f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01/06/2024, 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe
Size

184KB
MD5

8bfe310906b243880041b8b7283860f2
SHA1

2c87a0b37ac5239967244a9f5c16204a3a21d059
SHA256

f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12
SHA512

46ea4bb23766d416a1d02927d98e232f0bdc1851ea210c7535fc8c31b8130dc361b45a30013cc77ebf31b307f2864c6777507b6c552fc72670be4c36410eaeca
SSDEEP

3072:TALQlxoJA4joddmWezwLBK7GwlnViFGn9:TAEolUdm2LI7GwlnViFG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1892	Unicorn-61798.exe
3032	Unicorn-30299.exe
2996	Unicorn-58674.exe
2756	Unicorn-47787.exe
2912	Unicorn-59484.exe
2624	Unicorn-60060.exe
2332	Unicorn-57185.exe
456	Unicorn-38649.exe
908	Unicorn-3023.exe
2576	Unicorn-31057.exe
2556	Unicorn-19359.exe
1472	Unicorn-20699.exe
944	Unicorn-50610.exe
952	Unicorn-53947.exe
1112	Unicorn-35944.exe
2712	Unicorn-23522.exe
1744	Unicorn-56194.exe
2780	Unicorn-60833.exe
1832	Unicorn-6993.exe
784	Unicorn-15026.exe
240	Unicorn-59588.exe
1680	Unicorn-1067.exe
1940	Unicorn-58436.exe
900	Unicorn-13874.exe
2220	Unicorn-42484.exe
2968	Unicorn-17788.exe
2864	Unicorn-49235.exe
2100	Unicorn-10470.exe
1464	Unicorn-35743.exe
2988	Unicorn-23853.exe
1448	Unicorn-3755.exe
1616	Unicorn-64886.exe
2464	Unicorn-51633.exe
2632	Unicorn-23599.exe
2456	Unicorn-60569.exe
2652	Unicorn-40703.exe
2384	Unicorn-60377.exe
2476	Unicorn-23983.exe
1160	Unicorn-27513.exe
2640	Unicorn-9567.exe
556	Unicorn-62297.exe
1648	Unicorn-20689.exe
1620	Unicorn-28665.exe
1948	Unicorn-4222.exe
1768	Unicorn-9671.exe
940	Unicorn-9671.exe
2324	Unicorn-22478.exe
308	Unicorn-42344.exe
2716	Unicorn-9479.exe
1684	Unicorn-14118.exe
1680	Unicorn-59474.exe
1936	Unicorn-5634.exe
2764	Unicorn-51410.exe
2248	Unicorn-6464.exe
1888	Unicorn-58810.exe
2228	Unicorn-42858.exe
2628	Unicorn-41440.exe
2660	Unicorn-600.exe
2732	Unicorn-37186.exe
2468	Unicorn-28826.exe
1056	Unicorn-39795.exe
2848	Unicorn-65369.exe
2580	Unicorn-2676.exe
2188	Unicorn-43517.exe

Loads dropped DLL 64 IoCs

pid	Process
2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe
2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe
1892	Unicorn-61798.exe
2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe
1892	Unicorn-61798.exe
2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe
3032	Unicorn-30299.exe
1892	Unicorn-61798.exe
3032	Unicorn-30299.exe
1892	Unicorn-61798.exe
2996	Unicorn-58674.exe
2996	Unicorn-58674.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2832	WerFault.exe
2756	Unicorn-47787.exe
2756	Unicorn-47787.exe
2912	Unicorn-59484.exe
2912	Unicorn-59484.exe
3032	Unicorn-30299.exe
3032	Unicorn-30299.exe
2996	Unicorn-58674.exe
2996	Unicorn-58674.exe
2624	Unicorn-60060.exe
2624	Unicorn-60060.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1664	WerFault.exe
1664	WerFault.exe
1664	WerFault.exe
1664	WerFault.exe
1664	WerFault.exe
2332	Unicorn-57185.exe
2756	Unicorn-47787.exe
2332	Unicorn-57185.exe
2756	Unicorn-47787.exe
456	Unicorn-38649.exe
456	Unicorn-38649.exe
2912	Unicorn-59484.exe
2912	Unicorn-59484.exe
908	Unicorn-3023.exe
908	Unicorn-3023.exe
2576	Unicorn-31057.exe
2576	Unicorn-31057.exe
2624	Unicorn-60060.exe
2624	Unicorn-60060.exe
2556	Unicorn-19359.exe
2556	Unicorn-19359.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe
1836	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2508	2696	WerFault.exe	27
2832	1892	WerFault.exe	28
1976	3032	WerFault.exe	29
1664	2996	WerFault.exe	30
3016	2756	WerFault.exe	33
1244	2912	WerFault.exe	32
1836	2624	WerFault.exe	34
872	2332	WerFault.exe	36
2496	456	WerFault.exe	37
2516	908	WerFault.exe	38
2356	2576	WerFault.exe	40
2836	2556	WerFault.exe	39
2296	1472	WerFault.exe	43
2144	944	WerFault.exe	44
1184	952	WerFault.exe	45
3000	1112	WerFault.exe	46
2176	2712	WerFault.exe	47
2320	2780	WerFault.exe	49
2860	1744	WerFault.exe	48
2868	1832	WerFault.exe	50
2992	784	WerFault.exe	54
1008	240	WerFault.exe	55
1628	2864	WerFault.exe	61
884	1448	WerFault.exe	65
2888	1616	WerFault.exe	66
1964	2464	WerFault.exe	69
1072	2456	WerFault.exe	71
2612	2988	WerFault.exe	64
2368	2632	WerFault.exe	70
888	1648	WerFault.exe	81
2272	2384	WerFault.exe	75
1216	2968	WerFault.exe	60
1012	2716	WerFault.exe	88
1136	940	WerFault.exe	84
1924	308	WerFault.exe	86
3380	1784	WerFault.exe	146
3456	1936	WerFault.exe	96
3612	2248	WerFault.exe	103
3624	2476	WerFault.exe	76
3724	2652	WerFault.exe	72
3732	1620	WerFault.exe	82
3788	556	WerFault.exe	79
3836	1940	WerFault.exe	57
3844	1464	WerFault.exe	63
3912	2764	WerFault.exe	100
3944	2324	WerFault.exe	87
3992	1684	WerFault.exe	89
4004	1680	WerFault.exe	97
4012	2100	WerFault.exe	62
4020	1948	WerFault.exe	83
4028	1160	WerFault.exe	78
4048	1768	WerFault.exe	85
4076	900	WerFault.exe	58
608	2220	WerFault.exe	59
3088	472	WerFault.exe	121
3236	2640	WerFault.exe	80
3324	3036	WerFault.exe	134
3320	2660	WerFault.exe	106
3472	2148	WerFault.exe	128
3656	2720	WerFault.exe	147
3760	2468	WerFault.exe	109
3820	1916	WerFault.exe	145
3980	1300	WerFault.exe	143
3164	2276	WerFault.exe	140

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe
1892	Unicorn-61798.exe
3032	Unicorn-30299.exe
2996	Unicorn-58674.exe
2756	Unicorn-47787.exe
2912	Unicorn-59484.exe
2624	Unicorn-60060.exe
2332	Unicorn-57185.exe
456	Unicorn-38649.exe
908	Unicorn-3023.exe
2576	Unicorn-31057.exe
2556	Unicorn-19359.exe
1472	Unicorn-20699.exe
944	Unicorn-50610.exe
952	Unicorn-53947.exe
1112	Unicorn-35944.exe
2712	Unicorn-23522.exe
1744	Unicorn-56194.exe
2780	Unicorn-60833.exe
1832	Unicorn-6993.exe
784	Unicorn-15026.exe
240	Unicorn-59588.exe
900	Unicorn-13874.exe
1940	Unicorn-58436.exe
2220	Unicorn-42484.exe
2968	Unicorn-17788.exe
2864	Unicorn-49235.exe
1448	Unicorn-3755.exe
2100	Unicorn-10470.exe
1464	Unicorn-35743.exe
2988	Unicorn-23853.exe
1616	Unicorn-64886.exe
2464	Unicorn-51633.exe
2632	Unicorn-23599.exe
2652	Unicorn-40703.exe
2456	Unicorn-60569.exe
2384	Unicorn-60377.exe
2476	Unicorn-23983.exe
1160	Unicorn-27513.exe
556	Unicorn-62297.exe
2640	Unicorn-9567.exe
1648	Unicorn-20689.exe
1620	Unicorn-28665.exe
1948	Unicorn-4222.exe
2324	Unicorn-22478.exe
308	Unicorn-42344.exe
1768	Unicorn-9671.exe
940	Unicorn-9671.exe
1684	Unicorn-14118.exe
2716	Unicorn-9479.exe
1680	Unicorn-59474.exe
1936	Unicorn-5634.exe
2764	Unicorn-51410.exe
2248	Unicorn-6464.exe
1888	Unicorn-58810.exe
2228	Unicorn-42858.exe
2660	Unicorn-600.exe
2628	Unicorn-41440.exe
2732	Unicorn-37186.exe
2468	Unicorn-28826.exe
1056	Unicorn-39795.exe
2848	Unicorn-65369.exe
2580	Unicorn-2676.exe
2572	Unicorn-15483.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 1892	2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe	28
PID 2696 wrote to memory of 1892	2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe	28
PID 2696 wrote to memory of 1892	2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe	28
PID 2696 wrote to memory of 1892	2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe	28
PID 1892 wrote to memory of 3032	1892	Unicorn-61798.exe	29
PID 1892 wrote to memory of 3032	1892	Unicorn-61798.exe	29
PID 1892 wrote to memory of 3032	1892	Unicorn-61798.exe	29
PID 1892 wrote to memory of 3032	1892	Unicorn-61798.exe	29
PID 2696 wrote to memory of 2996	2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe	30
PID 2696 wrote to memory of 2996	2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe	30
PID 2696 wrote to memory of 2996	2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe	30
PID 2696 wrote to memory of 2996	2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe	30
PID 2696 wrote to memory of 2508	2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe	31
PID 2696 wrote to memory of 2508	2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe	31
PID 2696 wrote to memory of 2508	2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe	31
PID 2696 wrote to memory of 2508	2696	f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe	31
PID 3032 wrote to memory of 2912	3032	Unicorn-30299.exe	32
PID 3032 wrote to memory of 2912	3032	Unicorn-30299.exe	32
PID 3032 wrote to memory of 2912	3032	Unicorn-30299.exe	32
PID 3032 wrote to memory of 2912	3032	Unicorn-30299.exe	32
PID 1892 wrote to memory of 2756	1892	Unicorn-61798.exe	33
PID 1892 wrote to memory of 2756	1892	Unicorn-61798.exe	33
PID 1892 wrote to memory of 2756	1892	Unicorn-61798.exe	33
PID 1892 wrote to memory of 2756	1892	Unicorn-61798.exe	33
PID 2996 wrote to memory of 2624	2996	Unicorn-58674.exe	34
PID 2996 wrote to memory of 2624	2996	Unicorn-58674.exe	34
PID 2996 wrote to memory of 2624	2996	Unicorn-58674.exe	34
PID 2996 wrote to memory of 2624	2996	Unicorn-58674.exe	34
PID 1892 wrote to memory of 2832	1892	Unicorn-61798.exe	35
PID 1892 wrote to memory of 2832	1892	Unicorn-61798.exe	35
PID 1892 wrote to memory of 2832	1892	Unicorn-61798.exe	35
PID 1892 wrote to memory of 2832	1892	Unicorn-61798.exe	35
PID 2756 wrote to memory of 2332	2756	Unicorn-47787.exe	36
PID 2756 wrote to memory of 2332	2756	Unicorn-47787.exe	36
PID 2756 wrote to memory of 2332	2756	Unicorn-47787.exe	36
PID 2756 wrote to memory of 2332	2756	Unicorn-47787.exe	36
PID 2912 wrote to memory of 456	2912	Unicorn-59484.exe	37
PID 2912 wrote to memory of 456	2912	Unicorn-59484.exe	37
PID 2912 wrote to memory of 456	2912	Unicorn-59484.exe	37
PID 2912 wrote to memory of 456	2912	Unicorn-59484.exe	37
PID 3032 wrote to memory of 908	3032	Unicorn-30299.exe	38
PID 3032 wrote to memory of 908	3032	Unicorn-30299.exe	38
PID 3032 wrote to memory of 908	3032	Unicorn-30299.exe	38
PID 3032 wrote to memory of 908	3032	Unicorn-30299.exe	38
PID 2996 wrote to memory of 2556	2996	Unicorn-58674.exe	39
PID 2996 wrote to memory of 2556	2996	Unicorn-58674.exe	39
PID 2996 wrote to memory of 2556	2996	Unicorn-58674.exe	39
PID 2996 wrote to memory of 2556	2996	Unicorn-58674.exe	39
PID 2624 wrote to memory of 2576	2624	Unicorn-60060.exe	40
PID 2624 wrote to memory of 2576	2624	Unicorn-60060.exe	40
PID 2624 wrote to memory of 2576	2624	Unicorn-60060.exe	40
PID 2624 wrote to memory of 2576	2624	Unicorn-60060.exe	40
PID 3032 wrote to memory of 1976	3032	Unicorn-30299.exe	41
PID 3032 wrote to memory of 1976	3032	Unicorn-30299.exe	41
PID 3032 wrote to memory of 1976	3032	Unicorn-30299.exe	41
PID 3032 wrote to memory of 1976	3032	Unicorn-30299.exe	41
PID 2996 wrote to memory of 1664	2996	Unicorn-58674.exe	42
PID 2996 wrote to memory of 1664	2996	Unicorn-58674.exe	42
PID 2996 wrote to memory of 1664	2996	Unicorn-58674.exe	42
PID 2996 wrote to memory of 1664	2996	Unicorn-58674.exe	42
PID 2332 wrote to memory of 1472	2332	Unicorn-57185.exe	43
PID 2332 wrote to memory of 1472	2332	Unicorn-57185.exe	43
PID 2332 wrote to memory of 1472	2332	Unicorn-57185.exe	43
PID 2332 wrote to memory of 1472	2332	Unicorn-57185.exe	43

C:\Users\Admin\AppData\Local\Temp\f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe
"C:\Users\Admin\AppData\Local\Temp\f3c2372daf42fd2bbaaf3cd313a26066db7e76bbdeb0cacf893a43de15d74f12.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38649.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60377.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28826.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61475.exe
        10⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        11⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
        12⤵
        
        PID:5224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 188
        13⤵
        
        PID:5672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
        12⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
        11⤵
        
        PID:5104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
        10⤵
        Program crash
        
        PID:3760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 216
        9⤵
        Program crash
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35295.exe
        9⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe
        10⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19918.exe
        11⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9226.exe
        12⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
        12⤵
        
        PID:9208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
        11⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
        10⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 216
        9⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
        8⤵
        Program crash
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        8⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
        9⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53723.exe
        10⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
        11⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45391.exe
        12⤵
        
        PID:8076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
        12⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
        11⤵
        
        PID:7060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
        10⤵
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 216
        9⤵
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
        8⤵
        Program crash
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
        7⤵
        Program crash
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35157.exe
        8⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        9⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62138.exe
        10⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        11⤵
        
        PID:7836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe
        12⤵
        
        PID:4348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 236
        12⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
        11⤵
        
        PID:7900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
        10⤵
        
        PID:6864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 216
        9⤵
        
        PID:4312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 236
        8⤵
        Program crash
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
        8⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28267.exe
        9⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28738.exe
        10⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-653.exe
        11⤵
        
        PID:8304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 236
        11⤵
        
        PID:9052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
        10⤵
        
        PID:7644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
        9⤵
        
        PID:6772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
        8⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        7⤵
        Program crash
        
        PID:4076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 456 -s 240
        6⤵
        Program crash
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35944.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42484.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62297.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28964.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
        10⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62232.exe
        11⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
        12⤵
        
        PID:8512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
        12⤵
        
        PID:4604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 236
        11⤵
        
        PID:7628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        10⤵
        
        PID:5512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        9⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 236
        8⤵
        Program crash
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
        7⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
        8⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48246.exe
        9⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
        10⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
        11⤵
        
        PID:8676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 236
        11⤵
        
        PID:4380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
        10⤵
        
        PID:7908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
        9⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 216
        8⤵
        
        PID:5016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        7⤵
        Program crash
        
        PID:608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9567.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1055.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53072.exe
        9⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5813.exe
        10⤵
        
        PID:7432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        11⤵
        
        PID:9076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 236
        11⤵
        
        PID:6100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 236
        10⤵
        
        PID:924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
        9⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        8⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        7⤵
        Program crash
        
        PID:3236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 240
        6⤵
        Program crash
        
        PID:3000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17788.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28665.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58382.exe
        9⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
        10⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
        11⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
        12⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe
        13⤵
        
        PID:7196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
        14⤵
        
        PID:3356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
        13⤵
        
        PID:8360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
        12⤵
        
        PID:6232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
        11⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
        10⤵
        Program crash
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41526.exe
        9⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51585.exe
        10⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
        11⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        12⤵
        
        PID:268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
        12⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        11⤵
        
        PID:7044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
        10⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        9⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8148.exe
        8⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
        9⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        10⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61604.exe
        11⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
        12⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 236
        12⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 236
        11⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        10⤵
        
        PID:5504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 364 -s 216
        9⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        8⤵
        Program crash
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61517.exe
        9⤵
        
        PID:4416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
        10⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25775.exe
        11⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
        12⤵
        
        PID:2536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 236
        11⤵
        
        PID:8276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 236
        10⤵
        
        PID:7084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
        9⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
        8⤵
        
        PID:3700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
        7⤵
        Program crash
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44999.exe
        8⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6494.exe
        9⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47048.exe
        10⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61746.exe
        11⤵
        
        PID:8448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
        11⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
        10⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
        9⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 216
        8⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
        7⤵
        Program crash
        
        PID:4020
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
        6⤵
        Program crash
        
        PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20689.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42858.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12990.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20168.exe
        9⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20153.exe
        10⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40120.exe
        11⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1177.exe
        12⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
        12⤵
        
        PID:8760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 236
        11⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
        10⤵
        
        PID:5740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        8⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
        9⤵
        
        PID:4288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe
        10⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17597.exe
        11⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
        11⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
        10⤵
        
        PID:6676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
        9⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 220
        8⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34541.exe
        7⤵
        
        PID:1784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
        8⤵
        Program crash
        
        PID:3380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
        7⤵
        Program crash
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29711.exe
        7⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
        8⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        9⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59948.exe
        10⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
        11⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
        12⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
        11⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
        10⤵
        
        PID:6280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
        9⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
        8⤵
        Program crash
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25766.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12669.exe
        8⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        9⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33756.exe
        10⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15878.exe
        11⤵
        
        PID:5556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
        10⤵
        
        PID:8088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 236
        9⤵
        
        PID:6984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        8⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        7⤵
        
        PID:3224
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        6⤵
        Program crash
        
        PID:1628
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
        5⤵
        Program crash
        
        PID:2516
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60569.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
        9⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45959.exe
        10⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
        11⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        12⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13422.exe
        13⤵
        
        PID:8852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
        13⤵
        
        PID:5212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 236
        12⤵
        
        PID:7652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        11⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 216
        10⤵
        
        PID:4804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        9⤵
        Program crash
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26757.exe
        8⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4407.exe
        9⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29281.exe
        10⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48288.exe
        11⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19330.exe
        12⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
        13⤵
        
        PID:6640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
        12⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
        11⤵
        
        PID:7092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 216
        10⤵
        
        PID:5680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        9⤵
        Program crash
        
        PID:3164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
        8⤵
        Program crash
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27983.exe
        8⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50842.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53448.exe
        10⤵
        
        PID:4536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51002.exe
        11⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 200
        12⤵
        
        PID:7944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 236
        11⤵
        
        PID:7156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
        10⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 236
        9⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        8⤵
        Program crash
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 240
        7⤵
        Program crash
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
        7⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18300.exe
        8⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38700.exe
        9⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58174.exe
        10⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61297.exe
        11⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 236
        11⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
        10⤵
        
        PID:7520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        9⤵
        
        PID:5412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 216
        8⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
        7⤵
        Program crash
        
        PID:3724
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 240
        6⤵
        Program crash
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54516.exe
        8⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5258.exe
        9⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
        10⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46451.exe
        11⤵
        
        PID:6372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15484.exe
        12⤵
        
        PID:7376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
        12⤵
        
        PID:8768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
        11⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
        10⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
        9⤵
        
        PID:4160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
        8⤵
        Program crash
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18314.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11999.exe
        8⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
        9⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
        10⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36756.exe
        11⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
        11⤵
        
        PID:8788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
        10⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
        9⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
        8⤵
        
        PID:3304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        7⤵
        Program crash
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46156.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51065.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
        9⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34870.exe
        10⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25024.exe
        11⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17275.exe
        12⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
        13⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
        12⤵
        
        PID:8588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 236
        11⤵
        
        PID:7064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
        10⤵
        
        PID:5468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
        9⤵
        
        PID:4564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
        8⤵
        Program crash
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64350.exe
        8⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48438.exe
        9⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47707.exe
        10⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
        11⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 236
        11⤵
        
        PID:9060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
        10⤵
        
        PID:7876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        9⤵
        
        PID:5408
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
        8⤵
        
        PID:4924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
        7⤵
        Program crash
        
        PID:4004
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 240
        6⤵
        Program crash
        
        PID:2992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        5⤵
        Program crash
        
        PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        5⤵
        Executes dropped EXE
        
        PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        8⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
        9⤵
        
        PID:4432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33296.exe
        10⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        11⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
        11⤵
        
        PID:9024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
        10⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
        9⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
        8⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49887.exe
        7⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51585.exe
        8⤵
        
        PID:4468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
        9⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        10⤵
        
        PID:7856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
        10⤵
        
        PID:8804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
        9⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        8⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
        7⤵
        
        PID:3876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10613.exe
        6⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
        7⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
        8⤵
        
        PID:4952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41738.exe
        9⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
        10⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
        11⤵
        
        PID:4512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
        10⤵
        
        PID:8812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
        9⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
        8⤵
        
        PID:5620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
        7⤵
        
        PID:3436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 220
        6⤵
        Program crash
        
        PID:2368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
        5⤵
        Program crash
        
        PID:2144
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:3016
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2832
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35349.exe
        8⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53977.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32227.exe
        11⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14586.exe
        12⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        13⤵
        
        PID:5328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
        12⤵
        
        PID:8516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        11⤵
        
        PID:6840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
        10⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 236
        9⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
        8⤵
        Program crash
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
        7⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2430.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
        9⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4863.exe
        10⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26578.exe
        11⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
        11⤵
        
        PID:8500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
        10⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        9⤵
        
        PID:5712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 216
        8⤵
        
        PID:4728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 220
        7⤵
        Program crash
        
        PID:3844
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
        6⤵
        Program crash
        
        PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64886.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4980.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42991.exe
        8⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62384.exe
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15615.exe
        10⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58354.exe
        11⤵
        
        PID:8120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 236
        11⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
        10⤵
        
        PID:7112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
        9⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        8⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
        7⤵
        Program crash
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9619.exe
        6⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18009.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        8⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
        9⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11877.exe
        10⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
        11⤵
        
        PID:5332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 236
        10⤵
        
        PID:8328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 236
        9⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 216
        8⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        7⤵
        Program crash
        
        PID:3472
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
        6⤵
        Program crash
        
        PID:2888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
        5⤵
        Program crash
        
        PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60833.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe
        8⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13567.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39819.exe
        10⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
        11⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
        11⤵
        
        PID:8828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
        10⤵
        
        PID:6160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
        9⤵
        
        PID:5904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
        8⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
        7⤵
        Program crash
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
        7⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39585.exe
        8⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        9⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45602.exe
        10⤵
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 216
        10⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 236
        9⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
        8⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
        7⤵
        
        PID:4904
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
        6⤵
        Program crash
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14118.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
        6⤵
        Executes dropped EXE
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
        7⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        8⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe
        9⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
        10⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2349.exe
        11⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
        10⤵
        
        PID:8732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
        9⤵
        
        PID:8032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 216
        8⤵
        
        PID:5368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 216
        7⤵
        
        PID:5028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        6⤵
        Program crash
        
        PID:3992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        5⤵
        Program crash
        
        PID:2320
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19359.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3755.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-600.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29327.exe
        7⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26992.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36821.exe
        9⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
        10⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe
        11⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6500.exe
        12⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
        11⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
        10⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        9⤵
        
        PID:4880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
        8⤵
        Program crash
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1070.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        8⤵
        
        PID:4192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
        9⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25583.exe
        10⤵
        
        PID:8060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27248.exe
        11⤵
        
        PID:6104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
        10⤵
        
        PID:8256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 236
        9⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
        8⤵
        
        PID:4868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        7⤵
        Program crash
        
        PID:3320
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 216
        6⤵
        Program crash
        
        PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22478.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51493.exe
        6⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11942.exe
        7⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
        8⤵
        
        PID:5360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        9⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
        10⤵
        
        PID:8728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
        10⤵
        
        PID:8836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 236
        9⤵
        
        PID:7776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
        8⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
        7⤵
        
        PID:4848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
        6⤵
        Program crash
        
        PID:3944
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        5⤵
        Program crash
        
        PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42344.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4596.exe
        6⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        7⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47859.exe
        9⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37053.exe
        10⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
        11⤵
        
        PID:7516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 236
        11⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 236
        10⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        9⤵
        
        PID:5048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
        8⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 216
        7⤵
        Program crash
        
        PID:3088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 236
        6⤵
        Program crash
        
        PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9235.exe
        5⤵
        
        PID:1288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5258.exe
        6⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
        7⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39627.exe
        8⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        9⤵
        
        PID:7456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
        9⤵
        
        PID:8780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        8⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
        7⤵
        
        PID:5984
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 216
        6⤵
        
        PID:4172
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        5⤵
        Program crash
        
        PID:2612
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
      4⤵
      Program crash
      PID:2836
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1664
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
  2⤵
  - Program crash
  PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe

Filesize
184KB

MD5
a0e77a91b202a8baeb306aeeaf8fe61b

SHA1
f5c6cea85d9690602847a1b4d6524b08fe4602f4

SHA256
e51dfeedd15d2097e2aa07e3a27549550d0e0b6b2496b765c5f90fdf41fc9457

SHA512
629c2287579233136e9eb2d8b13964044862b7f10be27af1e96b0d0051444bfe54a8487d325d4468a694f4db026606fa3c42ac1526b39798fd8318307d24461e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19359.exe

Filesize
184KB

MD5
f4583d86d075d21b144f863bdc3d9c9c

SHA1
ceed48a35a7125d56fa2d6882734e0790c2833be

SHA256
8e42c190655228c9ee0f118ad9fecb336ab9e17aa6343d1f2371ee89869c1d93

SHA512
2d447e6a3380d69409d1ccf1c1505a668f3f461e5cb96578d6d01ad652cc6a5e12b0b39f1c9b907e3ada1a5e71b8b3fbd8eea9edc6fbb4eb67eb76500b05945d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22350.exe

Filesize
184KB

MD5
6f957b104cb6be31ec58bae565b110c6

SHA1
e9a7fafdb7402b4a6944e6589ff02cae8e03dc2f

SHA256
9e060baea571b695823e031f64599f51f2c5a3d3c13fd255155a5ad4b07d5afd

SHA512
d0107dc73ce971fd568a64cb62d8bbf3c5b7fba928a6a3283cb806d789f2492f35f77103d213b07062e9f8d35b41591374a0d7c0d6809d6191b0189cc053701e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe

Filesize
184KB

MD5
31b9bc3c1cd19b21fbb38b5af49e739b

SHA1
30fe4629c2bf879c56b627aae71d8ff6400de888

SHA256
812c2d3df698681348d9822929a0b3a23ffc26df72481857c25ac9fe137e69ca

SHA512
827a2fc42fd622856c590d38f2e5ff950af98368979a44cb863e77161d0a74e0b0389e456aac75d4f5f3a744f3c0f09c6db6058b3fc15c7ece4ba7cfb9c7ac7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31057.exe

Filesize
184KB

MD5
55d36dd865bd4485b4645ee48a19eb86

SHA1
71d4aadb2f593e5fc28767bdaff931bb4b8f5890

SHA256
576d8632388a2034f7b69401b75ab8addc864f7784ce8f16f17b150b4d0c7a4a

SHA512
3ed831eafea380f8c87f408f9fa89bc9e9aac4f253628486f8ee18ef103a39253bc7a69c0da15268183c796aaf130629db60472a61aca3e24b1f95453a0fa163

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe

Filesize
184KB

MD5
0cf8009423049a232a457b0a6a331df4

SHA1
abe458aa0305ef6814bdcf8007ec1393819da8e8

SHA256
a6eedce98efcff2616ad894e66f92f018d31ab2269f701a8d33afdce3c7ca8b6

SHA512
7106f2d6f1f76dbb94b7dac169677483d0715dec89d333c951855e605adacf317611e887bb4a61647d880421e58a6c22526b1411fadc24e74103d68762462377

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe

Filesize
184KB

MD5
f10ed5b4b09eefd89a2723de22767503

SHA1
48ffd7cfff2bf07f91d3d85d56aa57a27521dd21

SHA256
8d9daec5294a73f225ab648263162d3288db5b70af1bc759cd1937c5906a236e

SHA512
5dc406f2c6759afd8d49984514b4d436ff02254312dca1f8ef45032cf721b9555c0b9174c036c10ccc82d9744a1d25e4fad1cf9c5f46f527a1d2fa80fdb24edc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe

Filesize
184KB

MD5
c75bf542b4e17b4ec00ae1e95d2248c6

SHA1
9faba66c035640b6e01bc8941b7bd5a9adf5dfe2

SHA256
2e5e1bc6dd622ee0248b131a4fb35bb32f9fd280d7e5a94f9cea018af58436c7

SHA512
730305d4537e7676365953990eac37287abf7bd9d3ed89765f2b7a914bd4295166b58343eba281c7885e397452424e4e85ba274db482d35edc610f516cfae7ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47707.exe

Filesize
184KB

MD5
6e4b74af8c2b0365635aa24a3825b6e7

SHA1
65d88f995f7311d5c70aad4cd1b0ad0fa0e033fb

SHA256
765ac464271c5838f5852291a55a5d63f71401c414ff901457fc923755c4c81e

SHA512
fc9e5a6258d12ae5600eee80ecfd4e206648f15df020266b3578e11d88a164ba1ffc95b7227663a0e96e3cdecbe216f6f26eb26357194a918958e5e4be7107f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe

Filesize
184KB

MD5
b4864e9ff253a659accb1125dca70c07

SHA1
22d6a0b337ee21454ead6dba528725a840d38b59

SHA256
9267963e7488ccdf71dfd49442be0023d24bbcf16a841aeb4b8f71c0aec37974

SHA512
54975842ff8b9dac530bba8bd10906103051f6da46b87657db24515e04e8ea1db3d117fc0db9ee45a03cb989eeb09d119fd565465c207a93c1ae0d513301b665

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5634.exe

Filesize
184KB

MD5
8aa922d2e3d54b8480bb7ba36b614e0b

SHA1
4275dd98799fc4df4226ddf144811dcc5c0fe42c

SHA256
1730c2d5d45770f1256d1b2fb89b487910b4b346fda44ef3090bfe0b72fa45f5

SHA512
3db67ff039c4c0fd92839fc51ab8ce98f35dc6f1a4f9532cca43884921f081da888ae84c27f8c936a9e0b5807597ebe9eff96181d92610d08b8bbb5c48cd9894

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58674.exe

Filesize
184KB

MD5
abe695cb7081fa68a88a2c744cc55e6b

SHA1
72311c30938e34554852e1fdfc6422b57cf28763

SHA256
cba24a859e5b622f09132399de240510ee2101c83e61894b4a5a2072112c023c

SHA512
18f60e03fa285159d53c1c02d025d790fc7e36f05f9fdd0b05650b316be08185cfff5fc8912535b6e16a0f5e86750b1c888eed4e9ca68fbc00b526c03cf36cd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe

Filesize
184KB

MD5
7cbd10f2b997ee546ab32c99482aacac

SHA1
515006cb9b722a572bfd52086279e2c23aa9856a

SHA256
5cc15ea6ae999f578e12aca10a834832eedadaa079655e5f4875a8df852af03b

SHA512
196f2f128dee461df472130b0e662ce2e0257e93c5be31cc599bd3231e4d1be65a16fb51b17b809e06f1c424f1ea78029201de0d1bf3e70ae3cbbc5257595d13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63049.exe

Filesize
184KB

MD5
76273fe7932d853a5fc570a84b79e5f5

SHA1
3854572f82c98afd46a7c220ab659f9d111dac7a

SHA256
2c42aee60a10b557c8f747baa605cdea21f97413b6a386cc66ae82e9f9f4bce1

SHA512
8734c662e0e4072740da920e1ded542a15990ccb07928ce2bc18dd2034a547613df1195f0437aefe95d6f5571eb7e8de5b246b48d446a9b5549c0f41a66739bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63190.exe

Filesize
184KB

MD5
ec31281aacc90f6ce8ff83fc5b57a972

SHA1
57abdfebe1a4e4813a94718f700d5908aa8db40d

SHA256
76d453a0aa7acb0911ba9fceebbf33e408329e843213ff2bcb8ce58d2750e41c

SHA512
62dd1278c6763792475dc4eed2e25aa0ccb2cfa261d52eb0a6ebfd6af4cd560d487c5aa4b6f5964957cb766ae90cd308115170f44b69efd1695b1ee59b90d371

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63343.exe

Filesize
184KB

MD5
dbc369d056eb15d21256409955c7bd16

SHA1
ee748aff3110e641fb85867d084e5a60ce86192d

SHA256
8c6dd360b20201b8cdec6a651c94f014f3c56ffa36a5c2f29820541d1aaa8081

SHA512
872892c6e518af916406db53fea793ba9858cdfc40eca50cb16d9da3ef8464a331ccbdf1ce36e74682098e107968afb9e0e49926d43093586f3685124fb11e1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65195.exe

Filesize
184KB

MD5
c96006767c4dc28a14f5628ee0388ec1

SHA1
bc482003f8c1e382ecb4ede4788c7080bd301b3e

SHA256
c58a8b7d023a9805721bd6228191fba851c307edd6fb2fdd97f55b835a17e5a4

SHA512
edf922d4321614c321e4f9eafb7d1397944e67737d3d57209673970d473ce605373b28fca6fc90b196b877c41e213f1684139ec1b6a2df566be8833112e3f60b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe

Filesize
184KB

MD5
957e950169cb1f2c2a8c3dc355cbe732

SHA1
f339e2ddbb6d727d5957af504375c35fde7c763a

SHA256
e064c8be6944d9b89d2e0bdc1ce6a4e986dbbd08e7e8c672d842007902902929

SHA512
0613f2e614fb83cd6b1e1a45783067249d1596ccaf83a78e1010c84395e076ac57ec83c611c592381f4d30d6e2a121eb3d494dddbd0149fc02cd84e882ff6637

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30299.exe

Filesize
184KB

MD5
0313430e3d00c71e0c11ce4d7b34ed08

SHA1
1aeb03b4eab93a6140a83673f30b67a8b155c16c

SHA256
67a5d0b3d154ba2e60fa4fdac6e82581ddf6f72e5b52f977e4e67cf79eba9f4b

SHA512
09c966422ea162dae382e31e0e810cc0ebf825af0f5645f4a664a202599a5079fca0576e6d528c80cfb10b61630a5bd07206d56b6ee8638d41ef4391d27a65fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38649.exe

Filesize
184KB

MD5
a3c921c84523fc3c0c86c3ea773a09df

SHA1
f8b67becbfa2c5623d34ad788c60530876854fb7

SHA256
82372ef94964f5ff21bed8fefc9ef60f6385c84304dd8b98d13b06c500d57495

SHA512
f425e3eeb980df7b01446c3cc1f755898f7c43c1bda691a92c02930561b1281a2566fbe4823dded77954a06f8f8a1f3dba6781c50c1ded4f0102c93f02f9ee82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe

Filesize
184KB

MD5
dd0755df43ac3d87bd99d54c30758b7b

SHA1
bf3df3dd21eafa310ef8a7efbd09ba4d9c3cd22f

SHA256
c933d473c194aac0436b2ac1a6c0f5f8564835a01bd5ee7fd628e27db4a9c243

SHA512
a9c96cf3680b7f4cc82949b6176237106e521295b213c58716a1f479789c35c9da93e9740db85870a7b82106fe662b870d4ed7b8ed0d7dace0f8838c193ec075

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe

Filesize
184KB

MD5
047b34e19ad4940128db75c5532fae24

SHA1
e284f8f56118be1208b9034cbac2e9fa728adb0e

SHA256
2fd11d113a6797a71a2a8ca8a12359829aa818440ea29531f3953e9fa89658ca

SHA512
762c985951e43053a8339b11a5f16e4f46d65d55821cbdbed598520cb4fe54d168c789ab4a5f64aa1be39c6c08e1a69c88bfba7fe7ced97e59382f3168dc26a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe

Filesize
184KB

MD5
3934a5fc2d9fe5483a892afccfac17b4

SHA1
c9edee9514d3499dd342eba86a1ee087a473abb4

SHA256
4152066f2a5c9ae821bc0da554926c0b4b6a274712118e2865b7f5a8c2cefdb3

SHA512
a5f45c0ae4a6945e1f546d294524ec1a42522e77efd3bd529b6d9fe2ba0d4359a9428dd1eff9e17afcb774f5b346170ba76962e3379eaecc6d859c5f4f78a8ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe

Filesize
184KB

MD5
380bd8b4c4f398b2e88a3121cddd3716

SHA1
c2a5903464ba49dd59b5e454aa113fc165c9f9d0

SHA256
b782c7d1ca524754df04c6236f5d50d37f6a3ef8a49395578c6e5b838d3da027

SHA512
ebc812be1dc5ee9220ac1f1a3c10338a0a1e17a5798547a70af7bb80b276cad4c1cbcd8b89a112d9a0655c8a2be8d3bc23703b843610c9f8dba4cdf5742efd19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61798.exe

Filesize
184KB

MD5
be32d5b636f20b869232f10c4a5b5b75

SHA1
9125b3b56aacc927b66eb79e9e02910e27d45618

SHA256
455b4fe344979d39a76bd4d8f35361620cb7cb79b444bd77b266ad4c76e4173d

SHA512
d7f2942ae35d1e0862afc0c146ea40c6f08202ab7fba246075b0f72e8c9191acb89d1bef035f4fd4591fab86f30f879d03ddca1ade353d6d00d0be0f02a7b2a4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads