe	36
2632	240	WerFault.exe	38
2564	2732	WerFault.exe	39
2772	2304	WerFault.exe	40
2596	292	WerFault.exe	37
2016	2044	WerFault.exe	43
1564	1792	WerFault.exe	44
1148	2508	WerFault.exe	46
2292	2096	WerFault.exe	45
2264	1836	WerFault.exe	47
1616	3060	WerFault.exe	48
2600	2976	WerFault.exe	50
2688	2784	WerFault.exe	49
2676	2532	WerFault.exe	127
1520	2924	WerFault.exe	55
2788	1752	WerFault.exe	54
1692	2320	WerFault.exe	57
3028	2056	WerFault.exe	59
2060	616	WerFault.exe	58
1624	2120	WerFault.exe	61
1056	2440	WerFault.exe	71
1364	1108	WerFault.exe	60
1604	2484	WerFault.exe	72
1612	1756	WerFault.exe	62
936	2840	WerFault.exe	73
2444	2432	WerFault.exe	74
2452	1084	WerFault.exe	76
952	588	WerFault.exe	75
1768	2712	WerFault.exe	78
2944	1428	WerFault.exe	77
788	1988	WerFault.exe	82
3084	2472	WerFault.exe	84
3092	1100	WerFault.exe	85
3100	1140	WerFault.exe	83
3288	2200	WerFault.exe	63
3308	1636	WerFault.exe	86
3720	780	WerFault.exe	56
3784	3048	WerFault.exe	88
3848	2052	WerFault.exe	65
3856	840	WerFault.exe	91
3864	1744	WerFault.exe	64
3984	804	WerFault.exe	87
3304	2996	WerFault.exe	90
3408	1724	WerFault.exe	119
3448	596	WerFault.exe	131
3468	1208	WerFault.exe	112
3508	2344	WerFault.exe	108
3548	2956	WerFault.exe	116
3580	2124	WerFault.exe	98
3592	2184	WerFault.exe	121
3680	1632	WerFault.exe	133
3700	1328	WerFault.exe	100
3708	1060	WerFault.exe	95
3716	2400	WerFault.exe	96
3732	2356	WerFault.exe	103
3888	864	WerFault.exe	113
3896	2280	WerFault.exe	115

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe
2744	Unicorn-45540.exe
2552	Unicorn-63246.exe
2664	Unicorn-21659.exe
2872	Unicorn-3267.exe
2584	Unicorn-20673.exe
2576	Unicorn-14128.exe
1492	Unicorn-33008.exe
292	Unicorn-9058.exe
240	Unicorn-56142.exe
2304	Unicorn-43890.exe
2732	Unicorn-58835.exe
2044	Unicorn-23553.exe
1792	Unicorn-65140.exe
2508	Unicorn-19831.exe
2096	Unicorn-4886.exe
3060	Unicorn-27445.exe
1836	Unicorn-802.exe
2976	Unicorn-3495.exe
2784	Unicorn-58171.exe
1752	Unicorn-57377.exe
780	Unicorn-50833.exe
2924	Unicorn-14398.exe
2320	Unicorn-9053.exe
616	Unicorn-54746.exe
2056	Unicorn-11767.exe
1108	Unicorn-21882.exe
2120	Unicorn-2016.exe
1756	Unicorn-59385.exe
1744	Unicorn-13713.exe
2200	Unicorn-36272.exe
2052	Unicorn-51217.exe
2440	Unicorn-49064.exe
2484	Unicorn-18338.exe
2840	Unicorn-21030.exe
2432	Unicorn-36812.exe
1084	Unicorn-19660.exe
588	Unicorn-4715.exe
1428	Unicorn-45556.exe
2712	Unicorn-21606.exe
808	Unicorn-41280.exe
1988	Unicorn-9162.exe
1140	Unicorn-6168.exe
2472	Unicorn-60885.exe
1100	Unicorn-24451.exe
1636	Unicorn-57123.exe
804	Unicorn-33173.exe
3048	Unicorn-14144.exe
2204	Unicorn-40787.exe
840	Unicorn-63153.exe
2996	Unicorn-12561.exe
1060	Unicorn-58062.exe
2400	Unicorn-51285.exe
2124	Unicorn-27357.exe
2356	Unicorn-55945.exe
2340	Unicorn-19743.exe
2436	Unicorn-51861.exe
3032	Unicorn-49723.exe
2344	Unicorn-14912.exe
1200	Unicorn-13329.exe
1264	Unicorn-29111.exe
1296	Unicorn-29111.exe
1208	Unicorn-44056.exe
864	Unicorn-43501.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2744	2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe	28
PID 2656 wrote to memory of 2744	2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe	28
PID 2656 wrote to memory of 2744	2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe	28
PID 2656 wrote to memory of 2744	2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe	28
PID 2744 wrote to memory of 2664	2744	Unicorn-45540.exe	29
PID 2744 wrote to memory of 2664	2744	Unicorn-45540.exe	29
PID 2744 wrote to memory of 2664	2744	Unicorn-45540.exe	29
PID 2744 wrote to memory of 2664	2744	Unicorn-45540.exe	29
PID 2656 wrote to memory of 2552	2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe	30
PID 2656 wrote to memory of 2552	2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe	30
PID 2656 wrote to memory of 2552	2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe	30
PID 2656 wrote to memory of 2552	2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe	30
PID 2656 wrote to memory of 2760	2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe	31
PID 2656 wrote to memory of 2760	2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe	31
PID 2656 wrote to memory of 2760	2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe	31
PID 2656 wrote to memory of 2760	2656	69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe	31
PID 2552 wrote to memory of 2872	2552	Unicorn-63246.exe	32
PID 2552 wrote to memory of 2872	2552	Unicorn-63246.exe	32
PID 2552 wrote to memory of 2872	2552	Unicorn-63246.exe	32
PID 2552 wrote to memory of 2872	2552	Unicorn-63246.exe	32
PID 2664 wrote to memory of 2584	2664	Unicorn-21659.exe	34
PID 2664 wrote to memory of 2584	2664	Unicorn-21659.exe	34
PID 2664 wrote to memory of 2584	2664	Unicorn-21659.exe	34
PID 2664 wrote to memory of 2584	2664	Unicorn-21659.exe	34
PID 2744 wrote to memory of 2576	2744	Unicorn-45540.exe	33
PID 2744 wrote to memory of 2576	2744	Unicorn-45540.exe	33
PID 2744 wrote to memory of 2576	2744	Unicorn-45540.exe	33
PID 2744 wrote to memory of 2576	2744	Unicorn-45540.exe	33
PID 2744 wrote to memory of 584	2744	Unicorn-45540.exe	35
PID 2744 wrote to memory of 584	2744	Unicorn-45540.exe	35
PID 2744 wrote to memory of 584	2744	Unicorn-45540.exe	35
PID 2744 wrote to memory of 584	2744	Unicorn-45540.exe	35
PID 2872 wrote to memory of 1492	2872	Unicorn-3267.exe	36
PID 2872 wrote to memory of 1492	2872	Unicorn-3267.exe	36
PID 2872 wrote to memory of 1492	2872	Unicorn-3267.exe	36
PID 2872 wrote to memory of 1492	2872	Unicorn-3267.exe	36
PID 2552 wrote to memory of 292	2552	Unicorn-63246.exe	37
PID 2552 wrote to memory of 292	2552	Unicorn-63246.exe	37
PID 2552 wrote to memory of 292	2552	Unicorn-63246.exe	37
PID 2552 wrote to memory of 292	2552	Unicorn-63246.exe	37
PID 2584 wrote to memory of 240	2584	Unicorn-20673.exe	38
PID 2584 wrote to memory of 240	2584	Unicorn-20673.exe	38
PID 2584 wrote to memory of 240	2584	Unicorn-20673.exe	38
PID 2584 wrote to memory of 240	2584	Unicorn-20673.exe	38
PID 2664 wrote to memory of 2732	2664	Unicorn-21659.exe	39
PID 2664 wrote to memory of 2732	2664	Unicorn-21659.exe	39
PID 2664 wrote to memory of 2732	2664	Unicorn-21659.exe	39
PID 2664 wrote to memory of 2732	2664	Unicorn-21659.exe	39
PID 2576 wrote to memory of 2304	2576	Unicorn-14128.exe	40
PID 2576 wrote to memory of 2304	2576	Unicorn-14128.exe	40
PID 2576 wrote to memory of 2304	2576	Unicorn-14128.exe	40
PID 2576 wrote to memory of 2304	2576	Unicorn-14128.exe	40
PID 2552 wrote to memory of 2276	2552	Unicorn-63246.exe	41
PID 2552 wrote to memory of 2276	2552	Unicorn-63246.exe	41
PID 2552 wrote to memory of 2276	2552	Unicorn-63246.exe	41
PID 2552 wrote to memory of 2276	2552	Unicorn-63246.exe	41
PID 2664 wrote to memory of 1964	2664	Unicorn-21659.exe	42
PID 2664 wrote to memory of 1964	2664	Unicorn-21659.exe	42
PID 2664 wrote to memory of 1964	2664	Unicorn-21659.exe	42
PID 2664 wrote to memory of 1964	2664	Unicorn-21659.exe	42
PID 1492 wrote to memory of 2044	1492	Unicorn-33008.exe	43
PID 1492 wrote to memory of 2044	1492	Unicorn-33008.exe	43
PID 1492 wrote to memory of 2044	1492	Unicorn-33008.exe	43
PID 1492 wrote to memory of 2044	1492	Unicorn-33008.exe	43

C:\Users\Admin\AppData\Local\Temp\69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe
"C:\Users\Admin\AppData\Local\Temp\69268bc5071d943e1ac19bdd0a72d273b924e2efc9f2cea10e783907c121e647.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45556.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29111.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
        10⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
        11⤵
        
        PID:4336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25541.exe
        12⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
        13⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45528.exe
        14⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
        15⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 236
        15⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
        14⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        13⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
        12⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
        11⤵
        
        PID:4920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
        10⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 216
        9⤵
        Program crash
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44056.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18390.exe
        10⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
        11⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59412.exe
        12⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe
        13⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37651.exe
        14⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
        14⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
        13⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        12⤵
        
        PID:6572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        11⤵
        
        PID:5784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        10⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 216
        9⤵
        Program crash
        
        PID:3468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 240
        8⤵
        Program crash
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29111.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
        10⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
        11⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10076.exe
        12⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58979.exe
        13⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        14⤵
        
        PID:8916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
        14⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 236
        13⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 236
        12⤵
        
        PID:7200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 236
        11⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
        10⤵
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 236
        9⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
        8⤵
        Program crash
        
        PID:1768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        7⤵
        Program crash
        
        PID:2292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 236
        6⤵
        Program crash
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19831.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        9⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41825.exe
        10⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14959.exe
        11⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61223.exe
        12⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54656.exe
        13⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49903.exe
        14⤵
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
        14⤵
        
        PID:5836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 236
        13⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 236
        12⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
        11⤵
        
        PID:6176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
        10⤵
        
        PID:4068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
        9⤵
        Program crash
        
        PID:3508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 236
        8⤵
        Program crash
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59702.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37606.exe
        9⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 188
        10⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 216
        9⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 236
        8⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
        7⤵
        Program crash
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19660.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22261.exe
        8⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        9⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47523.exe
        10⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
        11⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53037.exe
        12⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59358.exe
        13⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
        13⤵
        
        PID:9064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
        12⤵
        
        PID:7816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 236
        11⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12172.exe
        10⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
        11⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55274.exe
        12⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        12⤵
        
        PID:9040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
        11⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 220
        10⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
        9⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
        8⤵
        
        PID:3952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 236
        7⤵
        Program crash
        
        PID:2452
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        6⤵
        Program crash
        
        PID:1148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-802.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11767.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41280.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43501.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16148.exe
        9⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
        10⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        11⤵
        
        PID:4904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
        12⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
        13⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62596.exe
        14⤵
        
        PID:8480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 236
        14⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
        13⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
        12⤵
        
        PID:7192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 236
        11⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 216
        10⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 236
        9⤵
        Program crash
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        8⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
        9⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
        10⤵
        
        PID:6048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
        11⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        12⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
        13⤵
        
        PID:8892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
        13⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
        12⤵
        
        PID:7312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 236
        11⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
        10⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 216
        9⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 240
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46770.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4274.exe
        9⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 240
        10⤵
        
        PID:5888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        9⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 216
        8⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        7⤵
        Program crash
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9162.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7320.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56256.exe
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36563.exe
        9⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58322.exe
        10⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
        11⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
        12⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14957.exe
        13⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
        13⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 236
        12⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        11⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        10⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
        9⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
        8⤵
        Program crash
        
        PID:3896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
        7⤵
        Program crash
        
        PID:788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
        6⤵
        Program crash
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24451.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22562.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
        9⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
        10⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        11⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44973.exe
        12⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18933.exe
        13⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 236
        13⤵
        
        PID:6468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
        12⤵
        
        PID:8648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
        11⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        10⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        9⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        8⤵
        Program crash
        
        PID:3548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 236
        7⤵
        Program crash
        
        PID:3092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60968.exe
        6⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39936.exe
        8⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
        9⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52863.exe
        10⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24361.exe
        11⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18933.exe
        12⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 216
        12⤵
        
        PID:6404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 236
        11⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        10⤵
        
        PID:7276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
        9⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        8⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
        7⤵
        
        PID:4428
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        6⤵
        Program crash
        
        PID:1624
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        5⤵
        Program crash
        
        PID:2564
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58171.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36272.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50683.exe
        8⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61347.exe
        9⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe
        10⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-294.exe
        11⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55878.exe
        12⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        13⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
        14⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
        14⤵
        
        PID:5152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 236
        13⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
        12⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
        11⤵
        
        PID:5820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
        10⤵
        
        PID:4128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
        9⤵
        Program crash
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        8⤵
        Program crash
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35281.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62878.exe
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64160.exe
        10⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59168.exe
        11⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        12⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
        13⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
        13⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
        12⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
        11⤵
        
        PID:7488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        10⤵
        
        PID:5716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
        9⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 216
        8⤵
        
        PID:4216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
        7⤵
        Program crash
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33173.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
        7⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3039.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40751.exe
        9⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
        10⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37106.exe
        11⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        12⤵
        
        PID:8232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
        12⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
        11⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 236
        10⤵
        
        PID:6500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
        9⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 216
        8⤵
        
        PID:4816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 236
        7⤵
        Program crash
        
        PID:3984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        6⤵
        Program crash
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51217.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63153.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13734.exe
        7⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
        9⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        10⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16494.exe
        11⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62430.exe
        12⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
        12⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 236
        11⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 236
        10⤵
        
        PID:6928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
        9⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 216
        8⤵
        
        PID:4620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 236
        7⤵
        Program crash
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51238.exe
        6⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18416.exe
        7⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59033.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14762.exe
        9⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        10⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        11⤵
        
        PID:4928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
        11⤵
        
        PID:5424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
        10⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
        9⤵
        
        PID:6792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
        8⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 216
        7⤵
        
        PID:4612
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        6⤵
        Program crash
        
        PID:3848
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
        5⤵
        Program crash
        
        PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13713.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40787.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
        7⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57756.exe
        8⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53475.exe
        9⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        10⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        11⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
        12⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
        13⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 236
        13⤵
        
        PID:9336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 236
        12⤵
        
        PID:8856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
        11⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 216
        10⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 236
        9⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 236
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        7⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20035.exe
        8⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
        9⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2567.exe
        10⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55746.exe
        11⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
        12⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 236
        12⤵
        
        PID:9352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        11⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        10⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
        9⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
        8⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        7⤵
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63490.exe
        6⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        8⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
        9⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31906.exe
        10⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54646.exe
        11⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
        11⤵
        
        PID:2224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
        10⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
        9⤵
        
        PID:6832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        8⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
        7⤵
        
        PID:4636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        6⤵
        Program crash
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12561.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44461.exe
        6⤵
        
        PID:2532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 36
        7⤵
        Program crash
        
        PID:2676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
        6⤵
        Program crash
        
        PID:3304
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        5⤵
        Program crash
        
        PID:2600
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1072
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63246.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63246.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33008.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
        9⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
        10⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
        11⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52842.exe
        12⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
        13⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        14⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 236
        14⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 216
        13⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 236
        12⤵
        
        PID:6440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        11⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 216
        10⤵
        
        PID:4224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        9⤵
        Program crash
        
        PID:3580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
        8⤵
        Program crash
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25965.exe
        7⤵
        Executes dropped EXE
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46874.exe
        8⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3890.exe
        9⤵
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13205.exe
        10⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41654.exe
        11⤵
        
        PID:6704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 188
        12⤵
        
        PID:6568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
        11⤵
        
        PID:7600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
        10⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
        9⤵
        
        PID:4772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 236
        8⤵
        Program crash
        
        PID:3700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        7⤵
        Program crash
        
        PID:2788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
        6⤵
        Program crash
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50833.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47632.exe
        10⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44970.exe
        11⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
        12⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
        13⤵
        
        PID:3676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 236
        13⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 236
        12⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
        11⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        10⤵
        
        PID:5812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        9⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
        8⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
        7⤵
        Program crash
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
        7⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10216.exe
        9⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
        10⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62440.exe
        11⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49301.exe
        12⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 236
        12⤵
        
        PID:5796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 236
        11⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        10⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 236
        9⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
        8⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
        7⤵
        
        PID:4112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
        6⤵
        Program crash
        
        PID:3720
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
        5⤵
        Program crash
        
        PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14398.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49064.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51285.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe
        8⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26257.exe
        9⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        10⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 220
        11⤵
        
        PID:6652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
        10⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 236
        9⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
        8⤵
        Program crash
        
        PID:3716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        7⤵
        Program crash
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58062.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23356.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51342.exe
        8⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55037.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35956.exe
        10⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        11⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe
        12⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        13⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 236
        13⤵
        
        PID:9248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 236
        12⤵
        
        PID:9068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        11⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        10⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
        9⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        8⤵
        Program crash
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        7⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        8⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16003.exe
        9⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1807.exe
        10⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1750.exe
        11⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
        12⤵
        
        PID:9304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
        11⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
        10⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
        9⤵
        
        PID:6820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        8⤵
        
        PID:5248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 240
        7⤵
        Program crash
        
        PID:3708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        6⤵
        Program crash
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21030.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61648.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56983.exe
        8⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7751.exe
        9⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-896.exe
        10⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
        11⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        12⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 236
        12⤵
        
        PID:6956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
        11⤵
        
        PID:8756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
        10⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
        9⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
        8⤵
        
        PID:4864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 216
        7⤵
        Program crash
        
        PID:3732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        6⤵
        Program crash
        
        PID:936
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
        5⤵
        Program crash
        
        PID:1564
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9058.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9058.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27445.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41939.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        8⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        9⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
        10⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
        11⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46405.exe
        12⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
        13⤵
        
        PID:9108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
        13⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
        12⤵
        
        PID:7888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 236
        11⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
        10⤵
        
        PID:6152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
        9⤵
        
        PID:5072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        8⤵
        Program crash
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 236
        7⤵
        Program crash
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9629.exe
        6⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
        9⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7746.exe
        10⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34620.exe
        11⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe
        12⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 236
        12⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        11⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
        10⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 236
        9⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
        8⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 236
        7⤵
        
        PID:3792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
        6⤵
        Program crash
        
        PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60885.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        6⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
        7⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
        8⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
        9⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18411.exe
        10⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37573.exe
        11⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe
        12⤵
        
        PID:4944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 236
        12⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 236
        11⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 236
        10⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
        9⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
        8⤵
        
        PID:5304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 216
        7⤵
        
        PID:4404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
        6⤵
        Program crash
        
        PID:3084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
        5⤵
        Program crash
        
        PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59385.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
        6⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23569.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40559.exe
        8⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35567.exe
        9⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10333.exe
        10⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe
        11⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 236
        11⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
        10⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 236
        9⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 216
        8⤵
        
        PID:5340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 216
        7⤵
        
        PID:4596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
        6⤵
        Program crash
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38793.exe
        5⤵
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
        6⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57476.exe
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26060.exe
        8⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        9⤵
        
        PID:7020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44589.exe
        10⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        11⤵
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 236
        11⤵
        
        PID:4968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
        10⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        9⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
        8⤵
        
        PID:5192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        7⤵
        
        PID:5028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 216
        6⤵
        Program crash
        
        PID:3448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
        5⤵
        Program crash
        
        PID:1612
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
      4⤵
      Program crash
      PID:2596
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2276
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
  2⤵
  - Program crash
  PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe

Filesize
184KB

MD5
4edb11d8c180d5b7fd7b7d02b4fa4155

SHA1
c6e9be3f02b88c64370c95607fc25eeb1b16e3ec

SHA256
59bf19db0cbb20f67f2a14ce2bccdba6e0314eef6d6446c300026493cf571e0d

SHA512
ec78be972973253e8e6613acb9fd8d62e2a0e9c56f90cc5622606037617a13be4d912488ac07cd24c5280259d629632bf61028338bd998024607c250a72cc246

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe

Filesize
184KB

MD5
2a7c5a8af438486ec147a89d4d515c3a

SHA1
362fbe8130509d6d9b6c845c9fcdedb9922752ad

SHA256
a2e403fe0b9df9df72a5d2c126d030ab09f44d64c08a365c903f11004df4cb78

SHA512
0b96024f310684ecca691274e97148be6e7b777cc52d99997c44092001a600b0a718cac3d5f490cf781e5568c78cab7ed4428a2327da247ee74df757e4c159f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43890.exe

Filesize
184KB

MD5
61ad3fbac1a42d5a329e40b0cb858d15

SHA1
aa4842735dcaa1d94585fd8579e67b02c30afca9

SHA256
0b67b65ac9aaa6586113d31bdf67a0cb40def9ff6c17d7f9fdc0e20f5d127e43

SHA512
006d550d592c7ecc424860254f84052d6e83fe2c2805f92e2bd06762347e53fbc2af93ce0b070b5405b4d1bfa119fbec454aeff5004821c1158aad8a9ecfa034

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44056.exe

Filesize
184KB

MD5
e839bbe4f04a84837cffd2ea1a4dcc40

SHA1
a33a97981110a35147cb189a0b1ef61dfbcbf1f0

SHA256
b083e1d31560bbad164990666796147581df3108a95573b4f95ad6a0533608af

SHA512
dd72d4f3b85e994610aeaa6ba988d70645663a07ac85b22d611aef891e8c7fb469abde648ec3a47e380ac3e079dbdeb99121ac7c58ceaae3cbdafa9a3d329092

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44461.exe

Filesize
184KB

MD5
c235bbbfa1b8d4cd5e28469031a01224

SHA1
7b6e1a814bc5ccf235a6c53f2dbd29dd6b87eaa1

SHA256
ef72d16ce1131a67767051dfd0904c5035b0d79af7334766e011623b23751ead

SHA512
7ff538b5dea99e341c890bd90f4ea0493255d0cf6e82867f90f6314be93afaccad49dfe3543746cf50063610dee6d3f06ebc6a53308ac8dba1ac6e9b9f5b4851

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44970.exe

Filesize
184KB

MD5
5ffc8aab82a5b08f58575a2a3e911a61

SHA1
a789a2fd8b877dde155d0aaf75ef760e97b71b39

SHA256
f29207e46befa99d8dd523863b2923f8da09fd5390c8a782d9dc58d1df59301c

SHA512
ee32eace87bfcdbb60f08c17379e7ab9cb3905e86e1eb8fdcb24029ceab85b539305e2de8bb248a2ed0a051522458d7564b84a3c366af98d770ab317da60b20b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58835.exe

Filesize
184KB

MD5
65e100c86980dcc6361e7cf5f2ad6695

SHA1
4d18117e79246e05a1655c933c745dcf1c3192a6

SHA256
d97855bc5ab01fae4a0c852070d7b484e1abf705242e815f9df63d54d0284c7d

SHA512
3624d27e1676bd433dd5edc0cc281d07d363ac73784bedc529d725de73575c9e2cf2a260744e192b653faa0bedf98aa4b99ad2a457c85d5539467ab3e5fc48c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6033.exe

Filesize
184KB

MD5
53c64ce160750523485e551c865288f0

SHA1
5d4ea3969b863f4858d6a73e2fc7dacec569ab7d

SHA256
9e3c5199355c0b28c411b0bdb022f46970f2af63eb427b03e83fd19cf2ff5dcf

SHA512
10511621fb5291aede2c1f893cffe094123309e80e934625d8cabbd90add6bf48c4167e8daf8c1c81e23f28f2aa94960dd2742bdedd9187252b5616ed86e3c49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe

Filesize
184KB

MD5
07d3f0ef28e5900247427a0499a5d153

SHA1
8ba8bddc9ca103caae7423cc8dd0260fe9054bb6

SHA256
93faef3b5addb53fbd6a1e84a75f80934e99c5365ce576f37d30e12b20df785a

SHA512
66b3d68da1110bebccbbe41660a1a4cb31d16c321ca08b66841478abecec0070f8db3b74bf111e8e518dfa0b0c9a97b5109790a530a2d9e47793445b811db72e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe

Filesize
184KB

MD5
ae3ca66d9888f6c7eb2e3f7196fdcf88

SHA1
a02d2e92460d3b403b3633178ee6cc8d6c0ec492

SHA256
95e3de3069f0a73ad822ed9559a428493cfb9a786253996e41b7e7f6b1a12f54

SHA512
ffbadb690429a7d9636b7905725f56a0d6b82ec6e2cf0a9ecddce9a2fc975eba386cb2b209325e8028b64be1b067d15358210e527c0c69203a30c2767238c96e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe

Filesize
184KB

MD5
f5b598b567996d59791e38327abfd2a2

SHA1
e1a702c190e6d78405c8f6f155dbebeb5f381f52

SHA256
922337f5d9a90e1311d77a2c47797112738f013ddfb935028edb6bd16d84663d

SHA512
64d339217d2945acc461bdcd9709d6771593bbd49d98c554d33831bd8cc1b72f08c7c9f5498a6bac8930b1090a4c38f32d9db59ad26adeb038ec6d91a9cbae0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe

Filesize
184KB

MD5
721becf178ffdea5b5da403cebb6bfde

SHA1
afd10e93fd361753b4ebc0591524d16932952c93

SHA256
18d1e9611c0ba14ee0c859e98d8c061b30ae717e647a43079d1b2984ab4a78ff

SHA512
4b2419a89dd91704dc97edea7f9fbf1bf04d0e6653f5a6fd55cd54c40338f42826fa17445f9b18c175157608e073ec1ede41b4b041f6ba00e5e4433b9dd14672

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6739.exe

Filesize
184KB

MD5
c0bd9057691e002dd2057e5002e404c3

SHA1
cb54a3326d598fdc6a033a1b3b48f05aa620dec3

SHA256
910357fdf16bc9f3be2dfea42a2dd8c405afef683daa45771096e91923713552

SHA512
7c6f0f623bc352d7f50a2812084a858a30b37f7bd30a4eb687f1756a94a4b4c5185a1c02898b85cd311fac14d11e965cc74fc1e7fcbc9debae954675c8ed3028

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14128.exe

Filesize
184KB

MD5
de784c0cc1ca602d70d79bb5f39c0969

SHA1
a2f8117e9a1a22d94d064be32cc95c52696f7c64

SHA256
6d1329e9f351463626407efa46e6e756142bf21a81fc099662b478a30867301c

SHA512
f219ced1e42c220f0816f2a2c72ec8153c4e3bb0dcfebf60362b744a53044ffeaf42fb746679ee044828be2790e73f36e8949e7c83808746cd8b8ebad6fb1343

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe

Filesize
184KB

MD5
c7df673d4f467bfeb2075c66276d07b1

SHA1
56d7045ffd79462967cefde1034eef0ab0bceece

SHA256
9764cbd95b396f09e8d4dd0824d35cccb86288c9d6e2617eeedf3e2aa14ad201

SHA512
896def0b512bd604cf4164d4cf350b6b4467cc34db24465737986e5b583f6144bd0b9b138ae55262bdcc81f021debb1c8621a5b7e2e3ada6bf87fffb9dbea3a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21659.exe

Filesize
184KB

MD5
0dd404f09cb6716e219d4bd27011db72

SHA1
ee4be701c6188d00c9c4966671f56af7b2781c35

SHA256
dac7851941b6be87e7165e55c8e9073baa227f2ecf17e040e221e443142ec48e

SHA512
0d11018a34d05caa1dafc30252ad31161fbd9b950e0196fe364ba422928fc92129423bc3f49d1f826237f0659efb0532703102a0bdd702a224c81bfecd6bd2b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe

Filesize
184KB

MD5
43eb54a550eb37b59777b2067b5a1063

SHA1
57cc2291ed81584eda24c71f6a3c0793addae12a

SHA256
424f293ba9de0d19ceaf77fd788d98836db8c5c4225f4c0502b7c943314dfcb6

SHA512
749b24eab34a7d516bd9ee85e963d09cc4a31bb39eacb89974031bbda29b82abae6ae64d5279960fea633d5e6986295056d8c2af8ece3e9b531ac0012d63601d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe

Filesize
184KB

MD5
bef22c22a4d2f20b06f1a3c88eab1ebb

SHA1
6daaca37b3c7a1bb6adb59f47c0b151ea4aa6656

SHA256
2d9f9e3367794a834bd917ee4a87f38764e88576f6b1099f31ba5fb160610ae5

SHA512
b514cc6c935198250d38bca3cdd3f20d1e8924de7699c35873429e8c2ae76e3580e2bb2c9517b40915ff82d854ab912341ae0a9d40e14357d10d663b6dbbfb52

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33008.exe

Filesize
184KB

MD5
609578c4d2772e865bb9f4ca8c105070

SHA1
d2115436bef70cc069a4b82d1e0ea615f058bcd8

SHA256
dc77c2a6ee87cf8acf56e765c91d75f5e209f9d6b9e393cfca62a64022e7d8d5

SHA512
2ac52d28cdd268f4f605cc30d2c8c8428f7a442ed08699515c64e6c2a30af33367307810ad8f6f0c31046b0260e6829e7b6f1ad00c7524415bef7ecc4e96feb7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45540.exe

Filesize
184KB

MD5
7029c2ff7a8eb0c7cbe5e70bee33062a

SHA1
6b9217ae87866c729e83d7d7f34072b4f824d0b2

SHA256
91705ab5eb77d40b4e961110d7d3dfcf23b085dea6cab59ca4ef8d4f1bbb05a0

SHA512
439c499671529fc9721e68971accb4b12cef81ab19cb15e9c6adc4717d55686e35a72d80098344340f9941005a3d019b483ab8f12381d08ea823e2e7cfff4c56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4886.exe

Filesize
184KB

MD5
4bb31cdcda0e04b02be15b2b629cf269

SHA1
55d275cfeea68512c65eb6342ed643d988de2793

SHA256
891c76554f9eb04134449bc594d9d576230fc9a6403f4a71a0c4943595b39555

SHA512
c2b724f896081cc26e7dc5f4602346d7b24e9a7664510c2912012c1b275ff5aed2ebb41a98a0c2ec04aa81387430218ae4777c26749594a89389652435655703

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe

Filesize
184KB

MD5
3a172025c3d7655647b6aa9527981768

SHA1
41ab7ef25cf696c0bca28dbf643db2853e07c4c1

SHA256
c8b06a6f3a835051b9dc7d5d3ed7566aebe1aa87761b212f9e84a76d98b5b09d

SHA512
9bff03c59d9dd8c903c1281c03ca1c1981a2804778ab8c67bb995db2a3861c4fc621e972ce89b167617335fea9f2ee3ae7dd126e092747657300c3bd521e42e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63246.exe

Filesize
184KB

MD5
4e30822fdd742a6936ee3857d0c223ed

SHA1
5da346d94ffa324aa0ba782114a5fff253f9b323

SHA256
2fa0af65d487b3d80b4149a464bdabbdfd30d07baf5aa3ad8c31e70830e13782

SHA512
489337892bd80e187d5d86160aff354eaab4999e45e2bef9b1163b4ed8f6b66801b82cefc219fc32e75e6d0ae57dc6b5b583a0084923c6b922223fbdde948a6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9058.exe

Filesize
184KB

MD5
9682623641e90b639d5391b17809b68c

SHA1
d1074eda4c7359b93c84830608d385130f92ff0e

SHA256
d30f29283e3c5c66a20c14f1efd69515b42217c2f45502ae85acc5f8869b0289

SHA512
84e41aabd2577ecb15c03cbbd460e149d9f6e3b025ca3dd491fbc7711c13e50d1c8c5a41b92b724901ca622190ea27a00c6d0ce920168440c3916eee6e853916

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads