80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe
Size

184KB
MD5

7113a9af24ee97b524cc32a490b8fd62
SHA1

ff3c69d1a409b27278fe70f3167838a4a17312ed
SHA256

80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c
SHA512

827b77d3561776fd243617124b8f3e0945f577317068f40bc5e5da0e481ca5ad05acc840ed95c24f17842ac8f86a96672a83269a0a90d222875fd6695cc19d37
SSDEEP

3072:ACk3K8ofPHhRdFIWelwLRGs2hlnViFFn3:AC2oxfFIYL0s2hlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2912	Unicorn-33787.exe
2664	Unicorn-11119.exe
2552	Unicorn-30148.exe
2616	Unicorn-25653.exe
2524	Unicorn-58003.exe
2584	Unicorn-25653.exe
788	Unicorn-25243.exe
1264	Unicorn-29327.exe
1296	Unicorn-48356.exe
1428	Unicorn-44272.exe
2716	Unicorn-41579.exe
1476	Unicorn-54106.exe
2172	Unicorn-27464.exe
1088	Unicorn-38324.exe
2096	Unicorn-1184.exe
1724	Unicorn-47692.exe
2100	Unicorn-47692.exe
2088	Unicorn-21050.exe
2944	Unicorn-31910.exe
840	Unicorn-13540.exe
1824	Unicorn-52627.exe
792	Unicorn-3426.exe
2924	Unicorn-49098.exe
1020	Unicorn-26539.exe
2320	Unicorn-11594.exe
2196	Unicorn-7873.exe
648	Unicorn-23655.exe
1700	Unicorn-31823.exe
2124	Unicorn-39991.exe
1776	Unicorn-5180.exe
1572	Unicorn-16041.exe
2496	Unicorn-65242.exe
2596	Unicorn-61947.exe
2700	Unicorn-50250.exe
2456	Unicorn-63701.exe
2468	Unicorn-9025.exe
2492	Unicorn-49503.exe
2460	Unicorn-18777.exe
1492	Unicorn-2995.exe
1416	Unicorn-10992.exe
2512	Unicorn-20976.exe
2304	Unicorn-878.exe
2732	Unicorn-7785.exe
1680	Unicorn-46680.exe
2012	Unicorn-39066.exe
1920	Unicorn-32290.exe
2280	Unicorn-20784.exe
1648	Unicorn-48818.exe
772	Unicorn-37120.exe
1656	Unicorn-22176.exe
3052	Unicorn-10478.exe
2784	Unicorn-65154.exe
3040	Unicorn-30344.exe
1108	Unicorn-26992.exe
2116	Unicorn-50105.exe
1616	Unicorn-12601.exe
2940	Unicorn-6571.exe
2440	Unicorn-6571.exe
2576	Unicorn-25600.exe
2592	Unicorn-47988.exe
2024	Unicorn-1480.exe
2520	Unicorn-29706.exe
2672	Unicorn-18008.exe
808	Unicorn-31460.exe

Loads dropped DLL 64 IoCs

pid	Process
2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe
2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe
2912	Unicorn-33787.exe
2912	Unicorn-33787.exe
2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe
2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe
2552	Unicorn-30148.exe
2664	Unicorn-11119.exe
2552	Unicorn-30148.exe
2912	Unicorn-33787.exe
2664	Unicorn-11119.exe
2912	Unicorn-33787.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2584	Unicorn-25653.exe
2584	Unicorn-25653.exe
2616	Unicorn-25653.exe
2664	Unicorn-11119.exe
2552	Unicorn-30148.exe
2552	Unicorn-30148.exe
2616	Unicorn-25653.exe
2664	Unicorn-11119.exe
2524	Unicorn-58003.exe
2524	Unicorn-58003.exe
2348	WerFault.exe
2348	WerFault.exe
2348	WerFault.exe
2256	WerFault.exe
2348	WerFault.exe
2256	WerFault.exe
2256	WerFault.exe
2256	WerFault.exe
2256	WerFault.exe
2348	WerFault.exe
788	Unicorn-25243.exe
2584	Unicorn-25653.exe
788	Unicorn-25243.exe
1296	Unicorn-48356.exe
1296	Unicorn-48356.exe
2584	Unicorn-25653.exe
2616	Unicorn-25653.exe
1428	Unicorn-44272.exe
1264	Unicorn-29327.exe
2616	Unicorn-25653.exe
1428	Unicorn-44272.exe
1264	Unicorn-29327.exe
2716	Unicorn-41579.exe
2716	Unicorn-41579.exe
2524	Unicorn-58003.exe
2524	Unicorn-58003.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2144	WerFault.exe
2144	WerFault.exe
2144	WerFault.exe
2144	WerFault.exe
2204	WerFault.exe
2144	WerFault.exe
3012	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2528	2660	WerFault.exe	27
2848	2912	WerFault.exe	28
2348	2664	WerFault.exe	29
2256	2552	WerFault.exe	30
2204	2584	WerFault.exe	33
2144	2616	WerFault.exe	32
3012	2524	WerFault.exe	34
2504	788	WerFault.exe	36
2908	1296	WerFault.exe	39
2344	1428	WerFault.exe	38
2008	1264	WerFault.exe	37
2324	2716	WerFault.exe	40
1148	1088	WerFault.exe	44
2036	2784	WerFault.exe	90
1640	2172	WerFault.exe	45
1380	2088	WerFault.exe	49
2168	2100	WerFault.exe	48
2308	1476	WerFault.exe	43
2600	2944	WerFault.exe	50
2832	1724	WerFault.exe	47
1684	2096	WerFault.exe	46
2928	1020	WerFault.exe	58
3028	2196	WerFault.exe	61
3044	2924	WerFault.exe	57
3036	840	WerFault.exe	54
2264	2320	WerFault.exe	59
780	2596	WerFault.exe	72
2692	2700	WerFault.exe	73
2772	2456	WerFault.exe	74
2428	1824	WerFault.exe	55
2352	792	WerFault.exe	56
2032	2460	WerFault.exe	76
1136	2512	WerFault.exe	80
1768	1492	WerFault.exe	78
1668	2304	WerFault.exe	81
1548	1656	WerFault.exe	89
1932	2124	WerFault.exe	65
2380	1920	WerFault.exe	85
3184	1648	WerFault.exe	87
3176	1680	WerFault.exe	83
3360	2468	WerFault.exe	75
3420	1776	WerFault.exe	62
3440	2012	WerFault.exe	84
3628	2732	WerFault.exe	82
3696	648	WerFault.exe	60
3748	2492	WerFault.exe	77
3780	2496	WerFault.exe	66
3796	772	WerFault.exe	88
3836	2280	WerFault.exe	86
3860	1572	WerFault.exe	64
3868	1416	WerFault.exe	79
3956	1700	WerFault.exe	63
3244	2956	WerFault.exe	120
3288	808	WerFault.exe	114
3304	1420	WerFault.exe	133
3324	2020	WerFault.exe	135
3340	2392	WerFault.exe	130
3376	1208	WerFault.exe	134
3568	2592	WerFault.exe	110
3652	2940	WerFault.exe	107
3676	2044	WerFault.exe	116
3704	2836	WerFault.exe	129
3812	1772	WerFault.exe	125
3876	2672	WerFault.exe	113

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe
2912	Unicorn-33787.exe
2664	Unicorn-11119.exe
2552	Unicorn-30148.exe
2616	Unicorn-25653.exe
2584	Unicorn-25653.exe
2524	Unicorn-58003.exe
788	Unicorn-25243.exe
1296	Unicorn-48356.exe
1264	Unicorn-29327.exe
1428	Unicorn-44272.exe
2716	Unicorn-41579.exe
1088	Unicorn-38324.exe
2172	Unicorn-27464.exe
1476	Unicorn-54106.exe
2088	Unicorn-21050.exe
2100	Unicorn-47692.exe
2944	Unicorn-31910.exe
2096	Unicorn-1184.exe
1724	Unicorn-47692.exe
840	Unicorn-13540.exe
1824	Unicorn-52627.exe
792	Unicorn-3426.exe
2924	Unicorn-49098.exe
2320	Unicorn-11594.exe
648	Unicorn-23655.exe
2196	Unicorn-7873.exe
1572	Unicorn-16041.exe
1020	Unicorn-26539.exe
2124	Unicorn-39991.exe
1700	Unicorn-31823.exe
1776	Unicorn-5180.exe
2496	Unicorn-65242.exe
2596	Unicorn-61947.exe
2700	Unicorn-50250.exe
2456	Unicorn-63701.exe
2468	Unicorn-9025.exe
1492	Unicorn-2995.exe
2492	Unicorn-49503.exe
2460	Unicorn-18777.exe
1416	Unicorn-10992.exe
2512	Unicorn-20976.exe
2304	Unicorn-878.exe
2732	Unicorn-7785.exe
1680	Unicorn-46680.exe
1920	Unicorn-32290.exe
2280	Unicorn-20784.exe
2012	Unicorn-39066.exe
1648	Unicorn-48818.exe
772	Unicorn-37120.exe
3052	Unicorn-10478.exe
1656	Unicorn-22176.exe
3040	Unicorn-30344.exe
2784	Unicorn-65154.exe
2116	Unicorn-50105.exe
1108	Unicorn-26992.exe
1616	Unicorn-12601.exe
2940	Unicorn-6571.exe
2576	Unicorn-25600.exe
2440	Unicorn-6571.exe
2024	Unicorn-1480.exe
2592	Unicorn-47988.exe
2520	Unicorn-29706.exe
2672	Unicorn-18008.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2912	2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe	28
PID 2660 wrote to memory of 2912	2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe	28
PID 2660 wrote to memory of 2912	2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe	28
PID 2660 wrote to memory of 2912	2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe	28
PID 2912 wrote to memory of 2664	2912	Unicorn-33787.exe	29
PID 2912 wrote to memory of 2664	2912	Unicorn-33787.exe	29
PID 2912 wrote to memory of 2664	2912	Unicorn-33787.exe	29
PID 2912 wrote to memory of 2664	2912	Unicorn-33787.exe	29
PID 2660 wrote to memory of 2552	2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe	30
PID 2660 wrote to memory of 2552	2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe	30
PID 2660 wrote to memory of 2552	2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe	30
PID 2660 wrote to memory of 2552	2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe	30
PID 2660 wrote to memory of 2528	2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe	31
PID 2660 wrote to memory of 2528	2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe	31
PID 2660 wrote to memory of 2528	2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe	31
PID 2660 wrote to memory of 2528	2660	80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe	31
PID 2552 wrote to memory of 2616	2552	Unicorn-30148.exe	32
PID 2552 wrote to memory of 2616	2552	Unicorn-30148.exe	32
PID 2552 wrote to memory of 2616	2552	Unicorn-30148.exe	32
PID 2552 wrote to memory of 2616	2552	Unicorn-30148.exe	32
PID 2664 wrote to memory of 2584	2664	Unicorn-11119.exe	33
PID 2664 wrote to memory of 2584	2664	Unicorn-11119.exe	33
PID 2664 wrote to memory of 2584	2664	Unicorn-11119.exe	33
PID 2664 wrote to memory of 2584	2664	Unicorn-11119.exe	33
PID 2912 wrote to memory of 2524	2912	Unicorn-33787.exe	34
PID 2912 wrote to memory of 2524	2912	Unicorn-33787.exe	34
PID 2912 wrote to memory of 2524	2912	Unicorn-33787.exe	34
PID 2912 wrote to memory of 2524	2912	Unicorn-33787.exe	34
PID 2912 wrote to memory of 2848	2912	Unicorn-33787.exe	35
PID 2912 wrote to memory of 2848	2912	Unicorn-33787.exe	35
PID 2912 wrote to memory of 2848	2912	Unicorn-33787.exe	35
PID 2912 wrote to memory of 2848	2912	Unicorn-33787.exe	35
PID 2584 wrote to memory of 788	2584	Unicorn-25653.exe	36
PID 2584 wrote to memory of 788	2584	Unicorn-25653.exe	36
PID 2584 wrote to memory of 788	2584	Unicorn-25653.exe	36
PID 2584 wrote to memory of 788	2584	Unicorn-25653.exe	36
PID 2552 wrote to memory of 1296	2552	Unicorn-30148.exe	39
PID 2552 wrote to memory of 1296	2552	Unicorn-30148.exe	39
PID 2552 wrote to memory of 1296	2552	Unicorn-30148.exe	39
PID 2552 wrote to memory of 1296	2552	Unicorn-30148.exe	39
PID 2616 wrote to memory of 1264	2616	Unicorn-25653.exe	37
PID 2616 wrote to memory of 1264	2616	Unicorn-25653.exe	37
PID 2616 wrote to memory of 1264	2616	Unicorn-25653.exe	37
PID 2616 wrote to memory of 1264	2616	Unicorn-25653.exe	37
PID 2664 wrote to memory of 1428	2664	Unicorn-11119.exe	38
PID 2664 wrote to memory of 1428	2664	Unicorn-11119.exe	38
PID 2664 wrote to memory of 1428	2664	Unicorn-11119.exe	38
PID 2664 wrote to memory of 1428	2664	Unicorn-11119.exe	38
PID 2524 wrote to memory of 2716	2524	Unicorn-58003.exe	40
PID 2524 wrote to memory of 2716	2524	Unicorn-58003.exe	40
PID 2524 wrote to memory of 2716	2524	Unicorn-58003.exe	40
PID 2524 wrote to memory of 2716	2524	Unicorn-58003.exe	40
PID 2552 wrote to memory of 2256	2552	Unicorn-30148.exe	41
PID 2552 wrote to memory of 2256	2552	Unicorn-30148.exe	41
PID 2552 wrote to memory of 2256	2552	Unicorn-30148.exe	41
PID 2552 wrote to memory of 2256	2552	Unicorn-30148.exe	41
PID 2664 wrote to memory of 2348	2664	Unicorn-11119.exe	42
PID 2664 wrote to memory of 2348	2664	Unicorn-11119.exe	42
PID 2664 wrote to memory of 2348	2664	Unicorn-11119.exe	42
PID 2664 wrote to memory of 2348	2664	Unicorn-11119.exe	42
PID 788 wrote to memory of 1476	788	Unicorn-25243.exe	43
PID 788 wrote to memory of 1476	788	Unicorn-25243.exe	43
PID 788 wrote to memory of 1476	788	Unicorn-25243.exe	43
PID 788 wrote to memory of 1476	788	Unicorn-25243.exe	43

C:\Users\Admin\AppData\Local\Temp\80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe
"C:\Users\Admin\AppData\Local\Temp\80c6352e15f10af561adf28a17bf596847de4c2ccb1a7ca79722466845f47e6c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23655.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9285.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        10⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13395.exe
        11⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33941.exe
        12⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22426.exe
        13⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
        14⤵
        
        PID:4476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
        14⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        13⤵
        
        PID:7960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 236
        12⤵
        
        PID:6812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
        11⤵
        
        PID:5776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        10⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
        9⤵
        Program crash
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        8⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62217.exe
        9⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21948.exe
        10⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23910.exe
        11⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        12⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
        13⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
        13⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
        12⤵
        
        PID:7648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
        11⤵
        
        PID:6880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
        10⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 216
        9⤵
        
        PID:4800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 240
        8⤵
        Program crash
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39066.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
        9⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47848.exe
        10⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
        11⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        12⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
        13⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        14⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
        13⤵
        
        PID:8888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
        12⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        11⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        10⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
        9⤵
        
        PID:4448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        8⤵
        Program crash
        
        PID:3440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        7⤵
        Program crash
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6955.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
        9⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        10⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
        11⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22950.exe
        12⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        13⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe
        14⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 236
        14⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
        13⤵
        
        PID:3912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 236
        12⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        11⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 216
        10⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 216
        9⤵
        Program crash
        
        PID:3676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        8⤵
        Program crash
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64879.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10904.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        9⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46473.exe
        10⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54994.exe
        11⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        12⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
        12⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
        11⤵
        
        PID:7548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
        10⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
        9⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
        8⤵
        
        PID:3236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
        7⤵
        Program crash
        
        PID:3028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
        6⤵
        Program crash
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13540.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61947.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26992.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61475.exe
        9⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23152.exe
        10⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21284.exe
        11⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20568.exe
        12⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe
        13⤵
        
        PID:8336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 236
        13⤵
        
        PID:9192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 236
        12⤵
        
        PID:7764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        11⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 216
        10⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 236
        9⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
        8⤵
        Program crash
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50105.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52814.exe
        8⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47272.exe
        9⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
        10⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54776.exe
        11⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        12⤵
        
        PID:8984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
        12⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 236
        11⤵
        
        PID:8080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
        10⤵
        
        PID:6768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 216
        9⤵
        
        PID:4276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        8⤵
        
        PID:3488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
        7⤵
        Program crash
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50250.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12601.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10219.exe
        8⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
        9⤵
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39400.exe
        10⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1543.exe
        11⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44548.exe
        12⤵
        
        PID:7804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
        13⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 236
        12⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 236
        11⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 236
        10⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
        9⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
        8⤵
        
        PID:4244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        7⤵
        Program crash
        
        PID:2692
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
        6⤵
        Program crash
        
        PID:1148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44272.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13945.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6327.exe
        9⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
        10⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        11⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
        12⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19852.exe
        13⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54577.exe
        14⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
        13⤵
        
        PID:8660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
        12⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
        11⤵
        
        PID:5540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
        10⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 216
        9⤵
        Program crash
        
        PID:3340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
        8⤵
        Program crash
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63701.exe
        7⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34745.exe
        8⤵
        
        PID:3512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 220
        9⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 216
        8⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
        7⤵
        Program crash
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        7⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5388.exe
        8⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
        9⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        10⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30594.exe
        11⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
        12⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 236
        12⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
        11⤵
        
        PID:7972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        10⤵
        
        PID:6988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
        9⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        8⤵
        
        PID:4900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
        7⤵
        Program crash
        
        PID:3836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        6⤵
        Program crash
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32290.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60624.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6135.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38912.exe
        9⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
        10⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65061.exe
        11⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
        12⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 216
        12⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 236
        11⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
        10⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        9⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
        8⤵
        Program crash
        
        PID:3812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        7⤵
        Program crash
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34536.exe
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15310.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34584.exe
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-858.exe
        9⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        10⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33446.exe
        11⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
        10⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
        9⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        8⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        7⤵
        
        PID:4932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
        6⤵
        Program crash
        
        PID:3860
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 220
        5⤵
        Program crash
        
        PID:2344
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58003.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41579.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3426.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62025.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1527.exe
        10⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34408.exe
        11⤵
        
        PID:6652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13738.exe
        12⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57148.exe
        13⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 236
        13⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
        12⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
        11⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
        10⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 216
        9⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
        8⤵
        Program crash
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18008.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51356.exe
        9⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44610.exe
        10⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61984.exe
        11⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37854.exe
        12⤵
        
        PID:8616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 236
        12⤵
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 236
        11⤵
        
        PID:8008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
        10⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
        9⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 216
        8⤵
        Program crash
        
        PID:3876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
        7⤵
        Program crash
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        7⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42316.exe
        8⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
        9⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
        10⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        11⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
        12⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
        12⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
        11⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
        10⤵
        
        PID:5852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 236
        9⤵
        
        PID:4592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
        8⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        7⤵
        Program crash
        
        PID:1768
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        6⤵
        Program crash
        
        PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26539.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21237.exe
        7⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1771.exe
        9⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14319.exe
        10⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        11⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35446.exe
        12⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39769.exe
        13⤵
        
        PID:4984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        13⤵
        
        PID:5568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 236
        12⤵
        
        PID:7348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
        11⤵
        
        PID:7300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 236
        10⤵
        
        PID:5572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 216
        9⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
        8⤵
        Program crash
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41813.exe
        9⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59955.exe
        10⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25052.exe
        11⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56380.exe
        12⤵
        
        PID:8872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
        12⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
        11⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
        10⤵
        
        PID:7464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
        9⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        8⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        7⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        6⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19950.exe
        7⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        8⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
        9⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
        10⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        11⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33438.exe
        12⤵
        
        PID:8404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
        12⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 236
        11⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
        10⤵
        
        PID:6992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        9⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
        8⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
        7⤵
        Program crash
        
        PID:3324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 240
        6⤵
        Program crash
        
        PID:2928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        5⤵
        Program crash
        
        PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31910.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5180.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65154.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 200
        7⤵
        Program crash
        
        PID:2036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
        6⤵
        Program crash
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
        6⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24330.exe
        8⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32358.exe
        9⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
        10⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        11⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
        12⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
        12⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 236
        11⤵
        
        PID:7544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 236
        10⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        9⤵
        
        PID:5384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        8⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
        7⤵
        Program crash
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
        6⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4293.exe
        7⤵
        
        PID:4356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54859.exe
        8⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
        9⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24320.exe
        10⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61842.exe
        11⤵
        
        PID:5452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 236
        10⤵
        
        PID:8820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 236
        9⤵
        
        PID:7364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 236
        8⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        7⤵
        
        PID:4960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        6⤵
        
        PID:3724
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
        5⤵
        Program crash
        
        PID:2600
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3012
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30148.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30148.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47692.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54594.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17833.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
        10⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38767.exe
        11⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46878.exe
        12⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        13⤵
        
        PID:6208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
        12⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 236
        11⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        10⤵
        
        PID:5996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
        9⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 236
        8⤵
        Program crash
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42704.exe
        7⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8081.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12653.exe
        9⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41538.exe
        10⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
        11⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        12⤵
        
        PID:7896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14340.exe
        13⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
        13⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 216
        12⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        11⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
        10⤵
        
        PID:5748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
        9⤵
        
        PID:4724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
        8⤵
        
        PID:3084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
        7⤵
        Program crash
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20976.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31460.exe
        7⤵
        Executes dropped EXE
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
        8⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
        9⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12072.exe
        10⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
        11⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
        12⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18480.exe
        13⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
        12⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
        11⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
        10⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 216
        9⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 236
        8⤵
        Program crash
        
        PID:3288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        7⤵
        Program crash
        
        PID:1136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        6⤵
        Program crash
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40012.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40754.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13447.exe
        9⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
        10⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18622.exe
        11⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        12⤵
        
        PID:8484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
        12⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
        11⤵
        
        PID:7792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
        10⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
        9⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
        8⤵
        Program crash
        
        PID:3244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 236
        7⤵
        Program crash
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
        6⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53857.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56182.exe
        8⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
        9⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
        10⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-298.exe
        11⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
        11⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 236
        10⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 236
        9⤵
        
        PID:6472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
        8⤵
        
        PID:5788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 216
        7⤵
        
        PID:4828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        6⤵
        Program crash
        
        PID:3780
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
        5⤵
        Program crash
        
        PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1184.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39991.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5777.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61366.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
        9⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1719.exe
        10⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
        11⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13821.exe
        12⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        13⤵
        
        PID:9172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
        13⤵
        
        PID:5640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
        12⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 236
        11⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 236
        10⤵
        
        PID:5444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        9⤵
        
        PID:5080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
        8⤵
        
        PID:3680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        7⤵
        Program crash
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59617.exe
        6⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53390.exe
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        8⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
        10⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
        11⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 236
        11⤵
        
        PID:9164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        10⤵
        
        PID:7472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
        9⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
        8⤵
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
        7⤵
        Program crash
        
        PID:3704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        6⤵
        Program crash
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        6⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31299.exe
        7⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63364.exe
        8⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32270.exe
        9⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11107.exe
        10⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24126.exe
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 236
        10⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        9⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
        8⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 216
        7⤵
        
        PID:4852
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
        6⤵
        Program crash
        
        PID:3796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        5⤵
        Program crash
        
        PID:1684
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52627.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63701.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        8⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        9⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
        10⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49924.exe
        11⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        12⤵
        
        PID:8552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 236
        12⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
        11⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
        10⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
        9⤵
        
        PID:4768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
        8⤵
        Program crash
        
        PID:3652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
        7⤵
        Program crash
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25600.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34532.exe
        7⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39296.exe
        8⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        9⤵
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63188.exe
        10⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61185.exe
        11⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 200
        12⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
        11⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
        10⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
        9⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
        8⤵
        
        PID:4340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        7⤵
        
        PID:4048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
        6⤵
        Program crash
        
        PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9025.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19156.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
        8⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        9⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
        10⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16718.exe
        11⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
        11⤵
        
        PID:4688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
        10⤵
        
        PID:8000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 236
        9⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
        8⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        7⤵
        
        PID:4484
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        6⤵
        Program crash
        
        PID:3360
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
        5⤵
        Program crash
        
        PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49098.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18777.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65066.exe
        7⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48834.exe
        8⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6893.exe
        9⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20184.exe
        10⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64112.exe
        11⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
        11⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        10⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
        9⤵
        
        PID:6368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
        8⤵
        
        PID:4560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 216
        7⤵
        Program crash
        
        PID:3568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        6⤵
        Program crash
        
        PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1667.exe
        6⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10323.exe
        7⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
        8⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35451.exe
        9⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23957.exe
        10⤵
        
        PID:8372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        10⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
        9⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
        8⤵
        
        PID:6260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
        7⤵
        
        PID:4168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
        6⤵
        
        PID:3920
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        5⤵
        Program crash
        
        PID:3044
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
      4⤵
      Program crash
      PID:2908
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2256
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
  2⤵
  - Program crash
  PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe

Filesize
184KB

MD5
93770cda4b6c41eeb6f9494d50ee6959

SHA1
db86258aba6e3211c845fbf70ccb1d61fc67f3ae

SHA256
cdb517b791d96fb20e44361267a184ed67943034b7f115ae64d87289e1dbbbae

SHA512
8717b08fa9ce533b9769e35bb3f0741f5803c60128d8da94314a242b39c3e9ef3a86660c5a0220fdef754bd0ee9aa2c7b8fd8cedf6b234f6fdb72c803036c6c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe

Filesize
184KB

MD5
08c08e9276c2e7e86a323e4bf47635ec

SHA1
4f4fdd9f92dcbd3156a6426cd19539462690736b

SHA256
642964fd980081e4268b3042f1fd7381b2893e3e0897e0e2594a57172143f9e9

SHA512
de9fb9998089aaa1d689d0c58fdec464016dbb4f4e783387a7d82767c4292e663087f1c7fe3a24064f223408f32baecf17c904dfc5f9b8bceb50b417770498e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe

Filesize
184KB

MD5
c0736096953c1ca331b47490f21ae3c4

SHA1
9ff8a4301af8d0b09c706fc210d53e20c59255cb

SHA256
5cf9904e31f0d367b3be95647add387196c069ef50adb824d115b38b01353808

SHA512
141f163ca6368c790bc42a9afbfa43c582d42ef35c39f26aa31070b2b401851f6924929356682bad55fe4239df73ab2f3d32c3a4bd5695ace160c2380ed1b4cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe

Filesize
184KB

MD5
1d01a39122bb971a679e94f33a7b6d0b

SHA1
a1d97aa4116c9b8c8d7b99de61eba555897a9991

SHA256
ba4f2534f78855cd9b7418f4d1ef69623e7b3ed884200b7d9a255cabae9121bf

SHA512
e9f0521ea915102677a2d3c9820d4d5a9a219173a8389a2313271e4b6a886f75493d57f147b17f240b93457bd261a892e2ec23c1a094ea6e972b892d617df5df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe

Filesize
184KB

MD5
217f717b3c93f50837dcacbb8f5754de

SHA1
6f7154c5d92fc38c07415bf41a9426be82824adf

SHA256
5b53159d4aa37d68c2aa695100c5a8e98484c5fdd652887fc05b985ddd271658

SHA512
e231268562b2dd8498ad5a3e57eb80c3f023d0cead1980efbc26a5c5f6fbbe11c001efdd6dfee4ab0c85ac39cdd27b8daf9544e83490f81fa95564b6fa46e965

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58003.exe

Filesize
184KB

MD5
8758ff1fdd851e33501b340de067366c

SHA1
4064453a0728d877100fee3cafbe3281d1f80415

SHA256
721db50e80d03501f099a8471c661e2bb5531e6569a5c0848ab309416ffd2978

SHA512
26548a681e38b0ba6fb2982b93f58ca9b8330542d0a93d83168c1838d5bd963f915408e1276a022a53882720aa59cc62d4f6725c764df13a23629bdffd060428

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe

Filesize
184KB

MD5
a9c1f713cdcb424e283296cd22588a66

SHA1
4921e478e54cb8e78d4cadd9a102650a16e1e001

SHA256
acf8756870512d1235750ecc8f3f029ed359faeb9f174281d79ffffbb3b55ae6

SHA512
7112c955b6713fdabcb62a9c72ea1adf85f8d0df4cfb305bb0fac3569f60c2d564ab361875f4884a35f090a46caf6990fd976fe73b800669dd1c4f38d1f11f9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27464.exe

Filesize
184KB

MD5
544d7ba327c7c04bb682764f008c1eda

SHA1
6b843abab5d5ddc2f34a89d09666fcbc8fa14286

SHA256
ceb443c5704bcb3d909e900445a7854df8a097ea7cd1b1211579495162b813b3

SHA512
82465c56c215e9a70e6e551be9e3855f661e6cd85143b945aed47887c9ad2df0b42d6fc7ad8925d55c0a18e0b8ded9997cacabd9751b53c672e178aa60ad6df5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30148.exe

Filesize
184KB

MD5
14af29ac47d40eb9d8c6368d06ffb766

SHA1
932e177b8717a282bd593fc1f49939df2b03633d

SHA256
ccbd8dd3b348b52c146bd3cbdef351359f865b4e3a964e33d9f146ca26e15d66

SHA512
3a77df10a20c5814772b95615e935a03faa14cf5d926a4c1063fa9e62aa7e7aac906f5bc7582901cbceb44a9e9918cb5983467db8390844146f2d51f5662fddd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe

Filesize
184KB

MD5
5c7e663276d523662dbb740fa8f50384

SHA1
826a9a093e66981007c1d2aa23470aced1f1c303

SHA256
a4ad2c10698c8ac7ab8bbbd8db18021cde76be01b88e4ff9eebcc13e131209fd

SHA512
51fa12e861517a744e2edceefa7e46650789025822ba9664f23eff730e805c071d8493b77705b3fb3affa627a14bf20c25cecc25830645a73def9a7138dad81c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38324.exe

Filesize
184KB

MD5
ff9392075040e19cbc2f9576c3784067

SHA1
07834729054c7d93cf6ce4c950fa8a750405802f

SHA256
32d81ae3717520af3e8cf799dbc59c87eda967274288b17b0d0cde02a562f99b

SHA512
4ae967ba4619cb06196b10487d77533590c65eb43c9e862287dcda4fc0e5620b5b6381243a32c6dae210377a4962e23aec684183d3a519ce565c9911a7b0aaab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41579.exe

Filesize
184KB

MD5
fc02a6158e53f57b79416b1bd5ccec28

SHA1
055ed1f881c84721b59de9337c9c1fb0c856b9b7

SHA256
42b6402a2247b0c791e54a062044d49d6d7378c29ab9346521bab12d69315803

SHA512
67609d6b6272be1723f09d9ddac964d187002c06171548c8781b579ad1a8719b4cd269db8c436157c32ce9b26249c221cecf0146e70eddd9a8fb00a413ca9951

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44272.exe

Filesize
184KB

MD5
927702b00e4c50ca206f416dc6ddd26a

SHA1
cb66e5b10d58db2d2291abb8e162dce7eb7e0476

SHA256
f01a29b9b4ec1aca7e45e028e27be60d19bf15b9cabcff9a31322a91205446fc

SHA512
33ddd89000f85b21befd000d63bfdda84d1d1802cad9c1c8283066e9c965772bc0950dad51d12777cf479ac550d228375051c2a510751fabe4bbc3fada375b81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54106.exe

Filesize
184KB

MD5
3f8a0d15f64e6eb78e77f7e7a2af4b70

SHA1
afbcd77567c02d4d4ef9b7b7f7979af4716036d3

SHA256
3516985819f797c0ed852be903f984b284d67052a9e96e88359f5cffddea47e0

SHA512
53d6e516a38ca96a6020929d8b2dafc8ed981e2bdca0d4aff225c8e95986debd3271fe7b49c84a3e69672c1cd67ae6ed785cbf34bade93fd46e9dc3fe872e8b5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads