2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/06/2024, 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe
Size

184KB
MD5

e888d9cd5aae127b3c03246639a9771f
SHA1

1df5b13b1021ea3f0b4d2c3f677d51690ea55a79
SHA256

2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd
SHA512

cad671fef4a9bea99f0a71dc26d567be09ce09e877df8c4b198f4be7e1d7c0041503be1cddb741380c27cb524dba43e2ec35d9bec2250adc48454ed99e1a3a5d
SSDEEP

3072:nkO25HofiyaV9qNseA7LpIN6IK48AhCEXtO/E5EZBJUhanVOFK:nkRoSTqNuL+N6Ifde6hanVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2224	Unicorn-25570.exe
2960	Unicorn-4127.exe
2508	Unicorn-19072.exe
2748	Unicorn-10432.exe
2636	Unicorn-56104.exe
2232	Unicorn-55357.exe
968	Unicorn-20307.exe
644	Unicorn-36089.exe
2568	Unicorn-63307.exe
2736	Unicorn-53748.exe
2204	Unicorn-31272.exe
2692	Unicorn-57360.exe
956	Unicorn-18274.exe
940	Unicorn-43524.exe
2460	Unicorn-32664.exe
596	Unicorn-7967.exe
540	Unicorn-26996.exe
1216	Unicorn-38969.exe
1732	Unicorn-31355.exe
1180	Unicorn-34693.exe
1672	Unicorn-25133.exe
1432	Unicorn-458.exe
2828	Unicorn-41491.exe
1764	Unicorn-10764.exe
1900	Unicorn-35823.exe
2128	Unicorn-5097.exe
2124	Unicorn-59773.exe
2848	Unicorn-15388.exe
2612	Unicorn-3691.exe
2520	Unicorn-29779.exe
2144	Unicorn-13250.exe
2528	Unicorn-28195.exe
2392	Unicorn-56229.exe
2396	Unicorn-62705.exe
1652	Unicorn-31232.exe
880	Unicorn-50261.exe
1372	Unicorn-49706.exe
1832	Unicorn-38008.exe
2588	Unicorn-37262.exe
2704	Unicorn-41346.exe
2728	Unicorn-20926.exe
1436	Unicorn-1060.exe
1452	Unicorn-25010.exe
1692	Unicorn-11174.exe
2816	Unicorn-46198.exe
3036	Unicorn-42690.exe
912	Unicorn-59773.exe
1836	Unicorn-18186.exe
2804	Unicorn-2404.exe
1524	Unicorn-1657.exe
2076	Unicorn-1657.exe
2132	Unicorn-26908.exe
3012	Unicorn-266.exe
2444	Unicorn-30246.exe
3020	Unicorn-11771.exe
2808	Unicorn-30800.exe
2500	Unicorn-36852.exe
2388	Unicorn-2041.exe
2536	Unicorn-58019.exe
2860	Unicorn-55326.exe
2268	Unicorn-30630.exe
1384	Unicorn-30630.exe
1364	Unicorn-34714.exe
1200	Unicorn-33322.exe

Loads dropped DLL 64 IoCs

pid	Process
2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe
2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe
2224	Unicorn-25570.exe
2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe
2224	Unicorn-25570.exe
2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe
2224	Unicorn-25570.exe
2960	Unicorn-4127.exe
2224	Unicorn-25570.exe
2960	Unicorn-4127.exe
2508	Unicorn-19072.exe
2508	Unicorn-19072.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2748	Unicorn-10432.exe
2960	Unicorn-4127.exe
2960	Unicorn-4127.exe
2748	Unicorn-10432.exe
2636	Unicorn-56104.exe
2636	Unicorn-56104.exe
2508	Unicorn-19072.exe
2508	Unicorn-19072.exe
1636	WerFault.exe
1636	WerFault.exe
1636	WerFault.exe
1636	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1636	WerFault.exe
2232	Unicorn-55357.exe
2232	Unicorn-55357.exe
968	Unicorn-20307.exe
968	Unicorn-20307.exe
644	Unicorn-36089.exe
644	Unicorn-36089.exe
2748	Unicorn-10432.exe
2748	Unicorn-10432.exe
2736	Unicorn-53748.exe
2736	Unicorn-53748.exe
2568	Unicorn-63307.exe
2568	Unicorn-63307.exe
2636	Unicorn-56104.exe
2636	Unicorn-56104.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
588	WerFault.exe
1888	WerFault.exe
1888	WerFault.exe
1888	WerFault.exe
1888	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
2920	WerFault.exe
1888	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2292	2896	WerFault.exe	27
2872	2224	WerFault.exe	28
1636	2960	WerFault.exe	29
1948	2508	WerFault.exe	30
588	2748	WerFault.exe	33
1888	2636	WerFault.exe	32
2920	2232	WerFault.exe	34
1704	968	WerFault.exe	37
2864	644	WerFault.exe	36
2456	2736	WerFault.exe	39
1984	2568	WerFault.exe	38
2908	2692	WerFault.exe	43
2256	956	WerFault.exe	44
2276	940	WerFault.exe	45
2280	596	WerFault.exe	47
584	2460	WerFault.exe	46
1096	540	WerFault.exe	48
2284	2204	WerFault.exe	42
1992	1672	WerFault.exe	56
1792	1732	WerFault.exe	53
2796	1180	WerFault.exe	54
2416	2124	WerFault.exe	63
2412	1764	WerFault.exe	60
548	2828	WerFault.exe	59
568	1432	WerFault.exe	58
572	1216	WerFault.exe	52
2712	2128	WerFault.exe	62
2540	1900	WerFault.exe	61
2052	2268	WerFault.exe	109
2184	2520	WerFault.exe	70
2740	2144	WerFault.exe	71
240	2392	WerFault.exe	73
2820	2528	WerFault.exe	72
1600	1652	WerFault.exe	75
2408	1692	WerFault.exe	84
2200	2728	WerFault.exe	81
280	880	WerFault.exe	76
2192	2396	WerFault.exe	74
368	1452	WerFault.exe	83
3128	1384	WerFault.exe	108
3596	2612	WerFault.exe	69
3644	2700	WerFault.exe	112
3720	2860	WerFault.exe	107
3728	2444	WerFault.exe	101
3756	1524	WerFault.exe	98
3796	2132	WerFault.exe	99
3804	3020	WerFault.exe	102
3844	2076	WerFault.exe	97
3864	3036	WerFault.exe	89
3888	2388	WerFault.exe	104
3904	2804	WerFault.exe	95
3972	2588	WerFault.exe	79
3992	1128	WerFault.exe	117
4076	3012	WerFault.exe	100
3080	1836	WerFault.exe	94
904	2848	WerFault.exe	68
3136	2544	WerFault.exe	116
3148	1436	WerFault.exe	82
3232	1832	WerFault.exe	78
3372	912	WerFault.exe	92
3376	2600	WerFault.exe	113
3604	1372	WerFault.exe	77
3652	1088	WerFault.exe	118
3680	2704	WerFault.exe	80

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe
2224	Unicorn-25570.exe
2960	Unicorn-4127.exe
2508	Unicorn-19072.exe
2748	Unicorn-10432.exe
2636	Unicorn-56104.exe
2232	Unicorn-55357.exe
968	Unicorn-20307.exe
644	Unicorn-36089.exe
2736	Unicorn-53748.exe
2568	Unicorn-63307.exe
2692	Unicorn-57360.exe
2204	Unicorn-31272.exe
956	Unicorn-18274.exe
940	Unicorn-43524.exe
2460	Unicorn-32664.exe
596	Unicorn-7967.exe
540	Unicorn-26996.exe
1216	Unicorn-38969.exe
1732	Unicorn-31355.exe
1180	Unicorn-34693.exe
1672	Unicorn-25133.exe
1432	Unicorn-458.exe
2828	Unicorn-41491.exe
1764	Unicorn-10764.exe
1900	Unicorn-35823.exe
2128	Unicorn-5097.exe
2124	Unicorn-59773.exe
2612	Unicorn-3691.exe
2848	Unicorn-15388.exe
2520	Unicorn-29779.exe
2144	Unicorn-13250.exe
2528	Unicorn-28195.exe
2392	Unicorn-56229.exe
2396	Unicorn-62705.exe
880	Unicorn-50261.exe
1652	Unicorn-31232.exe
1832	Unicorn-38008.exe
1372	Unicorn-49706.exe
2588	Unicorn-37262.exe
2704	Unicorn-41346.exe
2728	Unicorn-20926.exe
1692	Unicorn-11174.exe
1436	Unicorn-1060.exe
1452	Unicorn-25010.exe
2816	Unicorn-46198.exe
3036	Unicorn-42690.exe
1836	Unicorn-18186.exe
912	Unicorn-59773.exe
1524	Unicorn-1657.exe
2804	Unicorn-2404.exe
2076	Unicorn-1657.exe
2132	Unicorn-26908.exe
3012	Unicorn-266.exe
2444	Unicorn-30246.exe
3020	Unicorn-11771.exe
2808	Unicorn-30800.exe
2388	Unicorn-2041.exe
2500	Unicorn-36852.exe
2536	Unicorn-58019.exe
2696	Unicorn-47521.exe
2860	Unicorn-55326.exe
2268	Unicorn-30630.exe
1384	Unicorn-30630.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2224	2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe	28
PID 2896 wrote to memory of 2224	2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe	28
PID 2896 wrote to memory of 2224	2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe	28
PID 2896 wrote to memory of 2224	2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe	28
PID 2224 wrote to memory of 2960	2224	Unicorn-25570.exe	29
PID 2224 wrote to memory of 2960	2224	Unicorn-25570.exe	29
PID 2224 wrote to memory of 2960	2224	Unicorn-25570.exe	29
PID 2224 wrote to memory of 2960	2224	Unicorn-25570.exe	29
PID 2896 wrote to memory of 2508	2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe	30
PID 2896 wrote to memory of 2508	2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe	30
PID 2896 wrote to memory of 2508	2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe	30
PID 2896 wrote to memory of 2508	2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe	30
PID 2896 wrote to memory of 2292	2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe	31
PID 2896 wrote to memory of 2292	2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe	31
PID 2896 wrote to memory of 2292	2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe	31
PID 2896 wrote to memory of 2292	2896	2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe	31
PID 2224 wrote to memory of 2636	2224	Unicorn-25570.exe	32
PID 2224 wrote to memory of 2636	2224	Unicorn-25570.exe	32
PID 2224 wrote to memory of 2636	2224	Unicorn-25570.exe	32
PID 2224 wrote to memory of 2636	2224	Unicorn-25570.exe	32
PID 2960 wrote to memory of 2748	2960	Unicorn-4127.exe	33
PID 2960 wrote to memory of 2748	2960	Unicorn-4127.exe	33
PID 2960 wrote to memory of 2748	2960	Unicorn-4127.exe	33
PID 2960 wrote to memory of 2748	2960	Unicorn-4127.exe	33
PID 2508 wrote to memory of 2232	2508	Unicorn-19072.exe	34
PID 2508 wrote to memory of 2232	2508	Unicorn-19072.exe	34
PID 2508 wrote to memory of 2232	2508	Unicorn-19072.exe	34
PID 2508 wrote to memory of 2232	2508	Unicorn-19072.exe	34
PID 2224 wrote to memory of 2872	2224	Unicorn-25570.exe	35
PID 2224 wrote to memory of 2872	2224	Unicorn-25570.exe	35
PID 2224 wrote to memory of 2872	2224	Unicorn-25570.exe	35
PID 2224 wrote to memory of 2872	2224	Unicorn-25570.exe	35
PID 2960 wrote to memory of 968	2960	Unicorn-4127.exe	37
PID 2960 wrote to memory of 968	2960	Unicorn-4127.exe	37
PID 2960 wrote to memory of 968	2960	Unicorn-4127.exe	37
PID 2960 wrote to memory of 968	2960	Unicorn-4127.exe	37
PID 2748 wrote to memory of 644	2748	Unicorn-10432.exe	36
PID 2748 wrote to memory of 644	2748	Unicorn-10432.exe	36
PID 2748 wrote to memory of 644	2748	Unicorn-10432.exe	36
PID 2748 wrote to memory of 644	2748	Unicorn-10432.exe	36
PID 2636 wrote to memory of 2568	2636	Unicorn-56104.exe	38
PID 2636 wrote to memory of 2568	2636	Unicorn-56104.exe	38
PID 2636 wrote to memory of 2568	2636	Unicorn-56104.exe	38
PID 2636 wrote to memory of 2568	2636	Unicorn-56104.exe	38
PID 2508 wrote to memory of 2736	2508	Unicorn-19072.exe	39
PID 2508 wrote to memory of 2736	2508	Unicorn-19072.exe	39
PID 2508 wrote to memory of 2736	2508	Unicorn-19072.exe	39
PID 2508 wrote to memory of 2736	2508	Unicorn-19072.exe	39
PID 2960 wrote to memory of 1636	2960	Unicorn-4127.exe	40
PID 2960 wrote to memory of 1636	2960	Unicorn-4127.exe	40
PID 2960 wrote to memory of 1636	2960	Unicorn-4127.exe	40
PID 2960 wrote to memory of 1636	2960	Unicorn-4127.exe	40
PID 2508 wrote to memory of 1948	2508	Unicorn-19072.exe	41
PID 2508 wrote to memory of 1948	2508	Unicorn-19072.exe	41
PID 2508 wrote to memory of 1948	2508	Unicorn-19072.exe	41
PID 2508 wrote to memory of 1948	2508	Unicorn-19072.exe	41
PID 2232 wrote to memory of 2204	2232	Unicorn-55357.exe	42
PID 2232 wrote to memory of 2204	2232	Unicorn-55357.exe	42
PID 2232 wrote to memory of 2204	2232	Unicorn-55357.exe	42
PID 2232 wrote to memory of 2204	2232	Unicorn-55357.exe	42
PID 968 wrote to memory of 2692	968	Unicorn-20307.exe	43
PID 968 wrote to memory of 2692	968	Unicorn-20307.exe	43
PID 968 wrote to memory of 2692	968	Unicorn-20307.exe	43
PID 968 wrote to memory of 2692	968	Unicorn-20307.exe	43

C:\Users\Admin\AppData\Local\Temp\2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe
"C:\Users\Admin\AppData\Local\Temp\2d8d17754917693981cd54d003460facdc66aaa94687ff2803819fed9d2b18dd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4127.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4127.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34693.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29426.exe
        10⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45098.exe
        11⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52934.exe
        12⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24746.exe
        13⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
        14⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41827.exe
        15⤵
        
        PID:5492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
        14⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 236
        13⤵
        
        PID:7580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
        12⤵
        
        PID:6204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
        11⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
        10⤵
        Program crash
        
        PID:3844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
        9⤵
        Program crash
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-266.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48886.exe
        9⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12617.exe
        10⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64252.exe
        11⤵
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
        12⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52221.exe
        13⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
        14⤵
        
        PID:9084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 236
        13⤵
        
        PID:8464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 236
        12⤵
        
        PID:7096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
        11⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 216
        10⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
        9⤵
        Program crash
        
        PID:4076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 240
        8⤵
        Program crash
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28195.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30246.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20682.exe
        9⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
        10⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29800.exe
        11⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60770.exe
        12⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8531.exe
        13⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 236
        13⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
        12⤵
        
        PID:7320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
        11⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
        10⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
        9⤵
        Program crash
        
        PID:3728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
        8⤵
        Program crash
        
        PID:2820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        7⤵
        Program crash
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25133.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56229.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1657.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18544.exe
        9⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13987.exe
        10⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
        11⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
        12⤵
        
        PID:6964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        13⤵
        
        PID:8188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
        13⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
        12⤵
        
        PID:7236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
        11⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
        10⤵
        
        PID:4844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
        9⤵
        Program crash
        
        PID:3756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 216
        8⤵
        Program crash
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26908.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15336.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
        9⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20262.exe
        10⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
        11⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        12⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 236
        12⤵
        
        PID:9144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
        11⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
        10⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
        9⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
        8⤵
        Program crash
        
        PID:3796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        7⤵
        Program crash
        
        PID:1992
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 240
        6⤵
        Program crash
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43524.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25010.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34714.exe
        8⤵
        Executes dropped EXE
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        9⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44195.exe
        10⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20890.exe
        11⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4029.exe
        12⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        13⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1261.exe
        14⤵
        
        PID:8656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 236
        14⤵
        
        PID:8612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 236
        13⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 236
        12⤵
        
        PID:6240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 236
        11⤵
        
        PID:6012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
        10⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 216
        9⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
        8⤵
        Program crash
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe
        7⤵
        Executes dropped EXE
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51984.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36686.exe
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7921.exe
        10⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe
        11⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-78.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-78.exe
        12⤵
        
        PID:8868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
        12⤵
        
        PID:6216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
        11⤵
        
        PID:7368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 236
        10⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
        9⤵
        
        PID:5524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 236
        8⤵
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
        7⤵
        Program crash
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
        8⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        9⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
        10⤵
        
        PID:5756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
        11⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        12⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 236
        12⤵
        
        PID:8740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
        11⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
        10⤵
        
        PID:6296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        9⤵
        
        PID:5028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
        8⤵
        Program crash
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
        7⤵
        Program crash
        
        PID:2408
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
        6⤵
        Program crash
        
        PID:2276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38969.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15388.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
        9⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
        10⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
        11⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe
        12⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
        13⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32232.exe
        14⤵
        
        PID:5124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
        13⤵
        
        PID:8300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
        12⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 236
        11⤵
        
        PID:6140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
        10⤵
        
        PID:4256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 236
        9⤵
        Program crash
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17453.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        9⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
        10⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30667.exe
        11⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28952.exe
        12⤵
        
        PID:7984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 216
        12⤵
        
        PID:8896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
        11⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
        10⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
        9⤵
        
        PID:4424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
        8⤵
        Program crash
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15035.exe
        8⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
        9⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55072.exe
        10⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16230.exe
        11⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        12⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29383.exe
        13⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
        12⤵
        
        PID:9048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        11⤵
        
        PID:7336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
        10⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
        9⤵
        
        PID:5068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
        8⤵
        Program crash
        
        PID:3904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
        7⤵
        Program crash
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48995.exe
        8⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55492.exe
        9⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        10⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9187.exe
        11⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30620.exe
        12⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
        13⤵
        
        PID:7196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
        13⤵
        
        PID:9056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
        12⤵
        
        PID:7380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 236
        11⤵
        
        PID:5968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
        10⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 216
        9⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
        8⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
        9⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4745.exe
        10⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
        11⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        12⤵
        
        PID:7312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
        13⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 236
        12⤵
        
        PID:8380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 236
        11⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 236
        10⤵
        
        PID:5924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
        9⤵
        
        PID:5076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        8⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63940.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        9⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63344.exe
        10⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15272.exe
        11⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13072.exe
        12⤵
        
        PID:4760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
        11⤵
        
        PID:8504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
        10⤵
        
        PID:6412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
        9⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
        8⤵
        
        PID:4468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
        7⤵
        Program crash
        
        PID:3596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
        6⤵
        Program crash
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31355.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29779.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe
        8⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63852.exe
        9⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42332.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
        11⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28620.exe
        12⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        13⤵
        
        PID:8816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
        13⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 236
        12⤵
        
        PID:3544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
        11⤵
        
        PID:7012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 216
        10⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32654.exe
        9⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
        10⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        11⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27909.exe
        12⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        13⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 236
        12⤵
        
        PID:8604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
        11⤵
        
        PID:6732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
        10⤵
        
        PID:1144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 216
        9⤵
        
        PID:5020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
        8⤵
        Program crash
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55492.exe
        8⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29037.exe
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
        10⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60962.exe
        11⤵
        
        PID:6672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7187.exe
        12⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28231.exe
        13⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
        12⤵
        
        PID:8644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
        11⤵
        
        PID:7460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
        10⤵
        
        PID:6592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
        9⤵
        
        PID:4936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
        8⤵
        
        PID:3188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
        7⤵
        Program crash
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3084.exe
        7⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14423.exe
        9⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5394.exe
        10⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10477.exe
        11⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33659.exe
        12⤵
        
        PID:6308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
        11⤵
        
        PID:8832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
        10⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        9⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 216
        8⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 216
        7⤵
        Program crash
        
        PID:3372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
        6⤵
        Program crash
        
        PID:1792
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
        5⤵
        Program crash
        
        PID:1704
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56104.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56104.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41491.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31372.exe
        9⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
        10⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28757.exe
        11⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        12⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
        13⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5973.exe
        14⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
        13⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 236
        12⤵
        
        PID:6712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
        11⤵
        
        PID:5296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
        10⤵
        
        PID:4972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
        9⤵
        Program crash
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
        8⤵
        Program crash
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30800.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41678.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
        9⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
        10⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19930.exe
        11⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        12⤵
        
        PID:8264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
        12⤵
        
        PID:9196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
        11⤵
        
        PID:7280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
        10⤵
        
        PID:6492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
        9⤵
        
        PID:4524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
        8⤵
        
        PID:3588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
        7⤵
        Program crash
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50261.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30630.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
        8⤵
        Program crash
        
        PID:3128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 216
        7⤵
        Program crash
        
        PID:280
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
        6⤵
        Program crash
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
        9⤵
        
        PID:4628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17569.exe
        10⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        11⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2304.exe
        12⤵
        
        PID:9036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
        12⤵
        
        PID:4428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 236
        11⤵
        
        PID:8040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 236
        10⤵
        
        PID:6800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
        9⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
        8⤵
        Program crash
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        7⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30952.exe
        9⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
        10⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
        11⤵
        
        PID:7936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
        11⤵
        
        PID:9096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
        10⤵
        
        PID:7480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        9⤵
        
        PID:6464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 236
        8⤵
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        7⤵
        Program crash
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
        6⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41486.exe
        7⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24735.exe
        8⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39914.exe
        9⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3017.exe
        10⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34790.exe
        11⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60109.exe
        12⤵
        
        PID:5132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
        11⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
        10⤵
        
        PID:7244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
        9⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
        8⤵
        
        PID:4392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
        7⤵
        
        PID:3424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
        6⤵
        Program crash
        
        PID:2540
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
        5⤵
        Program crash
        
        PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26996.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5056.exe
        7⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe
        8⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
        9⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
        10⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13899.exe
        11⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
        12⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 236
        12⤵
        
        PID:9016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
        11⤵
        
        PID:7588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
        10⤵
        
        PID:5636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
        9⤵
        
        PID:4712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
        8⤵
        Program crash
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24936.exe
        7⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        8⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27958.exe
        9⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
        10⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
        11⤵
        
        PID:8628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
        11⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
        10⤵
        
        PID:7596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
        9⤵
        
        PID:7076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 216
        8⤵
        
        PID:5352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
        7⤵
        Program crash
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47521.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18736.exe
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
        8⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64714.exe
        9⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29388.exe
        10⤵
        
        PID:8020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9481.exe
        11⤵
        
        PID:1332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
        10⤵
        
        PID:3112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
        9⤵
        
        PID:7140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
        8⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
        7⤵
        
        PID:4064
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
        6⤵
        Program crash
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38008.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55326.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39265.exe
        7⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43645.exe
        8⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4117.exe
        9⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49421.exe
        10⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59813.exe
        11⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32040.exe
        12⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 236
        11⤵
        
        PID:8412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 236
        10⤵
        
        PID:6552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
        9⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 236
        8⤵
        
        PID:4820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
        7⤵
        Program crash
        
        PID:3720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61008.exe
        6⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
        7⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        8⤵
        
        PID:4296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        9⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3020.exe
        10⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13648.exe
        11⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
        10⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 236
        9⤵
        
        PID:6548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 236
        8⤵
        
        PID:5276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 216
        7⤵
        
        PID:4564
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
        6⤵
        Program crash
        
        PID:3232
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 220
        5⤵
        Program crash
        
        PID:1096
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 220
      4⤵
      Loads dropped DLL
      Program crash
      PID:1888
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19072.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19072.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31272.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31272.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20926.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36852.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
        8⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50225.exe
        9⤵
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
        10⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55752.exe
        11⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        12⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19404.exe
        13⤵
        
        PID:9168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 236
        12⤵
        
        PID:8228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
        11⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
        10⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
        9⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
        8⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
        7⤵
        Program crash
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        7⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
        8⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        9⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        10⤵
        
        PID:7292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4359.exe
        11⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
        11⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
        10⤵
        
        PID:8164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
        9⤵
        
        PID:6764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 216
        8⤵
        
        PID:4792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        7⤵
        
        PID:4016
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        6⤵
        Program crash
        
        PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1849.exe
        6⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
        7⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe
        8⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56634.exe
        9⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24206.exe
        10⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5817.exe
        11⤵
        
        PID:8096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        12⤵
        
        PID:6008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
        11⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
        10⤵
        
        PID:7468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
        9⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 236
        8⤵
        
        PID:4372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        7⤵
        Program crash
        
        PID:3136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27567.exe
        6⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        7⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
        8⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        9⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55594.exe
        10⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
        11⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
        10⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        9⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        8⤵
        
        PID:5660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 216
        7⤵
        
        PID:4436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
        6⤵
        Program crash
        
        PID:3148
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
        5⤵
        Program crash
        
        PID:2284
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32664.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30630.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
        7⤵
        Program crash
        
        PID:2052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
        6⤵
        Program crash
        
        PID:2192
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        5⤵
        Program crash
        
        PID:584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58149.exe
        6⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41787.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe
        8⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        9⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22260.exe
        10⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63954.exe
        11⤵
        
        PID:7844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 220
        11⤵
        
        PID:9136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
        10⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 236
        9⤵
        
        PID:5188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        8⤵
        
        PID:4736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
        7⤵
        Program crash
        
        PID:3652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18714.exe
        6⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
        7⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63707.exe
        8⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31902.exe
        9⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33140.exe
        10⤵
        
        PID:8844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
        10⤵
        
        PID:4344
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
        9⤵
        
        PID:8064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
        8⤵
        
        PID:6740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 216
        7⤵
        
        PID:4608
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
        6⤵
        Program crash
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
        5⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        6⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45394.exe
        8⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49146.exe
        9⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29855.exe
        10⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57312.exe
        11⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
        10⤵
        
        PID:8444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 236
        9⤵
        
        PID:7004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        8⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
        7⤵
        
        PID:4944
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
        6⤵
        Program crash
        
        PID:3992
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
        5⤵
        Program crash
        
        PID:2712
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
      4⤵
      Program crash
      PID:2456
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1948
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
  2⤵
  - Program crash
  PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10432.exe

Filesize
184KB

MD5
aad6923555eee5f5f65fd90237d2d2f0

SHA1
4520d535bbcfdee365df98c8070f74099ac65fb6

SHA256
27a317b1898e966db9d6f9681fd56520ee9ee377da8b3ea52774787f665bd599

SHA512
051a86c3354871f46cc71afcfe22023bc9bf269c7b293ba2ad3a60ffc7b019eb9d43283e3aa7204f728d0c13db892b97618528d9b73a9d858ecdbd61d647292a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13072.exe

Filesize
184KB

MD5
72debbbb57a971b234cc64e8d0ea0ca0

SHA1
d80a1a5bc2d39ef50edba301956b8c54381bf887

SHA256
d01a723819e31123db56bc60324952415e80ebdefd22392f857ae7e0b1164132

SHA512
abd60b249a1d606852d9c9c6aa01ca6e63f103b76fa1101469e94944bc4859265c82d684e31e2cd48279e7d28611a47f2c034372ed273419e04261856ba018b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe

Filesize
184KB

MD5
6053ad96fcf1f1f824bf7b561f35a5d2

SHA1
4fe16f5d2883e363ed8c9e053529a186e8e1cd56

SHA256
1ed718248ae4504e7e5909897c7a712cf949558b52c32e58db7821e89f02af16

SHA512
acda9c74863f0ee04b960bf355894173e9812ef946f4cb0aea62be44e980524c528650bf2fec33ba45409b1f73d9fc725f0c14170ac9fb4875a9bf668244b0b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36686.exe

Filesize
184KB

MD5
f6ade60501e8c782e223ef21f317ff75

SHA1
aa9eb56f9128c901422ec5338a184e79048cddbb

SHA256
229c26e5ff03a9905479a5c42aa194f693351987e511812d4414ab9a55b02c6a

SHA512
99fb502ed5c1b7d3eab6193dffaa4c6cf3d18fa235aa20507442dcc93de7309fa5921476b18dedbf555868ddd9429d733016886d60a75582d1db2f04b8004ff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe

Filesize
184KB

MD5
8b269ac88f45251cf3853a0348ce1856

SHA1
cdbff81193d492e482b216360d3f53ec213a6ffe

SHA256
68e06e7caddcd3e62a7ec87e7c96148127f19f164d7e22f99b50f2865eb97881

SHA512
4b4eef08b6c353c42a4b5ee1fbb1e92315fdb2b30fa8eadf2c63361e143526f7dbc1c6996c0b6efc6d05f69cb8bf1d89a8629a600e8c1f8834bf4a37e92458a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37262.exe

Filesize
184KB

MD5
2ff790720ea0efff12c3581c87a33f71

SHA1
0742f3b09804b5bb27a5d66e6baae9f638a5a9f5

SHA256
768ae69b0169631764cc8f4360a539fec2ac11c2d3662055f537f644e0d72f00

SHA512
0ae702262cb7c873ee015e7d0910bd052374646115d758f4bc8fa3c8d7f500ea057408b92d7150883f89ee1624a6f98b9d41ce5298b03ebd91401daf217c2ca0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53748.exe

Filesize
184KB

MD5
b75da9ac26f92504278a9451f46401f2

SHA1
38b56a074d0cd277c5b8513edf82d76da5c07c42

SHA256
fd0b38eb9b9ec30864b34cf83cd9f6557fa321e29a92aa152f0bc2d39dfc667a

SHA512
f2c0bd0079d883c6b2e60e1f2161e9caac92bdc187e633cf723a54eadc03215e4d31d126d5209e97424477c9f6b9b61f2a0cbfd5c14d569b5f0cad20b7805799

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe

Filesize
184KB

MD5
8493fda184d7c11e8559a1165389b921

SHA1
54f7f2ca12bf1f0df75be3a382492537163cce53

SHA256
af88015b78dccf3a50a3e12d36435b488d7d487ba1ca154c617cf311e9a3a610

SHA512
5bc0de1fb0d0f72341b746edb656de9611cb64764903111293933fb4b5fbe5cad60ebad026667c344b9b73f472ca002d144b0a2aafe2ff08a7ddfbb8480ac8e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe

Filesize
184KB

MD5
dd5b275ebffa0de850426b466fcd750f

SHA1
2952a3b37075f83fa9028ad4ab36e4ca3d1b566c

SHA256
650c6de6a4e9e42b26053e83f4638be008fa86f4e39027da7af3e02254dcb6e9

SHA512
d249d1656fbebc95eaf1558f57aa64171a36fca002b0b668eb87aecd44bb40fc302f8f4b5e8c863e9f5f82c44c0f643ab3a461b529eaa5abe41f9667ac0325f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe

Filesize
184KB

MD5
676a9d55d6d3cd4a0350129d845bbd78

SHA1
9137a7a666fb35f155bafee4969738dc3fe720b5

SHA256
ac4806c13ef708c30a4dd439145fb370a5fcf179e2ba720a2d512235995e1fef

SHA512
12b30ddd9b550f2d34030aae316c0351430191e7042d2590128c08187db4eb8f0b3125cb6367361a9d4f7f5750a57818fa72dbfcc30f757a1698bf446fb8248e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19072.exe

Filesize
184KB

MD5
4e39be015f4dae29cb3c34acd7ca442d

SHA1
df09fb0e703f360d35f01de2c4e7a7097f14f3c9

SHA256
b2d8712905a61501a33b5ac597c84dc991e03197db729bfd32bc0218e0c3811f

SHA512
9cb2def8dd82333af0a19a6fb2df8082e1e05a0295b732daf570692b677a8698ebf62a76ad5d067b5478f6b705e2d0b057bf988cc5dcf3384bd5cdb5c2b498bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20307.exe

Filesize
184KB

MD5
7e9792f8d76a202de6c9adc082c9c80a

SHA1
e893521bef3abd499b6970210ec93126251041bc

SHA256
9070942000e3fc67c921bfbe5885da6309301c76b8a03edabea28f0484391d38

SHA512
8755d5762cdccfcdc942e9be7dd20e14d253208f9b21102f9bd320e1b606d1a374609147ccd9c26f3c70cf57244ef78e150ddb4fa067197557ad24046abb4e9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe

Filesize
184KB

MD5
0867573d3fac864082882afe0ca037ad

SHA1
ce31fa6a8e852a7741433b70d14816b2f1baaded

SHA256
fc09eb7efcdb515b07c8ffda84494e2099efb7130d09f6898288f4dd178295f6

SHA512
d959616dab55ed26f1dd0f65eddb7fe7b6372c58442df2cb876bce7e682805d3dad0f29a8233a8b9ecff705a7b0e1e0857b665f7ba31d0a00823dd7d4963ed7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31272.exe

Filesize
184KB

MD5
d5009d91c724c2bc3d4d905e1d0a4a97

SHA1
aab8835f7c2ed413ef49f3f8271ccee3391e3ded

SHA256
020e73ca4e11545d3d06c1ad231d5318e6c59e122179e021686750bf143e5baa

SHA512
48dfb10171c80299e9b9b2054ea7439bf3a77a4dbb27b46b512ecf1882a54f778121c8e4078d14cf1f8116669f949c4ba66dfbfac4402b4f05809ad9b75a72fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe

Filesize
184KB

MD5
c9543f7acbcc88d5d91ad3561619da96

SHA1
18836017d5ac1431524f6313339414ddac9a5bd0

SHA256
64ce7019f1d5f9349cfa0b8def5815bb1f32977585b3c4f5fdca842a676b3a03

SHA512
64def0a79312deb0a803e373fd87220ad2ee1638df3e44afbac1643dc17874366c7657c8450ceaaebe8052fb8e886ca2f508aa3f032cf08e792fd29e652a3d2f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4127.exe

Filesize
184KB

MD5
516fb120e3e8f72c15077870dfbe7ae2

SHA1
3b33adc0018d78e283f1bc69e67c9b8d3601c498

SHA256
8ba42f46abd204c84e086459aed18caf6e2732f2c141cdde8c2100077ffdeb9f

SHA512
e467de9ad24d653d9852d8c465fc37da7a9496afc95f9e1aed91de61e9d55e60743b5c526146fc8a7d378899f7756e373c6e1102cb4f03b170af1057e40c11e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43524.exe

Filesize
184KB

MD5
de1d9a179bbd856d740cb579785b41f9

SHA1
2ee411d7b4e5986ae98ab7ea61369c7db48a2855

SHA256
46e49ceb372845c7c5ffcf57df438ed6faf0874889dc210f8a2d6e217ef0675a

SHA512
bf8b3926d10873911d2f2d8041b097fc3e57be50ae467687c53b0506aaafbf8716a2189bc4988c11666118013fb6b0e96d505c0e7bb1aafeb95fe15c45ebb327

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55357.exe

Filesize
184KB

MD5
192d78d5a8fe125207440e9e4efa2869

SHA1
42497f550c2642be6fa229e82a764108ab812b4f

SHA256
0d1178af8c7dc1cb9d2d79265cebb9267c09167ad6cbec4d3171c6ce176a3d7a

SHA512
4bddcece6d4295c1e962a893d2ac8799d6f48d231f02050146fef18cd0cab3bd81a0ff9bb5bd56265788b42eaf29eb3d6578ff145f17d2d3fb7a12fe6493e01b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56104.exe

Filesize
184KB

MD5
2213de2cad6142edf01b0e00dda307f3

SHA1
f330ec8e89fb7727897950348404f699fcc603c8

SHA256
bc45919ee8a50dd05f4e23e88c89bb026d9c558e696a137ac6af1f202a727a9c

SHA512
87156270a2e0fa8200b867357eee36025ae65646c1cb76317407f7a97e752906e56156cdea6ecefab1f3def150f4dde892d43674b70ef79eb39af70ffd156099

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57360.exe

Filesize
184KB

MD5
0615912f78890937bfb474083fb9ddac

SHA1
6d0c8e61ee16e7dc541390fd61cad29929c50110

SHA256
2b5a3df3112cd8e3f797b494fdad11c8a7d9facf9e0a99ce8767a2624fe11a15

SHA512
eb25c094ded4c72aede4d8f065ddd9a387a7637b05d05957e5b6c654c6f0e64776c326c5b1d89f5fa3a59ee3cf565a759273a71d919264a8a3d16113db811677

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads