40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe
Size

184KB
MD5

9bb99092fc0f5379102900b46344004c
SHA1

873a33c97ba4fee6be671e60606b815ae01498a0
SHA256

40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a
SHA512

aa9dd8264701c1d93d955d16f1e83d3f196db67f23aaa593935a369e88a856eb9015d111cad4532c96752d1b048b04c2fd6c885236e2226959f0d7028f93543f
SSDEEP

3072:VVLyigol0R6adH9YeWsLpZIjIiYxYfZitX/GO5qoNX4hlnVOFQ:VVMoVWH93L3IjILtOnhlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2612	Unicorn-51887.exe
2648	Unicorn-40236.exe
2632	Unicorn-25292.exe
2452	Unicorn-44918.exe
2536	Unicorn-29158.exe
2500	Unicorn-48187.exe
1604	Unicorn-10766.exe
1960	Unicorn-64606.exe
2792	Unicorn-64051.exe
1052	Unicorn-9375.exe
1688	Unicorn-29241.exe
2716	Unicorn-31270.exe
1744	Unicorn-37300.exe
1656	Unicorn-31824.exe
2296	Unicorn-55774.exe
2636	Unicorn-1119.exe
3052	Unicorn-11980.exe
324	Unicorn-9287.exe
1680	Unicorn-50875.exe
2776	Unicorn-54980.exe
828	Unicorn-14502.exe
1816	Unicorn-34031.exe
1844	Unicorn-36723.exe
2324	Unicorn-31893.exe
1268	Unicorn-21587.exe
1668	Unicorn-63174.exe
2740	Unicorn-52313.exe
1612	Unicorn-25671.exe
1628	Unicorn-50730.exe
1560	Unicorn-13226.exe
1432	Unicorn-15919.exe
2056	Unicorn-974.exe
2620	Unicorn-20217.exe
2432	Unicorn-12603.exe
2684	Unicorn-63195.exe
2280	Unicorn-61825.exe
2404	Unicorn-47990.exe
2768	Unicorn-37129.exe
2012	Unicorn-43159.exe
1980	Unicorn-37683.exe
1640	Unicorn-24685.exe
1484	Unicorn-23315.exe
2600	Unicorn-46428.exe
1324	Unicorn-33429.exe
1740	Unicorn-40205.exe
1732	Unicorn-60071.exe
1448	Unicorn-54404.exe
2316	Unicorn-35375.exe
676	Unicorn-4648.exe
2040	Unicorn-43543.exe
3060	Unicorn-58488.exe
1800	Unicorn-38067.exe
1588	Unicorn-53849.exe
1300	Unicorn-6485.exe
888	Unicorn-4902.exe
2564	Unicorn-58208.exe
2664	Unicorn-15229.exe
2468	Unicorn-56070.exe
532	Unicorn-28036.exe
2812	Unicorn-62100.exe
2780	Unicorn-31374.exe
944	Unicorn-36588.exe
1988	Unicorn-17560.exe
1428	Unicorn-35842.exe

Loads dropped DLL 64 IoCs

pid	Process
1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe
1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe
2612	Unicorn-51887.exe
1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe
1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe
2612	Unicorn-51887.exe
2648	Unicorn-40236.exe
2648	Unicorn-40236.exe
2632	Unicorn-25292.exe
2632	Unicorn-25292.exe
2612	Unicorn-51887.exe
2612	Unicorn-51887.exe
112	WerFault.exe
112	WerFault.exe
112	WerFault.exe
112	WerFault.exe
112	WerFault.exe
2452	Unicorn-44918.exe
2648	Unicorn-40236.exe
2452	Unicorn-44918.exe
2648	Unicorn-40236.exe
2536	Unicorn-29158.exe
2536	Unicorn-29158.exe
2632	Unicorn-25292.exe
2632	Unicorn-25292.exe
2500	Unicorn-48187.exe
2500	Unicorn-48187.exe
1536	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
1536	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
1960	Unicorn-64606.exe
1960	Unicorn-64606.exe
1604	Unicorn-10766.exe
2452	Unicorn-44918.exe
1604	Unicorn-10766.exe
2452	Unicorn-44918.exe
1052	Unicorn-9375.exe
1052	Unicorn-9375.exe
2792	Unicorn-64051.exe
2792	Unicorn-64051.exe
2536	Unicorn-29158.exe
2536	Unicorn-29158.exe
1688	Unicorn-29241.exe
2500	Unicorn-48187.exe
2500	Unicorn-48187.exe
1688	Unicorn-29241.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
2368	WerFault.exe
2368	WerFault.exe
2368	WerFault.exe
2368	WerFault.exe
1112	WerFault.exe
1112	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2848	1284	WerFault.exe	27
112	2612	WerFault.exe	28
1536	2648	WerFault.exe	30
764	2632	WerFault.exe	29
3068	2452	WerFault.exe	32
2368	2536	WerFault.exe	33
1112	2500	WerFault.exe	34
2216	1960	WerFault.exe	37
2624	1604	WerFault.exe	36
2588	2792	WerFault.exe	38
2592	1052	WerFault.exe	39
2496	1688	WerFault.exe	40
884	2716	WerFault.exe	43
700	1744	WerFault.exe	44
1316	1680	WerFault.exe	50
588	1656	WerFault.exe	45
1932	324	WerFault.exe	49
2952	2296	WerFault.exe	46
2356	3052	WerFault.exe	48
3024	2636	WerFault.exe	47
3056	2776	WerFault.exe	54
440	828	WerFault.exe	55
1596	1844	WerFault.exe	57
1840	1560	WerFault.exe	65
2036	1816	WerFault.exe	56
1568	2620	WerFault.exe	69
2980	1980	WerFault.exe	81
3008	1668	WerFault.exe	60
1952	2404	WerFault.exe	77
2524	1432	WerFault.exe	64
2220	2324	WerFault.exe	58
2328	1612	WerFault.exe	62
2436	2740	WerFault.exe	61
2080	676	WerFault.exe	90
3016	2600	WerFault.exe	84
976	2012	WerFault.exe	80
2912	1324	WerFault.exe	85
1396	1484	WerFault.exe	83
3132	3060	WerFault.exe	92
3260	1448	WerFault.exe	88
3272	1640	WerFault.exe	82
3408	1740	WerFault.exe	86
3748	1268	WerFault.exe	59
4032	2316	WerFault.exe	89
3084	2812	WerFault.exe	109
3100	532	WerFault.exe	108
3152	1800	WerFault.exe	93
3188	2056	WerFault.exe	66
3244	1732	WerFault.exe	87
3268	2468	WerFault.exe	107
3324	1628	WerFault.exe	63
3340	2664	WerFault.exe	106
3416	944	WerFault.exe	111
3508	2280	WerFault.exe	76
3576	1300	WerFault.exe	100
3600	2432	WerFault.exe	71
3852	2564	WerFault.exe	105
3868	2684	WerFault.exe	70
3728	812	WerFault.exe	133
3804	2780	WerFault.exe	110
3892	2736	WerFault.exe	143
3928	1756	WerFault.exe	123
3960	1588	WerFault.exe	94
3292	1784	WerFault.exe	135

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe
2612	Unicorn-51887.exe
2648	Unicorn-40236.exe
2632	Unicorn-25292.exe
2452	Unicorn-44918.exe
2536	Unicorn-29158.exe
2500	Unicorn-48187.exe
1604	Unicorn-10766.exe
1960	Unicorn-64606.exe
1688	Unicorn-29241.exe
1052	Unicorn-9375.exe
2792	Unicorn-64051.exe
2716	Unicorn-31270.exe
1744	Unicorn-37300.exe
2636	Unicorn-1119.exe
1656	Unicorn-31824.exe
2296	Unicorn-55774.exe
1680	Unicorn-50875.exe
324	Unicorn-9287.exe
3052	Unicorn-11980.exe
2776	Unicorn-54980.exe
828	Unicorn-14502.exe
1816	Unicorn-34031.exe
1844	Unicorn-36723.exe
2324	Unicorn-31893.exe
1668	Unicorn-63174.exe
1268	Unicorn-21587.exe
2740	Unicorn-52313.exe
1628	Unicorn-50730.exe
1560	Unicorn-13226.exe
1612	Unicorn-25671.exe
1432	Unicorn-15919.exe
2056	Unicorn-974.exe
2620	Unicorn-20217.exe
2432	Unicorn-12603.exe
2684	Unicorn-63195.exe
2280	Unicorn-61825.exe
2404	Unicorn-47990.exe
2768	Unicorn-37129.exe
1980	Unicorn-37683.exe
2012	Unicorn-43159.exe
1640	Unicorn-24685.exe
1484	Unicorn-23315.exe
2600	Unicorn-46428.exe
1324	Unicorn-33429.exe
2316	Unicorn-35375.exe
1732	Unicorn-60071.exe
1448	Unicorn-54404.exe
1740	Unicorn-40205.exe
2040	Unicorn-43543.exe
676	Unicorn-4648.exe
3060	Unicorn-58488.exe
1800	Unicorn-38067.exe
1588	Unicorn-53849.exe
1300	Unicorn-6485.exe
888	Unicorn-4902.exe
2564	Unicorn-58208.exe
2664	Unicorn-15229.exe
2468	Unicorn-56070.exe
532	Unicorn-28036.exe
2812	Unicorn-62100.exe
2780	Unicorn-31374.exe
944	Unicorn-36588.exe
1988	Unicorn-17560.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 2612	1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe	28
PID 1284 wrote to memory of 2612	1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe	28
PID 1284 wrote to memory of 2612	1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe	28
PID 1284 wrote to memory of 2612	1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe	28
PID 1284 wrote to memory of 2648	1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe	30
PID 1284 wrote to memory of 2648	1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe	30
PID 1284 wrote to memory of 2648	1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe	30
PID 1284 wrote to memory of 2648	1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe	30
PID 2612 wrote to memory of 2632	2612	Unicorn-51887.exe	29
PID 2612 wrote to memory of 2632	2612	Unicorn-51887.exe	29
PID 2612 wrote to memory of 2632	2612	Unicorn-51887.exe	29
PID 2612 wrote to memory of 2632	2612	Unicorn-51887.exe	29
PID 1284 wrote to memory of 2848	1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe	31
PID 1284 wrote to memory of 2848	1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe	31
PID 1284 wrote to memory of 2848	1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe	31
PID 1284 wrote to memory of 2848	1284	40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe	31
PID 2648 wrote to memory of 2452	2648	Unicorn-40236.exe	32
PID 2648 wrote to memory of 2452	2648	Unicorn-40236.exe	32
PID 2648 wrote to memory of 2452	2648	Unicorn-40236.exe	32
PID 2648 wrote to memory of 2452	2648	Unicorn-40236.exe	32
PID 2632 wrote to memory of 2536	2632	Unicorn-25292.exe	33
PID 2632 wrote to memory of 2536	2632	Unicorn-25292.exe	33
PID 2632 wrote to memory of 2536	2632	Unicorn-25292.exe	33
PID 2632 wrote to memory of 2536	2632	Unicorn-25292.exe	33
PID 2612 wrote to memory of 2500	2612	Unicorn-51887.exe	34
PID 2612 wrote to memory of 2500	2612	Unicorn-51887.exe	34
PID 2612 wrote to memory of 2500	2612	Unicorn-51887.exe	34
PID 2612 wrote to memory of 2500	2612	Unicorn-51887.exe	34
PID 2612 wrote to memory of 112	2612	Unicorn-51887.exe	35
PID 2612 wrote to memory of 112	2612	Unicorn-51887.exe	35
PID 2612 wrote to memory of 112	2612	Unicorn-51887.exe	35
PID 2612 wrote to memory of 112	2612	Unicorn-51887.exe	35
PID 2452 wrote to memory of 1604	2452	Unicorn-44918.exe	36
PID 2452 wrote to memory of 1604	2452	Unicorn-44918.exe	36
PID 2452 wrote to memory of 1604	2452	Unicorn-44918.exe	36
PID 2452 wrote to memory of 1604	2452	Unicorn-44918.exe	36
PID 2648 wrote to memory of 1960	2648	Unicorn-40236.exe	37
PID 2648 wrote to memory of 1960	2648	Unicorn-40236.exe	37
PID 2648 wrote to memory of 1960	2648	Unicorn-40236.exe	37
PID 2648 wrote to memory of 1960	2648	Unicorn-40236.exe	37
PID 2536 wrote to memory of 2792	2536	Unicorn-29158.exe	38
PID 2536 wrote to memory of 2792	2536	Unicorn-29158.exe	38
PID 2536 wrote to memory of 2792	2536	Unicorn-29158.exe	38
PID 2536 wrote to memory of 2792	2536	Unicorn-29158.exe	38
PID 2632 wrote to memory of 1052	2632	Unicorn-25292.exe	39
PID 2632 wrote to memory of 1052	2632	Unicorn-25292.exe	39
PID 2632 wrote to memory of 1052	2632	Unicorn-25292.exe	39
PID 2632 wrote to memory of 1052	2632	Unicorn-25292.exe	39
PID 2500 wrote to memory of 1688	2500	Unicorn-48187.exe	40
PID 2500 wrote to memory of 1688	2500	Unicorn-48187.exe	40
PID 2500 wrote to memory of 1688	2500	Unicorn-48187.exe	40
PID 2500 wrote to memory of 1688	2500	Unicorn-48187.exe	40
PID 2648 wrote to memory of 1536	2648	Unicorn-40236.exe	41
PID 2648 wrote to memory of 1536	2648	Unicorn-40236.exe	41
PID 2648 wrote to memory of 1536	2648	Unicorn-40236.exe	41
PID 2648 wrote to memory of 1536	2648	Unicorn-40236.exe	41
PID 2632 wrote to memory of 764	2632	Unicorn-25292.exe	42
PID 2632 wrote to memory of 764	2632	Unicorn-25292.exe	42
PID 2632 wrote to memory of 764	2632	Unicorn-25292.exe	42
PID 2632 wrote to memory of 764	2632	Unicorn-25292.exe	42
PID 1960 wrote to memory of 2716	1960	Unicorn-64606.exe	43
PID 1960 wrote to memory of 2716	1960	Unicorn-64606.exe	43
PID 1960 wrote to memory of 2716	1960	Unicorn-64606.exe	43
PID 1960 wrote to memory of 2716	1960	Unicorn-64606.exe	43

C:\Users\Admin\AppData\Local\Temp\40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe
"C:\Users\Admin\AppData\Local\Temp\40f3116ddcc48e87ae34b2b5099dedf33f46af0cb0c888c800ca125bc25c5b8a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64051.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21587.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29620.exe
        9⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34446.exe
        10⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41143.exe
        11⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50505.exe
        12⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14542.exe
        13⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36505.exe
        14⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
        13⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        12⤵
        
        PID:6512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
        11⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
        10⤵
        
        PID:4064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
        9⤵
        Program crash
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58216.exe
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        10⤵
        
        PID:5052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
        11⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22540.exe
        12⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
        12⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 236
        11⤵
        
        PID:7224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
        10⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
        9⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 240
        8⤵
        Program crash
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40205.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25920.exe
        8⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49280.exe
        9⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
        10⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11226.exe
        11⤵
        
        PID:852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 224
        12⤵
        
        PID:7408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
        11⤵
        
        PID:6340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
        10⤵
        
        PID:4964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 216
        9⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
        8⤵
        Program crash
        
        PID:3408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
        7⤵
        Program crash
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58784.exe
        8⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
        9⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49503.exe
        10⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        11⤵
        
        PID:5192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        12⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
        13⤵
        
        PID:5724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
        12⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
        11⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
        10⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 216
        9⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
        8⤵
        Program crash
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38918.exe
        7⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18554.exe
        8⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
        9⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47552.exe
        10⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40251.exe
        11⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
        12⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 236
        11⤵
        
        PID:8212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 236
        10⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
        9⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 236
        8⤵
        
        PID:4196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
        7⤵
        Program crash
        
        PID:3008
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
        6⤵
        Program crash
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60071.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19981.exe
        9⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        10⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe
        11⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        12⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 216
        12⤵
        
        PID:6064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
        11⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
        10⤵
        
        PID:1408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 216
        9⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
        8⤵
        Program crash
        
        PID:3244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
        7⤵
        Program crash
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54404.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-107.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12170.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7863.exe
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52970.exe
        11⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
        12⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
        11⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
        10⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
        9⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
        8⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 236
        7⤵
        Program crash
        
        PID:3260
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        6⤵
        Program crash
        
        PID:2356
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55774.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4648.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35842.exe
        8⤵
        Executes dropped EXE
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54866.exe
        9⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54734.exe
        11⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18077.exe
        12⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36401.exe
        13⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
        12⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
        11⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        10⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 236
        9⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 236
        8⤵
        Program crash
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        7⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        9⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5248.exe
        10⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
        11⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 236
        11⤵
        
        PID:6796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
        10⤵
        
        PID:8020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
        9⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 216
        8⤵
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        7⤵
        Program crash
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58488.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15998.exe
        7⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42806.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55341.exe
        9⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
        10⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26328.exe
        11⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
        12⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
        11⤵
        
        PID:8520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
        10⤵
        
        PID:7020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
        9⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 236
        8⤵
        
        PID:3936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
        7⤵
        Program crash
        
        PID:3132
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
        6⤵
        Program crash
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15919.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53849.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61799.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53112.exe
        8⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12471.exe
        9⤵
        
        PID:4392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26821.exe
        11⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        12⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 236
        11⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
        10⤵
        
        PID:7052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        9⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
        8⤵
        Program crash
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39276.exe
        7⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6441.exe
        8⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9617.exe
        9⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3878.exe
        10⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5290.exe
        11⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
        11⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
        10⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 236
        9⤵
        
        PID:6836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
        8⤵
        
        PID:4956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        7⤵
        Program crash
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9837.exe
        6⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        7⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54163.exe
        8⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41823.exe
        9⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
        10⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 188
        11⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
        10⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
        9⤵
        
        PID:6432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
        8⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 216
        7⤵
        
        PID:4228
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
        6⤵
        Program crash
        
        PID:2524
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
        5⤵
        Program crash
        
        PID:2592
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29241.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25671.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43543.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50398.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
        10⤵
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54781.exe
        11⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        12⤵
        
        PID:7580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48025.exe
        13⤵
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 236
        12⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
        11⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
        10⤵
        
        PID:5436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        9⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63973.exe
        8⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51942.exe
        9⤵
        
        PID:4464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        10⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47708.exe
        11⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
        12⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
        12⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
        11⤵
        
        PID:8632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
        10⤵
        
        PID:6324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
        9⤵
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
        8⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        7⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36836.exe
        8⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53971.exe
        9⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51382.exe
        10⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4537.exe
        11⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
        12⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
        11⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
        10⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
        9⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
        8⤵
        
        PID:4420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
        7⤵
        Program crash
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38067.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60437.exe
        8⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57152.exe
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
        10⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
        11⤵
        
        PID:4252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
        11⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        10⤵
        
        PID:7268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
        9⤵
        
        PID:6556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
        8⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
        7⤵
        Program crash
        
        PID:3152
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
        6⤵
        Program crash
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35375.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
        8⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
        9⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
        10⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34185.exe
        11⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
        11⤵
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 236
        10⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        9⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
        8⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
        7⤵
        Program crash
        
        PID:4032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-216.exe
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
        7⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28144.exe
        8⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63416.exe
        9⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
        10⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 236
        10⤵
        
        PID:9116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 236
        9⤵
        
        PID:7384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        8⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
        7⤵
        
        PID:4708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 220
        6⤵
        Program crash
        
        PID:3324
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
        5⤵
        Program crash
        
        PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50875.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21452.exe
        7⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59970.exe
        8⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
        9⤵
        
        PID:4848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
        10⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4075.exe
        11⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49753.exe
        12⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
        12⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        11⤵
        
        PID:7720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
        10⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
        9⤵
        
        PID:5728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
        8⤵
        
        PID:4452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
        7⤵
        Program crash
        
        PID:976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe
        6⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53172.exe
        7⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19701.exe
        8⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50889.exe
        9⤵
        
        PID:5272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
        10⤵
        
        PID:7568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 236
        10⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 236
        9⤵
        
        PID:6960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
        8⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        7⤵
        
        PID:4356
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
        6⤵
        Program crash
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37683.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59251.exe
        7⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12798.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61667.exe
        9⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61719.exe
        10⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
        11⤵
        
        PID:8528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
        11⤵
        
        PID:4732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
        10⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
        9⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 216
        8⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
        7⤵
        Program crash
        
        PID:3340
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        6⤵
        Program crash
        
        PID:2980
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        5⤵
        Program crash
        
        PID:1316
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1112
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40236.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40236.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44918.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34031.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61825.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62100.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1306.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        10⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        11⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54537.exe
        12⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43915.exe
        13⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
        13⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 236
        12⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
        11⤵
        
        PID:5612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 216
        10⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        9⤵
        Program crash
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12167.exe
        8⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42731.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
        10⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        11⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59950.exe
        12⤵
        
        PID:4080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
        12⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        11⤵
        
        PID:7344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
        10⤵
        
        PID:5372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 216
        9⤵
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
        8⤵
        Program crash
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49137.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        9⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26857.exe
        10⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
        11⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
        12⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
        12⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
        11⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
        10⤵
        
        PID:5980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
        9⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
        8⤵
        Program crash
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
        7⤵
        Program crash
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31374.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
        8⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
        9⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3203.exe
        10⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34029.exe
        11⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        12⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 236
        11⤵
        
        PID:7996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 236
        10⤵
        
        PID:6728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 216
        9⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
        8⤵
        Program crash
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
        7⤵
        Program crash
        
        PID:1952
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
        6⤵
        Program crash
        
        PID:700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        7⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57004.exe
        8⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
        9⤵
        
        PID:4164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34506.exe
        10⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11937.exe
        11⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        12⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
        11⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
        10⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
        9⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
        8⤵
        Program crash
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
        8⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38123.exe
        9⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39675.exe
        10⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        11⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 236
        11⤵
        
        PID:6708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
        10⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
        9⤵
        
        PID:6520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
        8⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
        7⤵
        
        PID:3252
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 236
        6⤵
        Program crash
        
        PID:1596
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
        5⤵
        Program crash
        
        PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52313.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
        7⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51610.exe
        8⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12139.exe
        10⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18461.exe
        11⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49229.exe
        12⤵
        
        PID:6252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 236
        11⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
        10⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
        9⤵
        
        PID:4412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        8⤵
        Program crash
        
        PID:3928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 216
        7⤵
        Program crash
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16552.exe
        6⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59970.exe
        7⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
        9⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13411.exe
        10⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
        10⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 236
        9⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
        8⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 216
        7⤵
        
        PID:4436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        6⤵
        Program crash
        
        PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37980.exe
        6⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59586.exe
        7⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55341.exe
        8⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        9⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37978.exe
        10⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
        11⤵
        
        PID:6824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
        10⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
        9⤵
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        8⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
        7⤵
        
        PID:4112
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
        6⤵
        Program crash
        
        PID:3016
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
        5⤵
        Program crash
        
        PID:588
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20217.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38255.exe
        8⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
        10⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
        11⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
        12⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
        12⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
        11⤵
        
        PID:7284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
        10⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 216
        9⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
        8⤵
        Program crash
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61368.exe
        7⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        8⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44412.exe
        9⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30038.exe
        10⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42773.exe
        11⤵
        
        PID:7972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49229.exe
        12⤵
        
        PID:6028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        11⤵
        
        PID:7980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 236
        10⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
        9⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
        8⤵
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        7⤵
        Program crash
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4902.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5390.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        8⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18694.exe
        9⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8403.exe
        10⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
        11⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
        12⤵
        
        PID:6068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 220
        11⤵
        
        PID:8568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
        10⤵
        
        PID:7116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
        9⤵
        
        PID:4840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
        8⤵
        Program crash
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33306.exe
        7⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
        8⤵
        
        PID:4684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        9⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56883.exe
        10⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62576.exe
        11⤵
        
        PID:8340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
        11⤵
        
        PID:6828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 236
        10⤵
        
        PID:8940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 236
        9⤵
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
        8⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
        7⤵
        
        PID:4364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
        6⤵
        Program crash
        
        PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12603.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58208.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15697.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7427.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
        9⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        10⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
        11⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
        11⤵
        
        PID:6596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
        10⤵
        
        PID:8172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
        9⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        8⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
        7⤵
        Program crash
        
        PID:3852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36863.exe
        6⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
        8⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
        9⤵
        
        PID:7396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        10⤵
        
        PID:4668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 236
        10⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 236
        9⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
        8⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 216
        7⤵
        
        PID:4924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
        6⤵
        Program crash
        
        PID:3600
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        5⤵
        Program crash
        
        PID:884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14502.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30087.exe
        7⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        8⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36971.exe
        9⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        10⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16889.exe
        11⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
        11⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 236
        10⤵
        
        PID:7740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
        9⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
        8⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        7⤵
        Program crash
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24419.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20064.exe
        7⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        8⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        9⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        10⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
        10⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
        9⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
        8⤵
        
        PID:6316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
        7⤵
        
        PID:4104
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
        6⤵
        Program crash
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28036.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46231.exe
        6⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        7⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        8⤵
        
        PID:5324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65118.exe
        9⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        10⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 236
        10⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
        9⤵
        
        PID:7512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
        8⤵
        
        PID:5700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 216
        7⤵
        
        PID:4308
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 236
        6⤵
        Program crash
        
        PID:3100
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
        5⤵
        Program crash
        
        PID:440
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
      4⤵
      Program crash
      PID:2216
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
  2⤵
  - Program crash
  PID:2848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe

Filesize
184KB

MD5
46e2e58bf6783bb2f753c797e4d6768f

SHA1
baa762a929a4fffcb8eb12edd125554cfa94d73d

SHA256
c8051458d346dd7728d038d818abb14e5056d6d6ad879000f083231ba1445b6a

SHA512
2660e55a224374879ef6aac76e3090b15d77b418b6c40ecbcbf7d99f42a84505e40b0be8d5a63dc40552f7eec29ed952a07e106f9cdab52a90f0590131ed3316

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe

Filesize
184KB

MD5
1be97e57e4b82011ec781319b0c49207

SHA1
7efab7387efd2d35ffb412cb5cc7db35658f98f3

SHA256
9d75268430b1a68feab7de7e007cfcad0fd1db263692cd9a42c7ba264e1d3363

SHA512
f9c71734ddbe13d2c3a3e4a6b4dc57139a42fb6ee3b75ef7db66aa3a1759d5a8de5954919ef6ea14ba23b274057f086336afc1642fe72c8502752d68fcdc5eeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe

Filesize
184KB

MD5
1b6b62e2263e0667b6cd7d341c9200fb

SHA1
a58650e466ba3fb198217c9f93d53a933f174e5a

SHA256
a7cf05e8c50c21cbb8a1312fe05e23d3940f6a81879a6aea6d2ad8a982315d88

SHA512
0efa8af4bc20611aaa4ed276ffb26f7e383725a3db166d0e99b167db7d7b88d132c34879d653ce08c146a81b9b4f3e8373a967ce0a83acc92ec11dc68a71f0c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe

Filesize
184KB

MD5
b19e0b979c87271453b26ed41ca4fd55

SHA1
cdf273992a9ece9fdc0bc3eec696ef6be37304c5

SHA256
a40655cd479654a00d162c173ca5f860d664023052ea4df18055dc05416c3764

SHA512
97264b214ae7b5445622503df043fa02a80dc338f8126e4b274b459f24b42cc9d3be761727b6a3e71d1312b0577e594d8e1f0cfb41af0087cdbe42259ee658e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64051.exe

Filesize
184KB

MD5
3f049b9057860aad8dbebeed7d1eb495

SHA1
683a9e2f2067cf4f926f3eb84d3e2bc003e4294f

SHA256
deabe55eb81c2596810496b206d35952fd96a0c27182185222a187f7de00cbe2

SHA512
73b5c0c4f80d1dbfba14e27d9373f5089b0b6c340bf27857e3716ee3bd53fb6a08f7b87a3dec64769f8054bafd5fca82c7df709a7fbc961411b2c1f2c2552d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe

Filesize
184KB

MD5
fd7203a11d3cdc097850a21aeb09f215

SHA1
48797614b0baddc03f60615e3d735824eaff77ee

SHA256
6c38d89906bb5f4c44eb894f1bac0cc1547bccfc61caa08154f9cd670e6aa4c4

SHA512
d77cc7039c2641a917f14326e550e0bea96d83f800a85f4bd919a18909bdac134f7b3640f9681c809b70e1ecc1522d88385bef4cdbfe2e886ba3487a0b2c97b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10766.exe

Filesize
184KB

MD5
3edff3bf598355fd386a26d8a8f55368

SHA1
fd5e5649fc95a43e033b00c23f27490c467bd8fe

SHA256
8076716d8e490da9ff5fc13814f9b48fab790090d322a785f721d1f920140ab6

SHA512
498798b7c19c8e96f191a15b3fe613bca1154830371ebf08308d7a4dbb83a02c2234fff17a7d59c3c4c9201398a9ab2aabbf55a55b22f3ae6002aa8e2db090dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe

Filesize
184KB

MD5
79a3fd30de76deda6c698276335a4a07

SHA1
16b9dd968b7716cb60894935193735fcdd39b876

SHA256
0c3367b0d00fe73c33b466f126099a10399dcc7b403fb765e4682f918c9fd973

SHA512
d99ad891f884dffc8e59fc223845035fb127b08ac323ac09f11cc29856038f99111bd116db8491a6a7a2af8b0dd4867a2984a58516c0bb7de5b453fdf0263c43

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29241.exe

Filesize
184KB

MD5
9cd7dc4bd545e07e3b34f4efdea3f9bb

SHA1
34c0751160c8d407d6be314d93cf3fdc31d7aa08

SHA256
215fcebcbcf4fd5ccf5d41bd6bd72d864bc466e5fe1d439ed5770e2db84334a7

SHA512
d5a7a10a22ad65c4f26640753033cb48082640c0d840575d466d4f05200af4d8a71ce1ad47c56c3af402d1d203b0e58709a1891692cf667caef75eb502572f93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe

Filesize
184KB

MD5
6f1d9b2378b98e2ad409d8c49e26684e

SHA1
fc037983831dac672d3c3372f914ac382eee18d0

SHA256
eb8b8acd2e3b045b205541217e43edfe8e6518a487deb3a8e912f3ce99c7bd48

SHA512
e5c274f2ce9a5c06c644c177b7704630f432eb004940bcfe97acdb6b16b6fcff5ccf23a60707e585d75cad455b5050d0389a573352a8973db3873db7bd65aed6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31824.exe

Filesize
184KB

MD5
9d14ea36e2075a5b4e73da6a1d26d991

SHA1
8d70ff92d9107996b08df0c9b270f7f07670b460

SHA256
be454b51f63645d37c5bacfe01cffb7a75d3f8c14b5d4f4d3aeb3ec9368564fd

SHA512
ded01c97b0855ee1b9fd15fbc88a0ce43645899ec5c5d77b5d79a9a192bfddfdf1b64d5d2e4f018dc75c06f5baacdcc366b070675c57a50cfa4be0d58ab1c308

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe

Filesize
184KB

MD5
a0135a5597a090236222866364369e1c

SHA1
bafba9f0a3b7fd9315d9335138a162a984e214fd

SHA256
cf30ebfda22d25778c3e22f60e914dc03ab9f9e051002d9211ec9d9c4802ce3f

SHA512
150e4f228dddd1d43169e3e5b37ca13dc14432483266401595c79572211a2548354cdab807405659782f29e68b1ab51ed280321cf5efb8089509e0d375f7fea7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40236.exe

Filesize
184KB

MD5
2982215837eacfbda86c01057e0762fb

SHA1
582f090fe781254f66c12192b78b9df7c20d3ceb

SHA256
f109bb8cfd696cb67521dfc018e7809861b60a56ffa8c7a7fcd7fca3edcceb6f

SHA512
8deb9b8aab81601ad01dd0a7393b5103a7e13d54eff64761c65bb11ec44454824fd33dc5ad1bc1e17029eaad9b05144ec9faf6fdc1d3b12239b46347b00e7a16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44918.exe

Filesize
184KB

MD5
cd70a6a22a6dab001bc7e287b082ec0a

SHA1
a8e927fbd1e4e3996afd7a601681f87cc5f70fb0

SHA256
b3fcd2a2176dd296415ca5fdc8d4f091240021dce8a3662721a74000c1c9546c

SHA512
406ef0cfd622971470bb7e26ff84b47819e173527e07ffe7f8a7e83fe56a73d5ea665643cc884d44146dff7d1aba6e47a76227c4ee4701ae396cd0278ff0054e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe

Filesize
184KB

MD5
75c2bc681c5158759950628122281f25

SHA1
06e05e764952f3386df5777753ad49c37b974218

SHA256
81898ead7663a5fc354b42b19c3924aebf176fe08aa9238d9d6a3baff4dcb2de

SHA512
465460901bab1d7244b42e14419aac854d8e7c5d9818f477840d70a1f63432ce6c0f6d93740768e729257dd235c7991f0e97cbe97a180c4b698bb53c1444d750

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe

Filesize
184KB

MD5
ba9ec265bdd306aa630ad36cbb7ea16c

SHA1
0c7a09cbccae67ef810b495c47055d258b7df677

SHA256
8e61e53ff08de4bb1da9091f5f6d8ff061552d09264e6903acb0b7442092b9f2

SHA512
600fb8aa6d390dfb8bfa959ced6d96c63d4164000902afeeaaaf8df0f58fa1b1a1f7b511923a442e25c2a605cddfd73c1ef4dc746a2deb83743f7ace4b997ae6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe

Filesize
184KB

MD5
2ba212e8b72804ac7de51ed47a40492a

SHA1
95a4c3387b3c7f2a4fd7b44eb5a4563afecc53fc

SHA256
b4b64982f0062d6bcd77f9e41c3d1af0bece06acf560ba1ed44accdda83c9507

SHA512
0282e135adb0026d8944419fd2839019be3312525e1ea04752c9fa263dd21fa53f7d994b7a4c158fbafa0ba9b7a0add4ee2c327e99d980e49080eba334f6ac9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9375.exe

Filesize
184KB

MD5
ad371dea9f1dae228ca5c0a9ff04b420

SHA1
fa0859285ccd108f2c7ffb286be94b6267f03a72

SHA256
dd360aabb718aedb1b6c8563677faa3c34a12f448a498378252c830723b40681

SHA512
1197179b3f0e6d791f65fc8d52180c7de8df8ebfb2035fbd2df1d367956924758c4b5c94081cedded52a3a54414ae7c189e0e92fe1a525c36d273312d1bb75f6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads