c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-06-2024 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe
Size

184KB
MD5

bd51fbc5fab6c4194b0544366497968f
SHA1

8d684f32a00c16876f85b159ee08c96b1160be00
SHA256

c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6
SHA512

c9ac8ac4585edb2f25471e644a458469b10967b93cdd13c5d97dca3daff1e84b135513c5d40c6acb7eb0a526d3a8915b0d99ef104e9e06452e73074db745b427
SSDEEP

3072:MBUSagolipEsdRwYeCZLpxOPX2Y0Dz1qH+HPO5BZU41hlnVOFC:MBDohYRwaLPOPXheU9hlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3004	Unicorn-33193.exe
2480	Unicorn-3094.exe
2920	Unicorn-38611.exe
2668	Unicorn-58377.exe
2544	Unicorn-61906.exe
2472	Unicorn-45762.exe
280	Unicorn-34953.exe
2356	Unicorn-2088.exe
2440	Unicorn-17391.exe
1552	Unicorn-33234.exe
2676	Unicorn-20044.exe
2344	Unicorn-10500.exe
924	Unicorn-39603.exe
844	Unicorn-9618.exe
1396	Unicorn-16526.exe
2056	Unicorn-12804.exe
2928	Unicorn-48430.exe
3000	Unicorn-28372.exe
1672	Unicorn-4961.exe
1548	Unicorn-49180.exe
1104	Unicorn-6004.exe
2104	Unicorn-22149.exe
1096	Unicorn-1022.exe
624	Unicorn-51292.exe
2924	Unicorn-4551.exe
2004	Unicorn-53560.exe
2216	Unicorn-1899.exe
2064	Unicorn-37717.exe
1292	Unicorn-3975.exe
2892	Unicorn-254.exe
2956	Unicorn-37385.exe
2584	Unicorn-32978.exe
2368	Unicorn-5947.exe
1696	Unicorn-37359.exe
2784	Unicorn-51043.exe
1648	Unicorn-42943.exe
940	Unicorn-6741.exe
2636	Unicorn-26415.exe
2136	Unicorn-42559.exe
2284	Unicorn-15760.exe
1932	Unicorn-51386.exe
1980	Unicorn-33789.exe
1352	Unicorn-18330.exe
2332	Unicorn-13539.exe
1492	Unicorn-1801.exe
1408	Unicorn-14416.exe
2748	Unicorn-16227.exe
660	Unicorn-49741.exe
1100	Unicorn-36093.exe
972	Unicorn-36393.exe
1308	Unicorn-56259.exe
1304	Unicorn-32222.exe
2348	Unicorn-51438.exe
1572	Unicorn-51246.exe
3036	Unicorn-18574.exe
2516	Unicorn-64245.exe
2616	Unicorn-46648.exe
1872	Unicorn-16545.exe
2568	Unicorn-13892.exe
936	Unicorn-1085.exe
1624	Unicorn-64712.exe
2664	Unicorn-19041.exe
2804	Unicorn-15319.exe
2280	Unicorn-18657.exe

Loads dropped DLL 64 IoCs

pid	Process
1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe
1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe
3004	Unicorn-33193.exe
1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe
1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe
3004	Unicorn-33193.exe
3004	Unicorn-33193.exe
2920	Unicorn-38611.exe
2480	Unicorn-3094.exe
3004	Unicorn-33193.exe
2920	Unicorn-38611.exe
2480	Unicorn-3094.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2668	Unicorn-58377.exe
2668	Unicorn-58377.exe
2544	Unicorn-61906.exe
2544	Unicorn-61906.exe
2920	Unicorn-38611.exe
2480	Unicorn-3094.exe
2920	Unicorn-38611.exe
2480	Unicorn-3094.exe
2472	Unicorn-45762.exe
2472	Unicorn-45762.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
1944	WerFault.exe
2668	Unicorn-58377.exe
2668	Unicorn-58377.exe
280	Unicorn-34953.exe
280	Unicorn-34953.exe
2356	Unicorn-2088.exe
2356	Unicorn-2088.exe
2440	Unicorn-17391.exe
2440	Unicorn-17391.exe
2544	Unicorn-61906.exe
2544	Unicorn-61906.exe
1552	Unicorn-33234.exe
1552	Unicorn-33234.exe
2472	Unicorn-45762.exe
2472	Unicorn-45762.exe
1060	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe
1060	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
828	WerFault.exe
828	WerFault.exe
828	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2500	1708	WerFault.exe	27
2836	3004	WerFault.exe	28
3008	2480	WerFault.exe	30
1944	2920	WerFault.exe	29
1060	2668	WerFault.exe	33
2968	2544	WerFault.exe	32
828	2472	WerFault.exe	34
3040	280	WerFault.exe	36
2844	2356	WerFault.exe	37
1756	2440	WerFault.exe	39
2504	2676	WerFault.exe	40
2728	1552	WerFault.exe	38
1528	2344	WerFault.exe	43
1628	924	WerFault.exe	44
1092	844	WerFault.exe	45
620	1396	WerFault.exe	46
2336	2056	WerFault.exe	47
2032	3000	WerFault.exe	49
2192	2928	WerFault.exe	48
1948	1672	WerFault.exe	53
2156	1548	WerFault.exe	54
2960	624	WerFault.exe	58
2008	2216	WerFault.exe	61
1072	2004	WerFault.exe	60
1088	1104	WerFault.exe	55
1704	2064	WerFault.exe	62
2648	2956	WerFault.exe	68
2324	2104	WerFault.exe	56
1588	2784	WerFault.exe	76
2768	2368	WerFault.exe	73
2880	1696	WerFault.exe	75
1768	2284	WerFault.exe	81
2588	940	WerFault.exe	78
2680	1932	WerFault.exe	82
1676	1980	WerFault.exe	83
1844	2636	WerFault.exe	79
1592	1408	WerFault.exe	87
3084	1096	WerFault.exe	57
3116	1100	WerFault.exe	90
3172	660	WerFault.exe	88
3480	2136	WerFault.exe	80
3516	2924	WerFault.exe	59
3628	1292	WerFault.exe	63
3636	2584	WerFault.exe	69
3784	1648	WerFault.exe	77
3804	472	WerFault.exe	117
3840	2892	WerFault.exe	64
3856	1352	WerFault.exe	84
3872	2748	WerFault.exe	89
3988	1492	WerFault.exe	86
4024	936	WerFault.exe	108
4088	2280	WerFault.exe	112
3280	1308	WerFault.exe	93
3308	2804	WerFault.exe	111
3296	1508	WerFault.exe	114
3428	2452	WerFault.exe	131
3432	972	WerFault.exe	92
3500	1084	WerFault.exe	119
3524	2348	WerFault.exe	101
3568	1748	WerFault.exe	113
3616	1572	WerFault.exe	102
3688	2332	WerFault.exe	85
3704	2568	WerFault.exe	107
3724	1252	WerFault.exe	115

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe
3004	Unicorn-33193.exe
2480	Unicorn-3094.exe
2920	Unicorn-38611.exe
2668	Unicorn-58377.exe
2544	Unicorn-61906.exe
2472	Unicorn-45762.exe
280	Unicorn-34953.exe
2356	Unicorn-2088.exe
2440	Unicorn-17391.exe
1552	Unicorn-33234.exe
2676	Unicorn-20044.exe
2344	Unicorn-10500.exe
924	Unicorn-39603.exe
844	Unicorn-9618.exe
1396	Unicorn-16526.exe
2056	Unicorn-12804.exe
2928	Unicorn-48430.exe
3000	Unicorn-28372.exe
1672	Unicorn-4961.exe
1548	Unicorn-49180.exe
1104	Unicorn-6004.exe
2104	Unicorn-22149.exe
1096	Unicorn-1022.exe
624	Unicorn-51292.exe
2924	Unicorn-4551.exe
2216	Unicorn-1899.exe
2004	Unicorn-53560.exe
1292	Unicorn-3975.exe
2064	Unicorn-37717.exe
2892	Unicorn-254.exe
2956	Unicorn-37385.exe
2584	Unicorn-32978.exe
2368	Unicorn-5947.exe
2784	Unicorn-51043.exe
1696	Unicorn-37359.exe
1648	Unicorn-42943.exe
940	Unicorn-6741.exe
2136	Unicorn-42559.exe
2636	Unicorn-26415.exe
2284	Unicorn-15760.exe
1932	Unicorn-51386.exe
1980	Unicorn-33789.exe
1352	Unicorn-18330.exe
2332	Unicorn-13539.exe
1492	Unicorn-1801.exe
1408	Unicorn-14416.exe
2748	Unicorn-16227.exe
1100	Unicorn-36093.exe
660	Unicorn-49741.exe
972	Unicorn-36393.exe
1308	Unicorn-56259.exe
1304	Unicorn-32222.exe
2348	Unicorn-51438.exe
3036	Unicorn-18574.exe
2616	Unicorn-46648.exe
1572	Unicorn-51246.exe
2516	Unicorn-64245.exe
2568	Unicorn-13892.exe
1872	Unicorn-16545.exe
936	Unicorn-1085.exe
2804	Unicorn-15319.exe
1624	Unicorn-64712.exe
2664	Unicorn-19041.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 3004	1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe	28
PID 1708 wrote to memory of 3004	1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe	28
PID 1708 wrote to memory of 3004	1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe	28
PID 1708 wrote to memory of 3004	1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe	28
PID 1708 wrote to memory of 2480	1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe	30
PID 1708 wrote to memory of 2480	1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe	30
PID 1708 wrote to memory of 2480	1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe	30
PID 1708 wrote to memory of 2480	1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe	30
PID 3004 wrote to memory of 2920	3004	Unicorn-33193.exe	29
PID 3004 wrote to memory of 2920	3004	Unicorn-33193.exe	29
PID 3004 wrote to memory of 2920	3004	Unicorn-33193.exe	29
PID 3004 wrote to memory of 2920	3004	Unicorn-33193.exe	29
PID 1708 wrote to memory of 2500	1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe	31
PID 1708 wrote to memory of 2500	1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe	31
PID 1708 wrote to memory of 2500	1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe	31
PID 1708 wrote to memory of 2500	1708	c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe	31
PID 3004 wrote to memory of 2668	3004	Unicorn-33193.exe	33
PID 3004 wrote to memory of 2668	3004	Unicorn-33193.exe	33
PID 3004 wrote to memory of 2668	3004	Unicorn-33193.exe	33
PID 3004 wrote to memory of 2668	3004	Unicorn-33193.exe	33
PID 2920 wrote to memory of 2544	2920	Unicorn-38611.exe	32
PID 2920 wrote to memory of 2544	2920	Unicorn-38611.exe	32
PID 2920 wrote to memory of 2544	2920	Unicorn-38611.exe	32
PID 2920 wrote to memory of 2544	2920	Unicorn-38611.exe	32
PID 2480 wrote to memory of 2472	2480	Unicorn-3094.exe	34
PID 2480 wrote to memory of 2472	2480	Unicorn-3094.exe	34
PID 2480 wrote to memory of 2472	2480	Unicorn-3094.exe	34
PID 2480 wrote to memory of 2472	2480	Unicorn-3094.exe	34
PID 3004 wrote to memory of 2836	3004	Unicorn-33193.exe	35
PID 3004 wrote to memory of 2836	3004	Unicorn-33193.exe	35
PID 3004 wrote to memory of 2836	3004	Unicorn-33193.exe	35
PID 3004 wrote to memory of 2836	3004	Unicorn-33193.exe	35
PID 2668 wrote to memory of 280	2668	Unicorn-58377.exe	36
PID 2668 wrote to memory of 280	2668	Unicorn-58377.exe	36
PID 2668 wrote to memory of 280	2668	Unicorn-58377.exe	36
PID 2668 wrote to memory of 280	2668	Unicorn-58377.exe	36
PID 2544 wrote to memory of 2356	2544	Unicorn-61906.exe	37
PID 2544 wrote to memory of 2356	2544	Unicorn-61906.exe	37
PID 2544 wrote to memory of 2356	2544	Unicorn-61906.exe	37
PID 2544 wrote to memory of 2356	2544	Unicorn-61906.exe	37
PID 2920 wrote to memory of 1552	2920	Unicorn-38611.exe	38
PID 2920 wrote to memory of 1552	2920	Unicorn-38611.exe	38
PID 2920 wrote to memory of 1552	2920	Unicorn-38611.exe	38
PID 2920 wrote to memory of 1552	2920	Unicorn-38611.exe	38
PID 2480 wrote to memory of 2440	2480	Unicorn-3094.exe	39
PID 2480 wrote to memory of 2440	2480	Unicorn-3094.exe	39
PID 2480 wrote to memory of 2440	2480	Unicorn-3094.exe	39
PID 2480 wrote to memory of 2440	2480	Unicorn-3094.exe	39
PID 2472 wrote to memory of 2676	2472	Unicorn-45762.exe	40
PID 2472 wrote to memory of 2676	2472	Unicorn-45762.exe	40
PID 2472 wrote to memory of 2676	2472	Unicorn-45762.exe	40
PID 2472 wrote to memory of 2676	2472	Unicorn-45762.exe	40
PID 2920 wrote to memory of 1944	2920	Unicorn-38611.exe	41
PID 2920 wrote to memory of 1944	2920	Unicorn-38611.exe	41
PID 2920 wrote to memory of 1944	2920	Unicorn-38611.exe	41
PID 2480 wrote to memory of 3008	2480	Unicorn-3094.exe	42
PID 2920 wrote to memory of 1944	2920	Unicorn-38611.exe	41
PID 2480 wrote to memory of 3008	2480	Unicorn-3094.exe	42
PID 2480 wrote to memory of 3008	2480	Unicorn-3094.exe	42
PID 2480 wrote to memory of 3008	2480	Unicorn-3094.exe	42
PID 2668 wrote to memory of 2344	2668	Unicorn-58377.exe	43
PID 2668 wrote to memory of 2344	2668	Unicorn-58377.exe	43
PID 2668 wrote to memory of 2344	2668	Unicorn-58377.exe	43
PID 2668 wrote to memory of 2344	2668	Unicorn-58377.exe	43

C:\Users\Admin\AppData\Local\Temp\c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe
"C:\Users\Admin\AppData\Local\Temp\c3bce2243fc4b260e132199ce5eb5b5058785ceade289e98e1bf151c0496b3b6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22149.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26415.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19041.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28323.exe
        10⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        11⤵
        
        PID:4976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 220
        12⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
        11⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
        10⤵
        
        PID:4492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
        9⤵
        Program crash
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15319.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
        9⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe
        10⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
        11⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8170.exe
        12⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        13⤵
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
        13⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
        12⤵
        
        PID:7256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        11⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
        10⤵
        
        PID:4488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        9⤵
        Program crash
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 220
        8⤵
        Program crash
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15760.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        8⤵
        Executes dropped EXE
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
        9⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37898.exe
        10⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
        11⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8362.exe
        12⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
        13⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47334.exe
        14⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
        14⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 236
        13⤵
        
        PID:8548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
        12⤵
        
        PID:7272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
        11⤵
        
        PID:5184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        10⤵
        
        PID:4296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
        9⤵
        Program crash
        
        PID:4088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
        8⤵
        Program crash
        
        PID:1768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
        7⤵
        Program crash
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50945.exe
        8⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
        10⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13075.exe
        11⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31928.exe
        12⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
        13⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        14⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
        13⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
        12⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        11⤵
        
        PID:5584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
        10⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
        9⤵
        Program crash
        
        PID:3296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
        8⤵
        Program crash
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        7⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54988.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
        9⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63137.exe
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7812.exe
        11⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53317.exe
        12⤵
        
        PID:7888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17394.exe
        13⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
        13⤵
        
        PID:5956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
        12⤵
        
        PID:8460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        11⤵
        
        PID:6528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
        10⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
        9⤵
        
        PID:4204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
        8⤵
        Program crash
        
        PID:3724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
        7⤵
        Program crash
        
        PID:2960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
        6⤵
        Program crash
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12804.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53560.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49741.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        9⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21889.exe
        10⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63812.exe
        11⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15015.exe
        12⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
        13⤵
        
        PID:7648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
        14⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 236
        14⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 236
        13⤵
        
        PID:8664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
        12⤵
        
        PID:7264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 236
        11⤵
        
        PID:5908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
        10⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        9⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 236
        8⤵
        Program crash
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12792.exe
        7⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17367.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21396.exe
        9⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
        10⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12055.exe
        11⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27995.exe
        12⤵
        
        PID:9124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
        12⤵
        
        PID:8640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 236
        11⤵
        
        PID:8136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
        10⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
        9⤵
        
        PID:4456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
        8⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        7⤵
        Program crash
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16227.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55735.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40342.exe
        8⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8170.exe
        10⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
        11⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42984.exe
        12⤵
        
        PID:2420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        11⤵
        
        PID:8860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        10⤵
        
        PID:7228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
        9⤵
        
        PID:5552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
        8⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
        7⤵
        Program crash
        
        PID:3872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        6⤵
        Program crash
        
        PID:2336
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3975.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41084.exe
        9⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1368.exe
        10⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4984.exe
        11⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23613.exe
        12⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
        13⤵
        
        PID:8920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
        13⤵
        
        PID:4112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 236
        12⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 236
        11⤵
        
        PID:7412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
        10⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
        9⤵
        
        PID:4220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
        8⤵
        Program crash
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20098.exe
        8⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        9⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21410.exe
        10⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe
        11⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
        12⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
        12⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        11⤵
        
        PID:7248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 236
        10⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
        9⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 216
        8⤵
        
        PID:3764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
        7⤵
        Program crash
        
        PID:3628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14416.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39975.exe
        7⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
        8⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52693.exe
        9⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19926.exe
        10⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64024.exe
        11⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        12⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        13⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
        12⤵
        
        PID:8904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
        11⤵
        
        PID:7304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 236
        10⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
        9⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 236
        8⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 236
        7⤵
        Program crash
        
        PID:1592
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
        6⤵
        Program crash
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-254.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52173.exe
        8⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59351.exe
        9⤵
        
        PID:4620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63556.exe
        10⤵
        
        PID:5416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42424.exe
        11⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
        12⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
        12⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
        11⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
        10⤵
        
        PID:6680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 216
        9⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        8⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 236
        7⤵
        Program crash
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35869.exe
        6⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17270.exe
        7⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        8⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58824.exe
        9⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
        10⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        11⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        10⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
        9⤵
        
        PID:7184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
        8⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 216
        7⤵
        
        PID:5036
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
        6⤵
        Program crash
        
        PID:3840
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        5⤵
        Program crash
        
        PID:2728
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18842.exe
        9⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37649.exe
        10⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3748.exe
        11⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12055.exe
        12⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
        13⤵
        
        PID:8324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 236
        13⤵
        
        PID:4860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
        12⤵
        
        PID:8144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
        11⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 216
        10⤵
        
        PID:4744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
        9⤵
        
        PID:1504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        8⤵
        Program crash
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46648.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe
        9⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2380.exe
        10⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46876.exe
        11⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41011.exe
        12⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42683.exe
        13⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 236
        12⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
        11⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
        10⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
        9⤵
        
        PID:5012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 216
        8⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
        7⤵
        Program crash
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51043.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51438.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53434.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
        9⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27404.exe
        10⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
        11⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17296.exe
        12⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
        13⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
        12⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 236
        11⤵
        
        PID:7504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        10⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
        9⤵
        
        PID:4716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
        8⤵
        Program crash
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        7⤵
        Program crash
        
        PID:1588
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 240
        6⤵
        Program crash
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        8⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20737.exe
        9⤵
        
        PID:4400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
        10⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe
        11⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
        12⤵
        
        PID:7852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54245.exe
        13⤵
        
        PID:8204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
        12⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 236
        11⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
        10⤵
        
        PID:5732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
        9⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 216
        8⤵
        
        PID:3196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
        7⤵
        Program crash
        
        PID:3480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13892.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35889.exe
        7⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35454.exe
        8⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3065.exe
        9⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe
        10⤵
        
        PID:6904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
        11⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 236
        11⤵
        
        PID:9156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
        10⤵
        
        PID:7736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
        9⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
        8⤵
        
        PID:4960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
        7⤵
        Program crash
        
        PID:3704
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
        6⤵
        Program crash
        
        PID:3084
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 240
        5⤵
        Program crash
        
        PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10500.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37385.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52148.exe
        10⤵
        
        PID:4428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
        11⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
        12⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        13⤵
        
        PID:9180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 236
        13⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        12⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
        11⤵
        
        PID:6656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
        10⤵
        
        PID:4544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 216
        9⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
        8⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56621.exe
        9⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32225.exe
        10⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
        11⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24541.exe
        12⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 236
        12⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 236
        11⤵
        
        PID:7924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
        10⤵
        
        PID:6444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 236
        9⤵
        
        PID:4388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
        8⤵
        Program crash
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45740.exe
        7⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        9⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        10⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54505.exe
        11⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16454.exe
        12⤵
        
        PID:8408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
        12⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 236
        11⤵
        
        PID:916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 236
        10⤵
        
        PID:7120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 216
        9⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
        8⤵
        
        PID:3652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        7⤵
        Program crash
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1137.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53727.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
        9⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
        9⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
        10⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe
        11⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9677.exe
        12⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
        13⤵
        
        PID:2140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
        12⤵
        
        PID:8992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 236
        11⤵
        
        PID:7360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 236
        10⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 220
        9⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
        8⤵
        Program crash
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51075.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6626.exe
        8⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26862.exe
        9⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44100.exe
        10⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
        11⤵
        
        PID:8712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
        11⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 236
        10⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
        9⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 216
        8⤵
        
        PID:4616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
        7⤵
        Program crash
        
        PID:3432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        6⤵
        Program crash
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32978.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2308.exe
        7⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42203.exe
        8⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
        9⤵
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8938.exe
        10⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23710.exe
        11⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
        12⤵
        
        PID:5720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 220
        11⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
        10⤵
        
        PID:6876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
        9⤵
        
        PID:5564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
        8⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 216
        7⤵
        
        PID:4760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        6⤵
        Program crash
        
        PID:3636
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
        5⤵
        Program crash
        
        PID:1528
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1060
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51246.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
        8⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52558.exe
        9⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45940.exe
        10⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56795.exe
        11⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58110.exe
        12⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        13⤵
        
        PID:5292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
        12⤵
        
        PID:9008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
        11⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
        10⤵
        
        PID:5596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        9⤵
        
        PID:4408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
        8⤵
        Program crash
        
        PID:3616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
        7⤵
        Program crash
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64245.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
        7⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5059.exe
        8⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
        9⤵
        
        PID:5872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
        10⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10430.exe
        11⤵
        
        PID:8580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 236
        11⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 236
        10⤵
        
        PID:7812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
        9⤵
        
        PID:6332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 216
        8⤵
        
        PID:4548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        7⤵
        
        PID:3960
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
        6⤵
        Program crash
        
        PID:2156
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        5⤵
        Program crash
        
        PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28372.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37717.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18330.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9606.exe
        7⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49942.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
        9⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe
        10⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52905.exe
        11⤵
        
        PID:8344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
        11⤵
        
        PID:9148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        10⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
        9⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 216
        8⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
        7⤵
        Program crash
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38557.exe
        6⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54477.exe
        7⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        8⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8975.exe
        9⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41362.exe
        10⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9625.exe
        11⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        12⤵
        
        PID:5544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
        12⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
        11⤵
        
        PID:8736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 236
        10⤵
        
        PID:7136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 236
        9⤵
        
        PID:6044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        8⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 216
        7⤵
        
        PID:3864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
        6⤵
        Program crash
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13539.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24516.exe
        6⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22233.exe
        7⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe
        8⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42814.exe
        9⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
        10⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
        11⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
        11⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
        10⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
        9⤵
        
        PID:6496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
        8⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 236
        7⤵
        Program crash
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22356.exe
        7⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1980.exe
        8⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
        9⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11286.exe
        10⤵
        
        PID:8224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 236
        10⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 236
        9⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        8⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        7⤵
        
        PID:4728
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        6⤵
        Program crash
        
        PID:3688
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
        5⤵
        Program crash
        
        PID:2032
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16526.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4551.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1085.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 224
        8⤵
        Program crash
        
        PID:4024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        7⤵
        Program crash
        
        PID:3784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64712.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        7⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
        8⤵
        
        PID:5112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42851.exe
        9⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
        10⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
        11⤵
        
        PID:4184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 236
        11⤵
        
        PID:5928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 236
        10⤵
        
        PID:8396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
        9⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        8⤵
        
        PID:5824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        7⤵
        
        PID:4688
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
        6⤵
        Program crash
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34993.exe
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51130.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5858.exe
        8⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11643.exe
        9⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30924.exe
        10⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45118.exe
        11⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
        12⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
        12⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 236
        11⤵
        
        PID:8292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
        10⤵
        
        PID:7672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
        9⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        8⤵
        
        PID:4780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
        7⤵
        Program crash
        
        PID:3568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
        6⤵
        Program crash
        
        PID:2588
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 240
        5⤵
        Program crash
        
        PID:620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1899.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50753.exe
        6⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22015.exe
        7⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21012.exe
        8⤵
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
        9⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55503.exe
        10⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
        11⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9595.exe
        12⤵
        
        PID:5816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
        11⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 236
        10⤵
        
        PID:7572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
        9⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 216
        8⤵
        
        PID:4104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 216
        7⤵
        
        PID:3904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
        6⤵
        Program crash
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20218.exe
        5⤵
        
        PID:472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
        6⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7098.exe
        7⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6754.exe
        8⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16069.exe
        9⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
        10⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
        11⤵
        
        PID:8624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
        11⤵
        
        PID:5160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 236
        10⤵
        
        PID:7700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        9⤵
        
        PID:6900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
        8⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 216
        7⤵
        
        PID:5004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 236
        6⤵
        Program crash
        
        PID:3804
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
        5⤵
        Program crash
        
        PID:2008
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
      4⤵
      Program crash
      PID:1756
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 220
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3008
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
  2⤵
  - Program crash
  PID:2500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20044.exe

Filesize
184KB

MD5
247200853244e68244e400a12f9b56a6

SHA1
c01e1fd3b431a30b59049112d59bb18e1be101ef

SHA256
bef50ddfc73d74d9f26b4418c7a9fc7d0a8e1bd7d8dcdc6ba3d8b873f3c3c2e0

SHA512
1890d52734f786524fcf2b71436d658f26844e67ca90678f5d816ac7d774899087da2b10f2857df64667339b4a08960a9ba66a857e3067fbbd2e08d16a514995

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22579.exe

Filesize
184KB

MD5
22bbb7fd5ad39370202b5f2477e4d8bd

SHA1
c1493dee2024ce202c0ee2794a3fde0a0827af93

SHA256
95c24a0cf2a665166b115010e73bcb8b61233b3ad190e00777ae13d805bcd9d9

SHA512
b7d5ee797cd628e4b9490f3f77b8770e763fc07a4bd9c0b19f5d6aab4003f422deba33cfecb52cce0c735084cc81615acedf9849371098a1cdf088dbd48a5620

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23163.exe

Filesize
184KB

MD5
2e11d8d8640d5dfd712fb1c2d3097fe4

SHA1
52be8b661df818a67cf4f1c45712e5c2b14150e3

SHA256
05dd815d22a442eca97d9bd349279ae7c2ea7c35c78d00ebd28867361b4a3c37

SHA512
ac45841018bf24c169904932728c458bef285f532f3b26b21d5a575708970993edf6eb058fdd8ae13a88ebf68d6f74bb381691efec56094d5483b4a2bc831d27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe

Filesize
184KB

MD5
c2bf29cb925bb8d5888fa7e5760d0d4c

SHA1
cc642cfcbe7cbb1d29f18ba93236bfa9ad374527

SHA256
54065783d7957606a19be3824db85ea5c5a5cb9c2b7d97a347a0bd855ae7b37b

SHA512
abe6878a415974bf6dac40d32b36bb6ee5f5eb23f6e89bd40a19fd5e74212edb5acc14145f6d18e38cf5e1f324524db6d7d33a476a648347ab424403cbc503ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe

Filesize
184KB

MD5
f8c03a65294ba677dba64b4920b1a058

SHA1
9eb9720401489baa5e63b74645906183dfd05f28

SHA256
d8c76cf69899042c5f3c84e20ddf443948ec239373ffd9bd456de64f6e1e0889

SHA512
96c79be2036ac99cd29dea66015ea45d50da4016490d61af12e15e3c47074ba93a204c988ca9ee5f3bddd6fb6124bf445dfeccd6a4ec14a2e72d49e5d30964f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54976.exe

Filesize
184KB

MD5
a1caca06f73621aaea279ef24b80702e

SHA1
11eed58509070a370df6c05ec76d88071f22d150

SHA256
b91d9284124acbaae17f3940bbb508e8ff197ed05c076dc0332eab206c88daf2

SHA512
ebc75bd6b13027433797e688f355bf11cd5302c8153496895b9f02ce8324bbbf1b9bcc6695dd7d42dfacf1c2571f3f7488efc1990745b8adea735a44f3c36b9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55786.exe

Filesize
184KB

MD5
ac28c40afe33125acd6656dbf9399520

SHA1
a46b4bd4d9dbc966006f55058dcac786d58d3608

SHA256
5d7def1dc7c0667a1acf1841e5ec1e82bcaa913d12448933357ea05fd7103aa7

SHA512
b1b3694c9f3dd50a41d5962e2aca4a034816052bec4b1b20687cab60227066599f596aca5f8dc8da2c323470e5e7602e868d1feb18fb88da0db8797314a0c1c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe

Filesize
184KB

MD5
1054b18a46ab6b95755ef62e517cfdcc

SHA1
7e9f5c3c53c5807e4223a53634c688a78753cece

SHA256
0af4c8831e6e6453db656643e09053aab22fb9042139710b3ebe4681ae497d63

SHA512
5a85935c136bc49c3a199f3242a0b32f7c8e69859b0120ee1e292fdc07bb43a972eb2778ecb7696294188838287f98274ae3c6f0a14b8f5d1763ff274b4c58c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5947.exe

Filesize
184KB

MD5
13e4a78093a7be77d3ff968ee2db0658

SHA1
dd567b9176d9b23b869a3a293b42680f24154e16

SHA256
91d2b5ef23be4478d399846301981ea0d11bbdc917000299c36d04dd57abc279

SHA512
8c764f0abc487f0c3b0b19f1b91e724ef2539c0016624504c57de8a763d61b6b2d86e8e11157517fa005319e15f81b92d0cd3bd20476297cf136a6b9ef7bbd3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6004.exe

Filesize
184KB

MD5
c920c401d4c07b38a8312fb803336872

SHA1
b883d5eebfd755a9a52eb5bac9a74fa974037135

SHA256
c364ca6a90c6608a7d062fb9a30fceae22064a25b097a32956927125cf889c50

SHA512
5d8323d2b425b9d277ebe54fd7fbeff52f08abbe1931a5f066afbb11bc6668111137a220541ab0487292b69974aae5bd2ecce17f7bc9beca704481f5d2353ed2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe

Filesize
184KB

MD5
d71810f6fea9b4ae8f9409460aaf7018

SHA1
4508cb14d1136987546f33c4ab094f10d63d6247

SHA256
59a47cbde97b8850c2f761b313d5baf894336f584e34f8796a8e76b1f956ffe6

SHA512
ec990fddb1b7e72ef8e5abbbe91632ab8d33641eb6a8459818cfa5c13d61df9016cc8d3accc6ccdeb078a21f51513ba5b045e2c9e426251170836a59fea4ab40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63448.exe

Filesize
184KB

MD5
a730169cab7e22519380a5c087741ed3

SHA1
7e69c191940873977db7de4c42341f4fe237b779

SHA256
d846b5d151c8ffd83d52516f866afe9f80e956c5ab34a1b88808a28c88c58cfa

SHA512
42e2ec69150ad48d0c34e6bc5e98a5bc0e5c2a9398f8f4b4a9ea85ed9cde4205d508602bab08a5bcd5fceb5ba8b154f792f18c85ecf08683304c5c7992d0a9b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10500.exe

Filesize
184KB

MD5
5a9858fabfbd0830965912b182d09eaf

SHA1
c78a0071b952ee472bc28ab689b31e3558f70bc5

SHA256
64f13f382862705bd330ef250ef843cab572f3e571627867477509282147a01c

SHA512
534c255b0bdda0b135216f4829b4c0fba0fc944185654a10b35bc638a55e100387ac0095a0e51de1c2e894f9803a9eafd2e024b23122b32d5ffadd0c393e2dec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe

Filesize
184KB

MD5
4134504570c365dd11686bea993c7dc1

SHA1
e41e3e38a7d0b1bf6bdcc46c47c1e58e076e7d42

SHA256
8917f6845a28422ad9224ae0c6c2b928c0b57d7e0a64b978b5496c2d70bb1cb4

SHA512
124f98d800ebe19c90f4a8e13eb3976a7977aa7895125eace7dc477934c8d9bc11e936f2eedb3ab4cc8e5d6969a7ea426fddc68b03f8525b887c6a83a7bc8205

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe

Filesize
184KB

MD5
5d7b41e27771f488898edc9b09b8a7d4

SHA1
64e8134ddacba6ab8a520d114ffc3274f2e1acea

SHA256
51e04bb8e029071f753fb2cfccbd34e3b9677b5e5e81f6263a0e12700d5e4f0a

SHA512
dbe19020d00a10403ed1ed4e7ec20d6cd1f174eaf37c22c4f1cf96067951d79b0216fe0f94222dc67483ef1545f81a16c243c114e73116b1575973b6b6843656

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe

Filesize
184KB

MD5
c5b1aafbb135ef90e1625891287fe9a2

SHA1
700db43e3493536ba5123a7a5ea8dc4fcb0ae755

SHA256
b4e2e471aeedcb09683a3188d634abd7525a6b42914b1ce72ce357eec41e335f

SHA512
017290a0421139bcc95f6867c3b4c460539e354ebfd80ec92474e34398d0a43b0246ec2f80bd9397bc9c0ff3e170048f42a6eb8e93e5e1ad713cb749b7d3fb24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe

Filesize
184KB

MD5
2cc10030ae32d57db6cd6f48f9d297c5

SHA1
d18726b9397551a50e094a51d8cf27563befdfa3

SHA256
6d63c0d390eb5910398b0e7d5e7ff4b4fe24726bcfe302e77aaa0f5c3372177b

SHA512
751ecdd2e797dfd113d63613ca9d9d88756326cc11ff3b9240a9bbd6a6fffb9ac563260b72bb90cda22bacb0a4a27d50c467f9948cfe1ba4950cfaf6d787d21e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe

Filesize
184KB

MD5
a7d995dbd5187103919f625c737a81b7

SHA1
87a5139fc4206b2ce5661e5608f2c18200a52f76

SHA256
0fe5b3b59f33a0c56572d1c2fdbdf8f73b7c7c2caa0a95ef1636464bee3fa5ff

SHA512
6accb1db61c87f3cf7e8cf9ec3d5a1f9f0ba92579dca83aee3f10d15f845dd6539b9521708a69907431d1a37a3abda5f2881d84b06fa4698da861249a885b879

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe

Filesize
184KB

MD5
873207b469fabf0fc170954a2de02f11

SHA1
1becd6b20cc38b8f65ae9b9c9ffa990a3a34655d

SHA256
74ac3c79caaa5b39bb01b3e9fa18a8e97c6a7bd918e600f0eabe9386de90db5f

SHA512
e10d074f0b27da10eead957f266409a5505684d05c271f5ded8f86b6d49705f7e52fdc480520334139cf6bd35f4269b5ce367a1b57f4aeb5bcfea8a7e0323861

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe

Filesize
184KB

MD5
1efa64681ad3a39bc14158c914b385ef

SHA1
933993f951b8032924e44fd561a39f1432f7a0a4

SHA256
73e69c03db6e8db0cc3ce9ca6bf8d2131867e82d29771f74f2d38a92db7ff5c1

SHA512
100f14152ebac7c9115745f704a5227c9cec20b74eb0d633c98de182a7e401e668090b3127914fa39b894790eaef3ea1226f8e3262ba480b5f377e3bf8236324

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39603.exe

Filesize
184KB

MD5
507dc17a5625301e8688bb24778de8df

SHA1
4217dbb28550e6b7c5f7272ce8a2a4ed2fb749d1

SHA256
a94f3ac9b7663511968531bf1b572583fa12db5c9609f6c7f0eeabf22de6ec73

SHA512
bcd5dfbadfebaaf569c9f4629162dc51854150cc9362492c29c983d92f4a665390a02fe0580046c9cc1ca2a36166c9a3cf9aa1c0b53ed3a1677bf6c44bb93143

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45762.exe

Filesize
184KB

MD5
fe42e0cce62461d93ff6a27506b571df

SHA1
ae40fd2e0ee8caaa1ce7872e1fa3256e889781df

SHA256
bda14b0a4a5ee8c587bbaf49be080374e2a2f218c98c861de1ad89e1c86dac1e

SHA512
feb89656c5e87c37dd720c50d731946f614714616bee3d727511e66e2a4e97efb2de9852abe951c752077201d20fa6f39feb3deecfbd4dfd72c15af25ebf1ae1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe

Filesize
184KB

MD5
cc86a933881940a46b41910fd49fa3a2

SHA1
7b3ef9a23539869ef182892347e0166733957eb3

SHA256
1d9bcd4c1e1deca2dca6967d9a7cef6419b0cefbcebb63bf2bc8f19c73901b16

SHA512
cead7173229b414b6d21f68b479dd7432a1e6ffd5261213fd02f8d319522ead32829d86d9e298c7db240e0f1757b25d629160f3fc7646840c483e4d1afd41899

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads