4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe
Size

184KB
MD5

86cb5646986c7e5b4532b17c098fc1eb
SHA1

a6882d279943722b3c3e65ba2995dd7ddc3aa747
SHA256

4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7
SHA512

a740e5d298afb5ea906a7f05e0baa6f33a4ec472fc942c006ae9d48443fcfd129cafffeda1afacd5aefd289ede8a1e410d81adb4d8794988fc906f43ceb5978f
SSDEEP

3072:6BeNAgoFNgK03kWYe7sLTjaNIKYvzOBKr+uK05iVhlnVOFg:6BooBukW8LXaNIn6lVhlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2684	Unicorn-46280.exe
2932	Unicorn-23805.exe
2540	Unicorn-47987.exe
2568	Unicorn-4536.exe
2908	Unicorn-62460.exe
2440	Unicorn-30987.exe
1476	Unicorn-20920.exe
1652	Unicorn-41340.exe
928	Unicorn-29642.exe
1068	Unicorn-49508.exe
2188	Unicorn-5714.exe
2312	Unicorn-29171.exe
1904	Unicorn-5221.exe
1540	Unicorn-64557.exe
2976	Unicorn-18049.exe
2280	Unicorn-33831.exe
2928	Unicorn-9134.exe
700	Unicorn-43945.exe
1900	Unicorn-42553.exe
1380	Unicorn-53457.exe
1352	Unicorn-39813.exe
2344	Unicorn-47235.exe
1676	Unicorn-28761.exe
1516	Unicorn-59487.exe
568	Unicorn-51874.exe
780	Unicorn-8148.exe
2884	Unicorn-29891.exe
2032	Unicorn-23115.exe
2324	Unicorn-53841.exe
2084	Unicorn-13555.exe
2056	Unicorn-33421.exe
2300	Unicorn-40197.exe
2608	Unicorn-8423.exe
2432	Unicorn-60317.exe
2724	Unicorn-22814.exe
2408	Unicorn-47873.exe
636	Unicorn-2777.exe
840	Unicorn-21806.exe
1588	Unicorn-41672.exe
760	Unicorn-60146.exe
2604	Unicorn-15584.exe
1920	Unicorn-31174.exe
1744	Unicorn-64593.exe
1200	Unicorn-49648.exe
1632	Unicorn-25698.exe
1996	Unicorn-53732.exe
3044	Unicorn-29804.exe
2816	Unicorn-44749.exe
3052	Unicorn-29804.exe
2940	Unicorn-52362.exe
772	Unicorn-18106.exe
320	Unicorn-16675.exe
1000	Unicorn-18621.exe
1512	Unicorn-41179.exe
2072	Unicorn-36279.exe
1708	Unicorn-60037.exe
2672	Unicorn-46394.exe
2528	Unicorn-39617.exe
2404	Unicorn-39617.exe
2532	Unicorn-60592.exe
2400	Unicorn-13529.exe
1084	Unicorn-6752.exe
2636	Unicorn-17613.exe
1688	Unicorn-1262.exe

Loads dropped DLL 64 IoCs

pid	Process
1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe
1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe
2684	Unicorn-46280.exe
1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe
2684	Unicorn-46280.exe
1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe
2932	Unicorn-23805.exe
2684	Unicorn-46280.exe
2932	Unicorn-23805.exe
2684	Unicorn-46280.exe
2540	Unicorn-47987.exe
2540	Unicorn-47987.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2904	WerFault.exe
2908	Unicorn-62460.exe
2908	Unicorn-62460.exe
2440	Unicorn-30987.exe
2440	Unicorn-30987.exe
2540	Unicorn-47987.exe
2568	Unicorn-4536.exe
2540	Unicorn-47987.exe
2568	Unicorn-4536.exe
2932	Unicorn-23805.exe
2932	Unicorn-23805.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
2228	WerFault.exe
2228	WerFault.exe
2228	WerFault.exe
2228	WerFault.exe
2228	WerFault.exe
1476	Unicorn-20920.exe
1476	Unicorn-20920.exe
2908	Unicorn-62460.exe
2908	Unicorn-62460.exe
1068	Unicorn-49508.exe
1068	Unicorn-49508.exe
2568	Unicorn-4536.exe
2568	Unicorn-4536.exe
2188	Unicorn-5714.exe
2188	Unicorn-5714.exe
928	Unicorn-29642.exe
928	Unicorn-29642.exe
1652	Unicorn-41340.exe
1652	Unicorn-41340.exe
2440	Unicorn-30987.exe
2440	Unicorn-30987.exe
3064	WerFault.exe
3064	WerFault.exe
3064	WerFault.exe
3064	WerFault.exe
3064	WerFault.exe
2984	WerFault.exe
2984	WerFault.exe
2984	WerFault.exe
2984	WerFault.exe
2984	WerFault.exe
2016	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2592	1500	WerFault.exe	27
2904	2684	WerFault.exe	28
1172	2932	WerFault.exe	29
2228	2540	WerFault.exe	30
3064	2908	WerFault.exe	33
2984	2440	WerFault.exe	34
2016	2568	WerFault.exe	32
1560	1352	WerFault.exe	55
1132	1068	WerFault.exe	39
2452	2188	WerFault.exe	40
2412	928	WerFault.exe	38
2516	1652	WerFault.exe	37
1804	2312	WerFault.exe	43
1792	1904	WerFault.exe	44
1668	1540	WerFault.exe	45
1344	2976	WerFault.exe	46
972	2280	WerFault.exe	47
1224	2928	WerFault.exe	49
1364	1900	WerFault.exe	50
1488	700	WerFault.exe	48
1976	1380	WerFault.exe	54
1764	2056	WerFault.exe	66
2728	1476	WerFault.exe	36
380	568	WerFault.exe	60
436	780	WerFault.exe	61
2068	1676	WerFault.exe	58
2040	2432	WerFault.exe	72
2168	2344	WerFault.exe	57
2544	2324	WerFault.exe	64
2712	2608	WerFault.exe	70
292	2724	WerFault.exe	73
2148	760	WerFault.exe	81
2200	2408	WerFault.exe	75
2492	1920	WerFault.exe	83
2924	2300	WerFault.exe	67
2164	1588	WerFault.exe	80
2520	2084	WerFault.exe	65
2368	2816	WerFault.exe	88
3108	1200	WerFault.exe	84
3208	840	WerFault.exe	79
3232	1996	WerFault.exe	87
3544	1000	WerFault.exe	101
3624	2604	WerFault.exe	82
3712	772	WerFault.exe	92
3736	3044	WerFault.exe	89
3756	2884	WerFault.exe	62
3856	1744	WerFault.exe	85
3864	1516	WerFault.exe	59
3892	1632	WerFault.exe	86
3924	2032	WerFault.exe	63
4000	636	WerFault.exe	78
4028	2384	WerFault.exe	114
3272	1688	WerFault.exe	113
3416	1964	WerFault.exe	116
3492	2940	WerFault.exe	91
3600	2072	WerFault.exe	104
3636	848	WerFault.exe	132
3656	3052	WerFault.exe	90
3532	2840	WerFault.exe	131
3764	1084	WerFault.exe	111
3784	320	WerFault.exe	95
3840	2996	WerFault.exe	119
3936	1708	WerFault.exe	105
3984	2776	WerFault.exe	118

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe
2684	Unicorn-46280.exe
2932	Unicorn-23805.exe
2540	Unicorn-47987.exe
2908	Unicorn-62460.exe
2568	Unicorn-4536.exe
2440	Unicorn-30987.exe
1476	Unicorn-20920.exe
1652	Unicorn-41340.exe
928	Unicorn-29642.exe
1068	Unicorn-49508.exe
2188	Unicorn-5714.exe
2312	Unicorn-29171.exe
1904	Unicorn-5221.exe
1540	Unicorn-64557.exe
2976	Unicorn-18049.exe
2280	Unicorn-33831.exe
2928	Unicorn-9134.exe
700	Unicorn-43945.exe
1900	Unicorn-42553.exe
1380	Unicorn-53457.exe
1352	Unicorn-39813.exe
2344	Unicorn-47235.exe
1676	Unicorn-28761.exe
1516	Unicorn-59487.exe
568	Unicorn-51874.exe
780	Unicorn-8148.exe
2032	Unicorn-23115.exe
2884	Unicorn-29891.exe
2084	Unicorn-13555.exe
2324	Unicorn-53841.exe
2056	Unicorn-33421.exe
2300	Unicorn-40197.exe
2608	Unicorn-8423.exe
2432	Unicorn-60317.exe
2724	Unicorn-22814.exe
2408	Unicorn-47873.exe
636	Unicorn-2777.exe
840	Unicorn-21806.exe
1588	Unicorn-41672.exe
760	Unicorn-60146.exe
2604	Unicorn-15584.exe
1920	Unicorn-31174.exe
1200	Unicorn-49648.exe
1744	Unicorn-64593.exe
3044	Unicorn-29804.exe
1632	Unicorn-25698.exe
2816	Unicorn-44749.exe
1996	Unicorn-53732.exe
2940	Unicorn-52362.exe
3052	Unicorn-29804.exe
772	Unicorn-18106.exe
320	Unicorn-16675.exe
1000	Unicorn-18621.exe
2072	Unicorn-36279.exe
1512	Unicorn-41179.exe
1708	Unicorn-60037.exe
2672	Unicorn-46394.exe
2528	Unicorn-39617.exe
2404	Unicorn-39617.exe
2532	Unicorn-60592.exe
2400	Unicorn-13529.exe
1084	Unicorn-6752.exe
2636	Unicorn-17613.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 2684	1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe	28
PID 1500 wrote to memory of 2684	1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe	28
PID 1500 wrote to memory of 2684	1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe	28
PID 1500 wrote to memory of 2684	1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe	28
PID 2684 wrote to memory of 2932	2684	Unicorn-46280.exe	29
PID 2684 wrote to memory of 2932	2684	Unicorn-46280.exe	29
PID 2684 wrote to memory of 2932	2684	Unicorn-46280.exe	29
PID 2684 wrote to memory of 2932	2684	Unicorn-46280.exe	29
PID 1500 wrote to memory of 2540	1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe	30
PID 1500 wrote to memory of 2540	1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe	30
PID 1500 wrote to memory of 2540	1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe	30
PID 1500 wrote to memory of 2540	1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe	30
PID 1500 wrote to memory of 2592	1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe	31
PID 1500 wrote to memory of 2592	1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe	31
PID 1500 wrote to memory of 2592	1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe	31
PID 1500 wrote to memory of 2592	1500	4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe	31
PID 2932 wrote to memory of 2568	2932	Unicorn-23805.exe	32
PID 2932 wrote to memory of 2568	2932	Unicorn-23805.exe	32
PID 2932 wrote to memory of 2568	2932	Unicorn-23805.exe	32
PID 2932 wrote to memory of 2568	2932	Unicorn-23805.exe	32
PID 2684 wrote to memory of 2908	2684	Unicorn-46280.exe	33
PID 2684 wrote to memory of 2908	2684	Unicorn-46280.exe	33
PID 2684 wrote to memory of 2908	2684	Unicorn-46280.exe	33
PID 2684 wrote to memory of 2908	2684	Unicorn-46280.exe	33
PID 2540 wrote to memory of 2440	2540	Unicorn-47987.exe	34
PID 2540 wrote to memory of 2440	2540	Unicorn-47987.exe	34
PID 2540 wrote to memory of 2440	2540	Unicorn-47987.exe	34
PID 2540 wrote to memory of 2440	2540	Unicorn-47987.exe	34
PID 2684 wrote to memory of 2904	2684	Unicorn-46280.exe	35
PID 2684 wrote to memory of 2904	2684	Unicorn-46280.exe	35
PID 2684 wrote to memory of 2904	2684	Unicorn-46280.exe	35
PID 2684 wrote to memory of 2904	2684	Unicorn-46280.exe	35
PID 2908 wrote to memory of 1476	2908	Unicorn-62460.exe	36
PID 2908 wrote to memory of 1476	2908	Unicorn-62460.exe	36
PID 2908 wrote to memory of 1476	2908	Unicorn-62460.exe	36
PID 2908 wrote to memory of 1476	2908	Unicorn-62460.exe	36
PID 2440 wrote to memory of 1652	2440	Unicorn-30987.exe	37
PID 2440 wrote to memory of 1652	2440	Unicorn-30987.exe	37
PID 2440 wrote to memory of 1652	2440	Unicorn-30987.exe	37
PID 2440 wrote to memory of 1652	2440	Unicorn-30987.exe	37
PID 2540 wrote to memory of 928	2540	Unicorn-47987.exe	38
PID 2540 wrote to memory of 928	2540	Unicorn-47987.exe	38
PID 2540 wrote to memory of 928	2540	Unicorn-47987.exe	38
PID 2540 wrote to memory of 928	2540	Unicorn-47987.exe	38
PID 2568 wrote to memory of 1068	2568	Unicorn-4536.exe	39
PID 2568 wrote to memory of 1068	2568	Unicorn-4536.exe	39
PID 2568 wrote to memory of 1068	2568	Unicorn-4536.exe	39
PID 2568 wrote to memory of 1068	2568	Unicorn-4536.exe	39
PID 2932 wrote to memory of 2188	2932	Unicorn-23805.exe	40
PID 2932 wrote to memory of 2188	2932	Unicorn-23805.exe	40
PID 2932 wrote to memory of 2188	2932	Unicorn-23805.exe	40
PID 2932 wrote to memory of 2188	2932	Unicorn-23805.exe	40
PID 2932 wrote to memory of 1172	2932	Unicorn-23805.exe	41
PID 2932 wrote to memory of 1172	2932	Unicorn-23805.exe	41
PID 2932 wrote to memory of 1172	2932	Unicorn-23805.exe	41
PID 2932 wrote to memory of 1172	2932	Unicorn-23805.exe	41
PID 2540 wrote to memory of 2228	2540	Unicorn-47987.exe	42
PID 2540 wrote to memory of 2228	2540	Unicorn-47987.exe	42
PID 2540 wrote to memory of 2228	2540	Unicorn-47987.exe	42
PID 2540 wrote to memory of 2228	2540	Unicorn-47987.exe	42
PID 1476 wrote to memory of 2312	1476	Unicorn-20920.exe	43
PID 1476 wrote to memory of 2312	1476	Unicorn-20920.exe	43
PID 1476 wrote to memory of 2312	1476	Unicorn-20920.exe	43
PID 1476 wrote to memory of 2312	1476	Unicorn-20920.exe	43

C:\Users\Admin\AppData\Local\Temp\4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe
"C:\Users\Admin\AppData\Local\Temp\4e7d281a703f2d0c84d62d898aedbe6e4346eb35b817438403877e29180d6de7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23805.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4536.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28761.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57728.exe
        10⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58203.exe
        11⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
        12⤵
        
        PID:6108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
        13⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15448.exe
        14⤵
        
        PID:9072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 236
        14⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
        13⤵
        
        PID:7988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
        12⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
        11⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
        10⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
        9⤵
        Program crash
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60592.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49368.exe
        9⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
        10⤵
        
        PID:4856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38904.exe
        11⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53969.exe
        12⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
        13⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 236
        12⤵
        
        PID:7432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
        11⤵
        
        PID:6816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
        10⤵
        
        PID:5312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
        9⤵
        
        PID:3320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
        8⤵
        Program crash
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15584.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21247.exe
        9⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
        10⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8753.exe
        11⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28370.exe
        12⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
        13⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 216
        12⤵
        
        PID:7808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
        11⤵
        
        PID:7128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        10⤵
        
        PID:6032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        9⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
        8⤵
        Program crash
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        7⤵
        Program crash
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41672.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        9⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12126.exe
        10⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22018.exe
        11⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50933.exe
        12⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24281.exe
        13⤵
        
        PID:8284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 236
        13⤵
        
        PID:8244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
        12⤵
        
        PID:7732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
        11⤵
        
        PID:6164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
        10⤵
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 216
        9⤵
        Program crash
        
        PID:3764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
        8⤵
        Program crash
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57728.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
        9⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8203.exe
        10⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7762.exe
        11⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
        12⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
        12⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
        11⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
        10⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
        9⤵
        
        PID:5044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
        8⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
        7⤵
        Program crash
        
        PID:380
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
        6⤵
        Program crash
        
        PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18049.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59487.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12590.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42902.exe
        9⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        10⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33554.exe
        11⤵
        
        PID:7096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24582.exe
        12⤵
        
        PID:8060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 236
        12⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        11⤵
        
        PID:7328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
        10⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
        9⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 216
        8⤵
        Program crash
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11983.exe
        8⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        9⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58634.exe
        10⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39356.exe
        11⤵
        
        PID:7508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 236
        11⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
        10⤵
        
        PID:7400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
        9⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
        8⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        7⤵
        Program crash
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21806.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50847.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62178.exe
        9⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31037.exe
        10⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
        11⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5199.exe
        12⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 236
        12⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 236
        11⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 236
        10⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        9⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 216
        8⤵
        
        PID:3688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 216
        7⤵
        Program crash
        
        PID:3208
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
        6⤵
        Program crash
        
        PID:1344
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5714.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33831.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
        8⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
        9⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        10⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6200.exe
        11⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
        12⤵
        
        PID:8312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        12⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
        11⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
        10⤵
        
        PID:6384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
        9⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
        8⤵
        
        PID:4076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 216
        7⤵
        Program crash
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25698.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1454.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40380.exe
        8⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2536.exe
        9⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60331.exe
        10⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
        11⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
        11⤵
        
        PID:8752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
        10⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        9⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
        8⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        7⤵
        Program crash
        
        PID:3892
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        6⤵
        Program crash
        
        PID:972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29891.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49648.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33743.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52082.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25941.exe
        9⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        10⤵
        
        PID:5388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
        11⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22719.exe
        12⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
        12⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
        11⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        10⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        9⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
        8⤵
        Program crash
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 236
        7⤵
        Program crash
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56856.exe
        6⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        7⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        8⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        9⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
        10⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 236
        10⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
        9⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
        8⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
        7⤵
        
        PID:4940
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        6⤵
        Program crash
        
        PID:3756
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
        5⤵
        Program crash
        
        PID:2452
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53457.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24864.exe
        9⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43813.exe
        10⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8011.exe
        11⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39776.exe
        12⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
        13⤵
        
        PID:7528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 236
        13⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
        12⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        11⤵
        
        PID:6376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 216
        10⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
        9⤵
        
        PID:3172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        8⤵
        Program crash
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36279.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
        8⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        9⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe
        10⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37337.exe
        11⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
        12⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 236
        12⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
        11⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 236
        10⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 216
        9⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
        8⤵
        Program crash
        
        PID:3600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 240
        7⤵
        Program crash
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16675.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34127.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16312.exe
        9⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6672.exe
        10⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
        11⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56771.exe
        12⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55775.exe
        13⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
        13⤵
        
        PID:4612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 236
        12⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
        11⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
        10⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
        9⤵
        Program crash
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
        8⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2780.exe
        9⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11794.exe
        10⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34597.exe
        11⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11618.exe
        12⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 236
        12⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        11⤵
        
        PID:7920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
        10⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
        9⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
        8⤵
        Program crash
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
        7⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
        8⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        9⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52635.exe
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41722.exe
        11⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
        12⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
        12⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        11⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 236
        10⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 216
        9⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
        8⤵
        Program crash
        
        PID:3636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
        7⤵
        Program crash
        
        PID:2040
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        6⤵
        Program crash
        
        PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39813.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 188
        6⤵
        Program crash
        
        PID:1560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
        5⤵
        Program crash
        
        PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60037.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44768.exe
        10⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe
        11⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3066.exe
        12⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
        12⤵
        
        PID:8596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
        11⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        10⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 216
        9⤵
        
        PID:4848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
        8⤵
        Program crash
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
        7⤵
        Program crash
        
        PID:292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46394.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
        7⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 200
        8⤵
        
        PID:3448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 216
        7⤵
        
        PID:3652
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
        6⤵
        Program crash
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47873.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18621.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22451.exe
        7⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38076.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
        9⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56003.exe
        11⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
        12⤵
        
        PID:8440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
        12⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        11⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
        10⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
        9⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 236
        8⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 236
        7⤵
        Program crash
        
        PID:3544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24951.exe
        6⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49734.exe
        8⤵
        
        PID:4828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44934.exe
        9⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47171.exe
        10⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-835.exe
        11⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
        10⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 236
        9⤵
        
        PID:6848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
        8⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
        7⤵
        
        PID:3168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
        6⤵
        Program crash
        
        PID:2200
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
        5⤵
        Program crash
        
        PID:1792
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3064
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2904
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9134.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53841.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53732.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20121.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
        9⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
        10⤵
        
        PID:4268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1161.exe
        11⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20010.exe
        12⤵
        
        PID:7964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
        13⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 236
        12⤵
        
        PID:7616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
        11⤵
        
        PID:6188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
        10⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
        9⤵
        
        PID:4328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        8⤵
        Program crash
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26705.exe
        7⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe
        8⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
        9⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
        10⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
        11⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33113.exe
        12⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
        12⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 236
        11⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        10⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
        9⤵
        
        PID:5324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 216
        8⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        7⤵
        Program crash
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44749.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
        8⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64508.exe
        9⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39096.exe
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1452.exe
        11⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
        12⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
        11⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 236
        10⤵
        
        PID:6972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
        9⤵
        
        PID:5484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
        8⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
        7⤵
        Program crash
        
        PID:2368
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        6⤵
        Program crash
        
        PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13555.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29804.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44433.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
        9⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51457.exe
        10⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe
        11⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-627.exe
        12⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 236
        12⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
        11⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
        10⤵
        
        PID:6720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
        9⤵
        
        PID:4700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21634.exe
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-772.exe
        10⤵
        
        PID:6732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        11⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
        11⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
        10⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
        9⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
        8⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        7⤵
        Program crash
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63.exe
        6⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44936.exe
        7⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
        8⤵
        
        PID:4652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39911.exe
        9⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
        10⤵
        
        PID:7692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
        10⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
        9⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
        8⤵
        
        PID:5200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
        7⤵
        
        PID:4580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
        6⤵
        Program crash
        
        PID:2520
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
        5⤵
        Program crash
        
        PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42553.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23115.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29804.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3047.exe
        8⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        9⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
        10⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48318.exe
        11⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 236
        11⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
        10⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
        9⤵
        
        PID:5840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        8⤵
        
        PID:4884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 216
        7⤵
        Program crash
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
        6⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
        7⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        8⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14695.exe
        9⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34888.exe
        10⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
        10⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        9⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
        8⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
        7⤵
        
        PID:5088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
        6⤵
        Program crash
        
        PID:3924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18106.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        6⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        7⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45323.exe
        8⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
        9⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43959.exe
        10⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
        10⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
        9⤵
        
        PID:6392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
        8⤵
        
        PID:5536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        7⤵
        
        PID:4752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 216
        6⤵
        Program crash
        
        PID:3712
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 220
        5⤵
        Program crash
        
        PID:1364
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29642.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29642.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33421.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1262.exe
        7⤵
        Executes dropped EXE
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53836.exe
        8⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53652.exe
        9⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22210.exe
        10⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
        11⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51115.exe
        12⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 236
        12⤵
        
        PID:4532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
        11⤵
        
        PID:7716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        10⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
        9⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
        8⤵
        Program crash
        
        PID:3272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
        7⤵
        Program crash
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        6⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48792.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50878.exe
        8⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12889.exe
        9⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
        10⤵
        
        PID:7056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32558.exe
        11⤵
        
        PID:3536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
        11⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
        10⤵
        
        PID:7340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
        9⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 216
        8⤵
        
        PID:4212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
        7⤵
        Program crash
        
        PID:4028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        6⤵
        Program crash
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64593.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
        8⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9568.exe
        9⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27815.exe
        10⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
        10⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        9⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        8⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
        7⤵
        
        PID:4988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
        6⤵
        Program crash
        
        PID:3856
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 240
        5⤵
        Program crash
        
        PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52362.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5730.exe
        6⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8719.exe
        7⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45266.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54773.exe
        9⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        10⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
        11⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
        11⤵
        
        PID:8544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
        10⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        9⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 216
        8⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
        7⤵
        Program crash
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
        6⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        7⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28240.exe
        8⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20124.exe
        9⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51032.exe
        10⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
        10⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
        9⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
        8⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
        7⤵
        
        PID:4492
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        6⤵
        Program crash
        
        PID:3492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
        5⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38076.exe
        6⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33123.exe
        7⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
        8⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        9⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
        10⤵
        
        PID:8356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 236
        10⤵
        
        PID:8320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
        9⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 236
        8⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
        7⤵
        
        PID:4568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 216
        6⤵
        Program crash
        
        PID:3840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        5⤵
        Program crash
        
        PID:2924
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
      4⤵
      Program crash
      PID:2412
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2228
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
  2⤵
  - Program crash
  PID:2592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-29642.exe

Filesize
184KB

MD5
e9bd39a1321be43eb6d939ba82c3d2f5

SHA1
51f650774785888da5a11d3304efa233e1b8a3a5

SHA256
ec6c043d3a4f7fe931b6207c6eaeb50442ab448b73858c15ed2d3a01ac428dd9

SHA512
4dcaad2be72724ac887f19d3856a64c054070c7b0eb792d63045b4567f726acc887d508504e400bb7ca428531d0639bebd7b19c4758dea11c4c6d852f3230cb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39813.exe

Filesize
184KB

MD5
e5b87799d88ee50c38c767067b9ae21d

SHA1
acb9d24aedf41d70a52dd829284c02a1ac36cf18

SHA256
53913e3ec9d64a0def1108d0da0427c07114ed7bd5b38ebe312caaa774fd9d6e

SHA512
b0b4dd38815fee5eca19b062c5ec6059a07192a3172387f955f87cffd0c742dcbf1aac0b31db674d0a809e2fd44f84ca218e7591693703695ffd334752acc4d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe

Filesize
184KB

MD5
eeabe26b6e7b80aecbf7b935c2ad6637

SHA1
6cd45e2743411bc5f04b82425bb384338b028100

SHA256
3ab30f2fa673c5de21e559e7586d8472d0b821e5bee8ccf21e0e53110da88322

SHA512
6d29d0fcde6f5ab7e6d0fd8bfb7fe314957c1ba0cf09f0741c7b50f2162b0e0c7ed6c3aa6b8e35c7174f00e71e640001e9097b04308c2503d85b023d52b09a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe

Filesize
184KB

MD5
7017bd5944576d09006b5b577fff2ce6

SHA1
f6c639d4444f4f714e24ca0355cb50312fa638e4

SHA256
55282c3957d2e21a0a0fbd0303ed2c55840d8f363110f85846506fb92baf08e1

SHA512
b7d17a3cb99aa2417b9d358b006b423800f687e219021cbb60f12f36bdbc7db2f9b1177eeb82f991da0b0ea409ec90626c12b3c16976466e7bdb858c8ca0c44f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5714.exe

Filesize
184KB

MD5
b46bfd093c45e91adf52fb4bf8a54a3c

SHA1
a9385dcba1e536dc90df8165e520db85de7543a7

SHA256
5de5f0e0c1b2c769369000694b5b4425844db3ebb32557d933600de8aa05189a

SHA512
08dafe154129f1d456d1d5f25303ed83bf7bdd173d79fb74fdfeba0cf64ac1632da84a855735b131aef41b10706ecd6ed377c13e04bd56f2f328134f23d10598

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe

Filesize
184KB

MD5
5df7deb0c0e64a635fd941ad9743bff9

SHA1
4fecf1f69756b36d9a69f670c04b8bf6d65667b7

SHA256
4ba35d0a121f1f9b3a3ce602eebf06278f662269c9913014e914bfaa0ad40335

SHA512
131bac99c15947afe257c973f86bc039fa13bbcf442dddc271f8be767a837d0d581fcadd3f1ae0df56ef0a18a113cc3b1fffa575ac09633cc6f04f6e0fc3f163

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe

Filesize
184KB

MD5
4fbe0b293a3b45d1280aeb84f6c8d93d

SHA1
f4f8803d78fd30aa95aeddea2a2bb38534ee272b

SHA256
6992bd7327024e0ed1cd1c2a70ed33162d860fe578d05319fe23ccfe1bc53a98

SHA512
922434c6ce0ff88c0ec012d42578770c12ac246edd7f617a21e71435de5d05452e1cc2489d0646594c80cefdafb6322d9bf6e3162700436336b57b32772312a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20920.exe

Filesize
184KB

MD5
3bba42de3d8fd6fba6c006a90beedba5

SHA1
1b3f36d70d635df9c12f9ce82f12a2b8e48391b4

SHA256
bbfad65811cbfe77755e25ce185d29deb9839c18380934818e199a01ce24ad48

SHA512
cdd4b2f73d73f162d3455e9d66edd08ccf3003f42aef5f75c1b54dbd6d1c25656bf6910035ecf7151579af1f2b4a623554e1ed9be189e17cd004c1593399f32c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23805.exe

Filesize
184KB

MD5
dc19e7d29b12cd53accd034b5bb817f0

SHA1
5fab18ccba274cec9e4ca17688e0e2add3bea292

SHA256
42738453c5aeab49f6dec413ae8329ec25cf00ebd330a33df8f0b45b09892850

SHA512
408ebf09efc5855f288312158724074ca41c5cfd5527d8f47fb000986411d7ba5e34288ba3f8569be84d62be5f125e7574d7b46f603920e540b2cc608e6b3edf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29171.exe

Filesize
184KB

MD5
8b94a6b2145cdc183bd746e86b0b7fe3

SHA1
8287469b3bd30d8932448a63567543fccd04261b

SHA256
ce12413c816078f2e15d4edc39fb354abf327d9e269ed524cc6e43422d87190b

SHA512
92ea7c0bc265bbcbd84ecfc6e17d6120b8172dee07fd3864542cbc1ee2da66bdfb5f09b9e18c724599c3c6ea90e14f37d515dfb4fdfa46a12ebbfe2920a079a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe

Filesize
184KB

MD5
60f2775ed86fc7d48303881d3c75374d

SHA1
ee9b5ca976c7ac344dd45e78a0af83bfb633a071

SHA256
7afaed8399c65b90f2173eaa33fae1c861aeb31d9e3a28ce885a141095d08f5c

SHA512
055b8a3f73bdff5ce9dd7dd3626fb880bacbb5d082f62a35b3adf3a729970dc80e3db3e56333b87bf3680813e0a77f30007cc751f180b69c98d2f4a3039ce354

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe

Filesize
184KB

MD5
69f9727312476a5d18aa471259a071e8

SHA1
c29c5231517a5367980076e86fbd4c443dfac5f9

SHA256
a17f913a17cdcc60b5d4f0af8c081b4ca7023c9bd64c0f066bc625260e9132c8

SHA512
b8aae910363f1230b278de26fa3854af0aa2c97249cf8c1498e0c564ee8d561e71765ba1d19674ded22b379ed5f8c8d2a184ef910dfa4859c65edc8db29d6268

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4536.exe

Filesize
184KB

MD5
6a573b528590b15f4791deaac4a6f67c

SHA1
52ff69a8f8a74d27102a8a2af8f70e4974ad1e42

SHA256
3291616369f54a4126e60208d8374b849b9084aedd9161284da5efcc11833eb6

SHA512
84938e80a1de87ceb32e48c6fbf8bdc15243f6dfb770efe73353c428f3fa8bc34960bf4d711e39caed51c4d9e38c6bc6cd4a58a63ffbd0e9c7453f3913014a3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46280.exe

Filesize
184KB

MD5
767bf799fbb5a85252e1ee758a994fb5

SHA1
97795053af3a413dab2a3cf3e3c76e7eddd74cc7

SHA256
125b7111edc2d626f0e85e8c79a71fb109a9baeb89c4ba7c273f0c2dd36db9d8

SHA512
8c4813439cc9e1abf027454574395ca5803447b0762484e05e6366e6db43c77e308d3fd7cca58b176354cee1d10ae36f503eb1b335964dc5c91a2ae860da5297

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47987.exe

Filesize
184KB

MD5
ea1f2b8814aeb3c7f4af1a528c9d72d0

SHA1
fc0868d217e40008f277266ef7577a4a868b2a03

SHA256
52bb2b7a7d720d038f38fab0e6b05b20df44c049bc0f71f039e5d4feb7b0139e

SHA512
b24ef9a01315fd20b8359fcc4ec57b764c385cb1849cf040c6a8dc98dc5e14951440267cae523b6d2c0cd5e9271fc6d852bda818066a95db2eeead0f4b6bd259

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5221.exe

Filesize
184KB

MD5
5540483da11dc4a848a6553b76bb903d

SHA1
517c41aeb01f1e792c9317e53f3619a22c18897a

SHA256
1e1211abf8bb3a6aada23ca5aa544c5f1685e18c7fa84eeef38c93f81e02dc88

SHA512
c9489349bc3370fb47c71737510faf730b61b8558a623c8e1336e576cc23a9eebdbb3d333f30d6773493f4aefee8b790f3c59e7eb2fb8498255ca395e10f927b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62460.exe

Filesize
184KB

MD5
450c396aaf1f3a61539f6b981c1cb380

SHA1
2bcea2bacf95e9a2b13ed79b878013b74ccce2b5

SHA256
b92ce18427412099bbabc737e8ac4972b49e6be41d01af703927fd4fd7b6b745

SHA512
c8f55257de5f9d3009cd751085e7119dedef3150a2ce3298192315726287eefaa8c7c6bf7a5648aac70acd0edac76d4adba806f9456371b5c52d881d955ee243

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64557.exe

Filesize
184KB

MD5
723ff8e4303f3d242fd88e884f1a9332

SHA1
206dbc87a42d8c6db5ea5973e76ff6a6ebb40c83

SHA256
567365856e9ddf3c9a42c1c8705e55cc74be6623fefcdece477ef9a379391828

SHA512
f62584dbb47a607162c7e0ddeba41cc5ebfdfcae36c44a2925355e2fb6e7c5eeafd4beb2f685be3c17847e29d110477e151fe51d0b9f159d0365f57f56d13af3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads