53554d300d05365ae26617148b08209adbf80ae75436458bcfc7c42269365024

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe
Size

184KB
MD5

afb34732081a80ec1ef9b267cc4fd7a0
SHA1

c4d9862db5634ea672381ffdde9807664d885023
SHA256

53554d300d05365ae26617148b08209adbf80ae75436458bcfc7c42269365024
SHA512

d17fd65be9979476b8610da1d62f9be7c43123e120c7c0fa32ad5122de1bb2e5dbf92c14435bbaef158c4a58e3eff5ac91c041be1c3e80e4fbe603b41401b6a5
SSDEEP

3072:wJGhHxoTJJOejl4We0gL+csvhlnyiF9n3:wJyoK0l4zL7svhlnyiF9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1888	Unicorn-50625.exe
2448	Unicorn-39416.exe
2484	Unicorn-11382.exe
2516	Unicorn-3702.exe
2732	Unicorn-4257.exe
2364	Unicorn-11870.exe
328	Unicorn-46209.exe
1972	Unicorn-38041.exe
2020	Unicorn-46764.exe
2564	Unicorn-9815.exe
2588	Unicorn-9260.exe
636	Unicorn-10495.exe
1768	Unicorn-23302.exe
1592	Unicorn-30724.exe
2740	Unicorn-59312.exe
1596	Unicorn-63951.exe
1716	Unicorn-10111.exe
2536	Unicorn-22364.exe
808	Unicorn-18834.exe
784	Unicorn-23851.exe
1200	Unicorn-57270.exe
1844	Unicorn-27935.exe
1956	Unicorn-60607.exe
900	Unicorn-3793.exe
2272	Unicorn-44079.exe
2968	Unicorn-35396.exe
2868	Unicorn-29087.exe
2284	Unicorn-60690.exe
1196	Unicorn-32102.exe
2248	Unicorn-28572.exe
2124	Unicorn-28572.exe
1500	Unicorn-3321.exe
2496	Unicorn-40353.exe
2628	Unicorn-60773.exe
2548	Unicorn-11572.exe
2680	Unicorn-57244.exe
2432	Unicorn-24379.exe
2844	Unicorn-25169.exe
1672	Unicorn-17001.exe
1012	Unicorn-53757.exe
1300	Unicorn-54312.exe
1996	Unicorn-50228.exe
2640	Unicorn-41121.exe
1532	Unicorn-37037.exe
1948	Unicorn-33507.exe
1136	Unicorn-33507.exe
940	Unicorn-8256.exe
1104	Unicorn-12340.exe
936	Unicorn-8811.exe
308	Unicorn-4172.exe
932	Unicorn-20509.exe
2812	Unicorn-25147.exe
1476	Unicorn-25060.exe
2904	Unicorn-47571.exe
1608	Unicorn-1515.exe
2136	Unicorn-17707.exe
2648	Unicorn-51126.exe
2520	Unicorn-46295.exe
2772	Unicorn-42211.exe
2420	Unicorn-17515.exe
2700	Unicorn-55018.exe
1384	Unicorn-33851.exe
456	Unicorn-33851.exe
1216	Unicorn-5817.exe

Loads dropped DLL 64 IoCs

pid	Process
2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe
2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe
1888	Unicorn-50625.exe
1888	Unicorn-50625.exe
2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe
2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe
2448	Unicorn-39416.exe
2448	Unicorn-39416.exe
1888	Unicorn-50625.exe
1888	Unicorn-50625.exe
2484	Unicorn-11382.exe
2484	Unicorn-11382.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2516	Unicorn-3702.exe
2732	Unicorn-4257.exe
2732	Unicorn-4257.exe
2516	Unicorn-3702.exe
2448	Unicorn-39416.exe
2448	Unicorn-39416.exe
2484	Unicorn-11382.exe
2484	Unicorn-11382.exe
2364	Unicorn-11870.exe
2364	Unicorn-11870.exe
1164	WerFault.exe
1164	WerFault.exe
1164	WerFault.exe
1164	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
1164	WerFault.exe
2184	WerFault.exe
328	Unicorn-46209.exe
328	Unicorn-46209.exe
2732	Unicorn-4257.exe
2732	Unicorn-4257.exe
2564	Unicorn-9815.exe
2564	Unicorn-9815.exe
2588	Unicorn-9260.exe
2588	Unicorn-9260.exe
2364	Unicorn-11870.exe
2364	Unicorn-11870.exe
2020	Unicorn-46764.exe
2020	Unicorn-46764.exe
1972	Unicorn-38041.exe
1972	Unicorn-38041.exe
2516	Unicorn-3702.exe
2516	Unicorn-3702.exe
2084	WerFault.exe
2084	WerFault.exe
2084	WerFault.exe
2084	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
1632	WerFault.exe
2084	WerFault.exe
1632	WerFault.exe
1564	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2480	2292	WerFault.exe	27
2856	1888	WerFault.exe	28
1164	2448	WerFault.exe	29
2184	2484	WerFault.exe	30
2084	2732	WerFault.exe	33
1632	2516	WerFault.exe	32
1564	2364	WerFault.exe	34
2252	328	WerFault.exe	37
2064	2564	WerFault.exe	39
2996	2588	WerFault.exe	40
2660	2020	WerFault.exe	38
2356	1972	WerFault.exe	36
1988	636	WerFault.exe	43
2164	1768	WerFault.exe	44
1152	1592	WerFault.exe	45
1708	2740	WerFault.exe	46
1120	1596	WerFault.exe	47
2808	1716	WerFault.exe	48
1548	2536	WerFault.exe	49
2060	808	WerFault.exe	50
2456	1200	WerFault.exe	55
2156	784	WerFault.exe	54
2528	1956	WerFault.exe	57
1760	2272	WerFault.exe	59
2756	900	WerFault.exe	58
2396	2248	WerFault.exe	64
2428	1844	WerFault.exe	56
888	1196	WerFault.exe	62
772	308	WerFault.exe	88
2408	1672	WerFault.exe	78
948	1012	WerFault.exe	79
2684	2868	WerFault.exe	61
2296	2680	WerFault.exe	74
1312	1948	WerFault.exe	85
3040	2548	WerFault.exe	73
2224	2980	WerFault.exe	155
1112	1136	WerFault.exe	84
3132	2284	WerFault.exe	63
3516	2496	WerFault.exe	70
3580	1300	WerFault.exe	80
3596	2904	WerFault.exe	99
3668	1476	WerFault.exe	96
3684	936	WerFault.exe	89
3708	2124	WerFault.exe	65
3724	2844	WerFault.exe	77
3780	1104	WerFault.exe	86
3848	1996	WerFault.exe	81
3864	940	WerFault.exe	87
3932	932	WerFault.exe	90
3940	1532	WerFault.exe	83
3952	2640	WerFault.exe	82
3964	1500	WerFault.exe	66
4056	2432	WerFault.exe	76
3804	1684	WerFault.exe	136
3836	1504	WerFault.exe	123
3856	2520	WerFault.exe	107
2316	2648	WerFault.exe	106
3948	2812	WerFault.exe	91
3980	1608	WerFault.exe	104
4048	952	WerFault.exe	118
3112	2628	WerFault.exe	72
3184	1480	WerFault.exe	114
3272	2176	WerFault.exe	128
3364	2320	WerFault.exe	140

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe
1888	Unicorn-50625.exe
2448	Unicorn-39416.exe
2484	Unicorn-11382.exe
2516	Unicorn-3702.exe
2732	Unicorn-4257.exe
2364	Unicorn-11870.exe
328	Unicorn-46209.exe
1972	Unicorn-38041.exe
2020	Unicorn-46764.exe
2564	Unicorn-9815.exe
2588	Unicorn-9260.exe
636	Unicorn-10495.exe
1768	Unicorn-23302.exe
1592	Unicorn-30724.exe
2740	Unicorn-59312.exe
1596	Unicorn-63951.exe
1716	Unicorn-10111.exe
2536	Unicorn-22364.exe
808	Unicorn-18834.exe
784	Unicorn-23851.exe
1200	Unicorn-57270.exe
1844	Unicorn-27935.exe
1956	Unicorn-60607.exe
900	Unicorn-3793.exe
2272	Unicorn-44079.exe
2868	Unicorn-29087.exe
2284	Unicorn-60690.exe
1196	Unicorn-32102.exe
2124	Unicorn-28572.exe
2248	Unicorn-28572.exe
1500	Unicorn-3321.exe
2496	Unicorn-40353.exe
2628	Unicorn-60773.exe
2680	Unicorn-57244.exe
2548	Unicorn-11572.exe
2432	Unicorn-24379.exe
2844	Unicorn-25169.exe
1672	Unicorn-17001.exe
1012	Unicorn-53757.exe
1300	Unicorn-54312.exe
1996	Unicorn-50228.exe
2640	Unicorn-41121.exe
1532	Unicorn-37037.exe
308	Unicorn-4172.exe
940	Unicorn-8256.exe
1948	Unicorn-33507.exe
936	Unicorn-8811.exe
932	Unicorn-20509.exe
2812	Unicorn-25147.exe
1136	Unicorn-33507.exe
1104	Unicorn-12340.exe
1476	Unicorn-25060.exe
2904	Unicorn-47571.exe
1608	Unicorn-1515.exe
2136	Unicorn-17707.exe
2648	Unicorn-51126.exe
2772	Unicorn-42211.exe
2520	Unicorn-46295.exe
2420	Unicorn-17515.exe
1712	Unicorn-30321.exe
1384	Unicorn-33851.exe
1216	Unicorn-5817.exe
2700	Unicorn-55018.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 1888	2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe	28
PID 2292 wrote to memory of 1888	2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe	28
PID 2292 wrote to memory of 1888	2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe	28
PID 2292 wrote to memory of 1888	2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe	28
PID 1888 wrote to memory of 2448	1888	Unicorn-50625.exe	29
PID 1888 wrote to memory of 2448	1888	Unicorn-50625.exe	29
PID 1888 wrote to memory of 2448	1888	Unicorn-50625.exe	29
PID 1888 wrote to memory of 2448	1888	Unicorn-50625.exe	29
PID 2292 wrote to memory of 2484	2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe	30
PID 2292 wrote to memory of 2484	2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe	30
PID 2292 wrote to memory of 2484	2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe	30
PID 2292 wrote to memory of 2484	2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe	30
PID 2292 wrote to memory of 2480	2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe	31
PID 2292 wrote to memory of 2480	2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe	31
PID 2292 wrote to memory of 2480	2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe	31
PID 2292 wrote to memory of 2480	2292	afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe	31
PID 2448 wrote to memory of 2516	2448	Unicorn-39416.exe	32
PID 2448 wrote to memory of 2516	2448	Unicorn-39416.exe	32
PID 2448 wrote to memory of 2516	2448	Unicorn-39416.exe	32
PID 2448 wrote to memory of 2516	2448	Unicorn-39416.exe	32
PID 1888 wrote to memory of 2732	1888	Unicorn-50625.exe	33
PID 1888 wrote to memory of 2732	1888	Unicorn-50625.exe	33
PID 1888 wrote to memory of 2732	1888	Unicorn-50625.exe	33
PID 1888 wrote to memory of 2732	1888	Unicorn-50625.exe	33
PID 2484 wrote to memory of 2364	2484	Unicorn-11382.exe	34
PID 2484 wrote to memory of 2364	2484	Unicorn-11382.exe	34
PID 2484 wrote to memory of 2364	2484	Unicorn-11382.exe	34
PID 2484 wrote to memory of 2364	2484	Unicorn-11382.exe	34
PID 1888 wrote to memory of 2856	1888	Unicorn-50625.exe	35
PID 1888 wrote to memory of 2856	1888	Unicorn-50625.exe	35
PID 1888 wrote to memory of 2856	1888	Unicorn-50625.exe	35
PID 1888 wrote to memory of 2856	1888	Unicorn-50625.exe	35
PID 2732 wrote to memory of 328	2732	Unicorn-4257.exe	37
PID 2732 wrote to memory of 328	2732	Unicorn-4257.exe	37
PID 2732 wrote to memory of 328	2732	Unicorn-4257.exe	37
PID 2732 wrote to memory of 328	2732	Unicorn-4257.exe	37
PID 2516 wrote to memory of 1972	2516	Unicorn-3702.exe	36
PID 2516 wrote to memory of 1972	2516	Unicorn-3702.exe	36
PID 2516 wrote to memory of 1972	2516	Unicorn-3702.exe	36
PID 2516 wrote to memory of 1972	2516	Unicorn-3702.exe	36
PID 2448 wrote to memory of 2020	2448	Unicorn-39416.exe	38
PID 2448 wrote to memory of 2020	2448	Unicorn-39416.exe	38
PID 2448 wrote to memory of 2020	2448	Unicorn-39416.exe	38
PID 2448 wrote to memory of 2020	2448	Unicorn-39416.exe	38
PID 2484 wrote to memory of 2564	2484	Unicorn-11382.exe	39
PID 2484 wrote to memory of 2564	2484	Unicorn-11382.exe	39
PID 2484 wrote to memory of 2564	2484	Unicorn-11382.exe	39
PID 2484 wrote to memory of 2564	2484	Unicorn-11382.exe	39
PID 2364 wrote to memory of 2588	2364	Unicorn-11870.exe	40
PID 2364 wrote to memory of 2588	2364	Unicorn-11870.exe	40
PID 2364 wrote to memory of 2588	2364	Unicorn-11870.exe	40
PID 2364 wrote to memory of 2588	2364	Unicorn-11870.exe	40
PID 2448 wrote to memory of 1164	2448	Unicorn-39416.exe	41
PID 2448 wrote to memory of 1164	2448	Unicorn-39416.exe	41
PID 2448 wrote to memory of 1164	2448	Unicorn-39416.exe	41
PID 2448 wrote to memory of 1164	2448	Unicorn-39416.exe	41
PID 2484 wrote to memory of 2184	2484	Unicorn-11382.exe	42
PID 2484 wrote to memory of 2184	2484	Unicorn-11382.exe	42
PID 2484 wrote to memory of 2184	2484	Unicorn-11382.exe	42
PID 2484 wrote to memory of 2184	2484	Unicorn-11382.exe	42
PID 328 wrote to memory of 636	328	Unicorn-46209.exe	43
PID 328 wrote to memory of 636	328	Unicorn-46209.exe	43
PID 328 wrote to memory of 636	328	Unicorn-46209.exe	43
PID 328 wrote to memory of 636	328	Unicorn-46209.exe	43

C:\Users\Admin\AppData\Local\Temp\afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\afb34732081a80ec1ef9b267cc4fd7a0_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3702.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60690.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20509.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22559.exe
        9⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27546.exe
        10⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64676.exe
        11⤵
        
        PID:4352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
        12⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
        13⤵
        
        PID:8028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37945.exe
        14⤵
        
        PID:8908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 236
        13⤵
        
        PID:7768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
        12⤵
        
        PID:6352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
        11⤵
        
        PID:5464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 236
        10⤵
        
        PID:4896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
        9⤵
        Program crash
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31281.exe
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43140.exe
        9⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
        10⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
        11⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42303.exe
        12⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
        13⤵
        
        PID:4988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 236
        13⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
        12⤵
        
        PID:7800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 236
        11⤵
        
        PID:6696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
        10⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
        9⤵
        
        PID:4148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        8⤵
        Program crash
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25147.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46295.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53233.exe
        9⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59118.exe
        10⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-89.exe
        11⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
        12⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
        13⤵
        
        PID:8776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
        13⤵
        
        PID:8784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
        12⤵
        
        PID:7940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        11⤵
        
        PID:6448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 216
        10⤵
        
        PID:4720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
        9⤵
        Program crash
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41535.exe
        8⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
        9⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
        10⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53045.exe
        11⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
        12⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
        12⤵
        
        PID:8824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 236
        11⤵
        
        PID:8128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
        10⤵
        
        PID:6236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
        9⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 220
        8⤵
        Program crash
        
        PID:3948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
        7⤵
        Program crash
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33851.exe
        8⤵
        Executes dropped EXE
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
        9⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57790.exe
        10⤵
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17137.exe
        11⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        12⤵
        
        PID:7492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
        12⤵
        
        PID:8540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 236
        11⤵
        
        PID:7292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
        10⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 456 -s 236
        9⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 236
        8⤵
        Program crash
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5817.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        8⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49814.exe
        9⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        10⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
        11⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62148.exe
        12⤵
        
        PID:5348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 236
        11⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        10⤵
        
        PID:364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
        9⤵
        
        PID:5316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 216
        8⤵
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
        7⤵
        Program crash
        
        PID:3708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        6⤵
        Program crash
        
        PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18834.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3321.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39606.exe
        9⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
        10⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53509.exe
        11⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        12⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17800.exe
        13⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 236
        12⤵
        
        PID:8508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 236
        11⤵
        
        PID:7416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
        10⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 216
        9⤵
        
        PID:4908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
        8⤵
        Program crash
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6777.exe
        7⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
        8⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
        9⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        10⤵
        
        PID:6392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61431.exe
        11⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        12⤵
        
        PID:5112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
        11⤵
        
        PID:8208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
        10⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
        9⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 216
        8⤵
        
        PID:4916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
        7⤵
        Program crash
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 220
        7⤵
        Program crash
        
        PID:1312
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 240
        6⤵
        Program crash
        
        PID:2060
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46764.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32102.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe
        10⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5366.exe
        11⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64489.exe
        11⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
        12⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        13⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29185.exe
        14⤵
        
        PID:8948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
        14⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
        13⤵
        
        PID:8112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
        12⤵
        
        PID:6688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 240
        11⤵
        
        PID:4480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
        10⤵
        
        PID:3408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        9⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1941.exe
        10⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47432.exe
        11⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
        12⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53279.exe
        13⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
        13⤵
        
        PID:8880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
        12⤵
        
        PID:7804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
        11⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
        10⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
        9⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe
        9⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe
        10⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        11⤵
        
        PID:5620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18567.exe
        12⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24302.exe
        13⤵
        
        PID:4444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 236
        13⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 236
        12⤵
        
        PID:2260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 236
        11⤵
        
        PID:6860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
        10⤵
        
        PID:4176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
        9⤵
        Program crash
        
        PID:3364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
        8⤵
        Program crash
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51126.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16716.exe
        8⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55875.exe
        10⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19989.exe
        11⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
        12⤵
        
        PID:8912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
        12⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 236
        11⤵
        
        PID:7964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
        10⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
        9⤵
        
        PID:4644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
        8⤵
        Program crash
        
        PID:2316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
        7⤵
        Program crash
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42211.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45683.exe
        9⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        10⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        11⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39839.exe
        12⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 188
        13⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
        11⤵
        
        PID:8108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
        10⤵
        
        PID:6804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
        9⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
        8⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 236
        7⤵
        Program crash
        
        PID:3684
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        6⤵
        Program crash
        
        PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28572.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8256.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55641.exe
        8⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
        9⤵
        
        PID:4220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
        10⤵
        
        PID:6576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
        11⤵
        
        PID:7404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
        11⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 236
        10⤵
        
        PID:6356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
        9⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
        8⤵
        
        PID:5088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
        7⤵
        Program crash
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
        6⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
        7⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11178.exe
        8⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58584.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54363.exe
        10⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51738.exe
        11⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
        11⤵
        
        PID:6112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
        10⤵
        
        PID:700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        9⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        8⤵
        
        PID:5404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
        7⤵
        
        PID:3740
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 220
        6⤵
        Program crash
        
        PID:2396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        5⤵
        Program crash
        
        PID:2660
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60773.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
        8⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20177.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5833.exe
        10⤵
        
        PID:4448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20318.exe
        11⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe
        12⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59823.exe
        13⤵
        
        PID:4272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 236
        13⤵
        
        PID:6084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 236
        12⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
        11⤵
        
        PID:6544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
        10⤵
        
        PID:4904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 236
        9⤵
        Program crash
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37067.exe
        8⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 188
        9⤵
        Program crash
        
        PID:2224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        8⤵
        Program crash
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        7⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
        9⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3706.exe
        10⤵
        
        PID:5600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 200
        11⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
        10⤵
        
        PID:6200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 216
        9⤵
        
        PID:4584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
        8⤵
        Program crash
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 240
        7⤵
        Program crash
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2330.exe
        7⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41604.exe
        8⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
        9⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23497.exe
        11⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21749.exe
        12⤵
        
        PID:8988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 236
        12⤵
        
        PID:9000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
        11⤵
        
        PID:8084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 236
        10⤵
        
        PID:6460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
        9⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        8⤵
        
        PID:3484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
        7⤵
        Program crash
        
        PID:2296
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 240
        6⤵
        Program crash
        
        PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57270.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40353.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64551.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
        9⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8542.exe
        10⤵
        
        PID:4396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
        11⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2905.exe
        12⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11520.exe
        13⤵
        
        PID:8744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
        12⤵
        
        PID:8532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
        11⤵
        
        PID:6924
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
        10⤵
        
        PID:5180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 216
        9⤵
        
        PID:4588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 236
        8⤵
        Program crash
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61022.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46731.exe
        8⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16519.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
        10⤵
        
        PID:6440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12339.exe
        11⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
        12⤵
        
        PID:8764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
        11⤵
        
        PID:3604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        10⤵
        
        PID:6724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
        9⤵
        
        PID:5756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
        8⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        7⤵
        Program crash
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47571.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23327.exe
        7⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41791.exe
        9⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe
        10⤵
        
        PID:6824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61732.exe
        11⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
        12⤵
        
        PID:8252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 236
        11⤵
        
        PID:7500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
        10⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
        9⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 216
        8⤵
        
        PID:4332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        7⤵
        Program crash
        
        PID:3596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
        6⤵
        Program crash
        
        PID:2456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
        5⤵
        Program crash
        
        PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27935.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11572.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
        7⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62024.exe
        8⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
        9⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31610.exe
        10⤵
        
        PID:5864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 220
        11⤵
        
        PID:7252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        10⤵
        
        PID:6360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
        9⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 216
        8⤵
        
        PID:3528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        7⤵
        Program crash
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27389.exe
        6⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
        7⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1028.exe
        8⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41205.exe
        9⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27918.exe
        10⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7145.exe
        11⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
        11⤵
        
        PID:8716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 236
        10⤵
        
        PID:7932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 236
        9⤵
        
        PID:7028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
        8⤵
        
        PID:5148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
        7⤵
        
        PID:3624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
        6⤵
        Program crash
        
        PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24379.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21236.exe
        9⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
        10⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
        11⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        12⤵
        
        PID:8700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
        12⤵
        
        PID:8556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 236
        11⤵
        
        PID:8092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
        10⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
        9⤵
        
        PID:4516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        8⤵
        Program crash
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61956.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21018.exe
        8⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48906.exe
        9⤵
        
        PID:6116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8779.exe
        10⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe
        11⤵
        
        PID:9176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
        11⤵
        
        PID:9184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 236
        10⤵
        
        PID:7556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 236
        9⤵
        
        PID:6612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 216
        8⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
        7⤵
        Program crash
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
        6⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
        7⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13202.exe
        8⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
        9⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50248.exe
        10⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        10⤵
        
        PID:7536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 220
        10⤵
        
        PID:8424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 236
        9⤵
        
        PID:6636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
        8⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        7⤵
        
        PID:4932
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 220
        6⤵
        Program crash
        
        PID:4056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        5⤵
        Program crash
        
        PID:2164
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2084
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11382.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11382.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59312.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44079.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17001.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33851.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28776.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25533.exe
        10⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28858.exe
        10⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39747.exe
        11⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
        12⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        13⤵
        
        PID:8688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 236
        12⤵
        
        PID:7752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
        11⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 220
        10⤵
        
        PID:5420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 236
        9⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
        8⤵
        Program crash
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30321.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2481.exe
        9⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 200
        10⤵
        
        PID:5624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
        9⤵
        
        PID:4356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        8⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 220
        7⤵
        Program crash
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54312.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59699.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
        8⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28579.exe
        9⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53618.exe
        10⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
        11⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62615.exe
        12⤵
        
        PID:9140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
        11⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
        10⤵
        
        PID:6148
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
        9⤵
        
        PID:5800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
        8⤵
        
        PID:4316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 216
        7⤵
        Program crash
        
        PID:3580
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
        6⤵
        Program crash
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35396.exe
        5⤵
        Executes dropped EXE
        
        PID:2968
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        5⤵
        Program crash
        
        PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63951.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37037.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18693.exe
        8⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4780.exe
        9⤵
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
        10⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56890.exe
        11⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
        12⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
        12⤵
        
        PID:4192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 236
        11⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe
        10⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7337.exe
        11⤵
        
        PID:8720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
        11⤵
        
        PID:2236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 220
        10⤵
        
        PID:7948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
        9⤵
        
        PID:5828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
        8⤵
        
        PID:5096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
        7⤵
        Program crash
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        6⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5423.exe
        7⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
        8⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47323.exe
        9⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        10⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
        11⤵
        
        PID:8840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
        11⤵
        
        PID:5164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 236
        10⤵
        
        PID:8004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
        9⤵
        
        PID:6184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
        8⤵
        
        PID:4748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        7⤵
        Program crash
        
        PID:3272
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        6⤵
        Program crash
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 240
        6⤵
        Program crash
        
        PID:1112
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
        5⤵
        Program crash
        
        PID:1120
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30724.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53757.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46103.exe
        7⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59538.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61443.exe
        9⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
        10⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe
        11⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12480.exe
        12⤵
        
        PID:8848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 236
        11⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
        10⤵
        
        PID:7152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
        9⤵
        
        PID:5792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 216
        8⤵
        
        PID:4264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
        7⤵
        Program crash
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22153.exe
        6⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65101.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9258.exe
        8⤵
        
        PID:4208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31719.exe
        9⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61488.exe
        10⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13087.exe
        11⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        11⤵
        
        PID:9100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 236
        10⤵
        
        PID:7176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
        9⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
        8⤵
        
        PID:4676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
        7⤵
        Program crash
        
        PID:3184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
        6⤵
        Program crash
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17323.exe
        6⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60410.exe
        7⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe
        8⤵
        
        PID:4792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15985.exe
        9⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        10⤵
        
        PID:8184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58614.exe
        11⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
        10⤵
        
        PID:7240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
        9⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
        8⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
        7⤵
        
        PID:4804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        6⤵
        Program crash
        
        PID:3848
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
        5⤵
        Program crash
        
        PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3793.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
        7⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
        8⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
        9⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61478.exe
        10⤵
        
        PID:7260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 236
        10⤵
        
        PID:8376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
        9⤵
        
        PID:7220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
        8⤵
        
        PID:6060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 216
        7⤵
        
        PID:4636
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        6⤵
        Program crash
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55018.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
        6⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31070.exe
        7⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        8⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42137.exe
        9⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51026.exe
        9⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51738.exe
        10⤵
        
        PID:4232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
        10⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 220
        9⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        8⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
        7⤵
        
        PID:4180
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 216
        6⤵
        
        PID:3496
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        5⤵
        Program crash
        
        PID:2756
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
      4⤵
      Program crash
      PID:2064
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
  2⤵
  - Program crash
  PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11382.exe

Filesize
184KB

MD5
3b60d6a7f085c9e5a7ae90a67b6dafe8

SHA1
67d9c6d231f70572db91a6f200c8dedbf1c9c55c

SHA256
9ffc60a4d7b4b02338ee7e5df0767f472292134000656467a69a4346378189c8

SHA512
1d58876474aed9afef228af7cc09c3cb2ddf282dd8f1b8657f9d604b977fef384eba612f3d0cd6cab3a995ed88f6165da6362ea3b425ae673ea2d98ed03a4315

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe

Filesize
184KB

MD5
36217a47389c6152c286fa3ae38e4bfc

SHA1
0858dcfa70e382a1df1fef7e24b631c837484ecc

SHA256
9c124ba928bbdd796b2e92cec64c475540f5449cb3280d44a3b22f8c7bf8de97

SHA512
a2ad25e9e5fd45010352079f5e07f22a7e3882bce7c20099c8fb6195b7e54fc56c7d88151923bed51db831018a94d8f6b34f1503d5c7ecafcd1af2da06fa7b5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2905.exe

Filesize
184KB

MD5
7cd84d53eceae3ade498400b9c2de968

SHA1
cbbe560b5eab78ab0338544cc3f4451c7976c6ba

SHA256
2ac8b9073e21fc55e2a8d4f475d418e2b6f21bf292b05492c40cd1551f71bd71

SHA512
3badd71696fb262bfd0a1ed69beebcccc20d7c84a9b26819536042cfd9fb4ccf5b5145896768b1eb54e25e7379bf5f962723a6774b3564bc817c7590b72d5645

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39916.exe

Filesize
184KB

MD5
7d27ecb295eb3621b308eb65eee1cf4f

SHA1
74ac776e23d23b0dd41c8c8fd130c10d4c22888f

SHA256
d8147989503d53093cda5d85bb4d69cc11fe2c90f6dddbfdedcf5ecf4981ffb2

SHA512
8e77df5469e680dc934196cfb874ed0405a94e09a433399abc8884f618c905b78c6cf86d070b4017125846be86acfa3468a5f6437c7df5613f6599b481be3811

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe

Filesize
184KB

MD5
c9f24e219edf41c9b90bb9cab0cab6bb

SHA1
6189e6e1c0824e8e5647fc1c3d8f194965883ffb

SHA256
54c6484554f5fe037a547a2311dc79cf24eeb35452b34f315a4717735dac9d88

SHA512
89c02736192a986eeef248c739f20c82d2595336e4fc1007cf130ecf6affe0eba65c0baec6e263ab937ada34072892b991429ee277644e239f18880712e57ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5687.exe

Filesize
184KB

MD5
cd24beeabc23d489ea0b0c972235d194

SHA1
2793754ed63a3ac90f50a1ecdb30f264eb9fec78

SHA256
42f43ec6aa954cd90f3be0312402b293bfe48d9efe2530258b3cc44c56050b0c

SHA512
a2489fa33b32736e2d9f3143ef79888633dc27db237e26eb24e8ef366332bd901cc31c866fc1376a676e17a2a29300f8d5b2fee474590728707312fd1f472491

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60042.exe

Filesize
184KB

MD5
d43b14478b62bcfca29c64b35c6dddcd

SHA1
72e7cf039218025e90bb392e009934030a06a6c7

SHA256
4325e0211ab1669b3a09df3ead20f133396412b9636ee379ccb7e5395dd031a7

SHA512
f9b3c6a999c1636018beb2fb1b40e1cdc34eada6b9231326901f21e8da312bc85feb954a3f55debe238fd32ad9b4fea32d94c736a3a25392239fe36b7c282052

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe

Filesize
184KB

MD5
5c60436796860c092c45c41d89a4121d

SHA1
4a395ffb124d4f969289dbfbcb76546ae00fd531

SHA256
e5b40ac580979f29875ec6a6d2d69f781be6d2ae5c8a34f1ff3fa8ba1faca6c5

SHA512
0e8beb20b5f71292c70761068d9da0e6be0b170ab25111bddbf3e782531c8556348a0f6b4ee134f41aec665107b9dbb149039e8b525e54391303f67bcb712e0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11870.exe

Filesize
184KB

MD5
160293b44b8e6af56e45bd910538ad45

SHA1
b90cce21d93795effb58ce3b083078e0497bab7a

SHA256
1236b6701eafb9cecf546d181d7c5dc4c8ddf2582335ea078e13324f1a4d82b4

SHA512
be4a41dd1d9cd81fe419ded61a7e5510efe0a0bc65aa23020c6a20fd48bde8a41331ae357bbe0db16b5a8b4e5b20970383664c08bb0527462fe6afcd8d0d83f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe

Filesize
184KB

MD5
07d5db5221b9da17af81dc94cba364f0

SHA1
04ff53fae9d9f0a6731d246428d9d6c1f627d129

SHA256
0f3b6a76dd5c66e2e5d6376422e2ed3a6af6b9a8bb280062c8c393527211401f

SHA512
75f1804b02998b1c77ea04048d24293f93355e42f70ceb1b3ef0921d9bf416ae2eb8b387680b943476b2022692908398789e7254271b53811444e1477747343c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30724.exe

Filesize
184KB

MD5
1503b6ca611c62f064a6b627a2b18ac1

SHA1
e70af7dfd61d72384afc36929513191f8be343ef

SHA256
2bebc53f38ed3d4d20ca71b46e10eb9297d6ee58155b415ba739050ed4764b0b

SHA512
4ba45507a56018091d133142e9c27b61914f4cf94eeaf946d927cfa148965c677105fd0630227a8b50a418d541809664f6e823616a95adb932991e46b1aba053

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3702.exe

Filesize
184KB

MD5
51c4bfec170275afdd5b5f1aeb73177f

SHA1
02954ad76b384c1e9a20e272a5a667ef9eb952b8

SHA256
518b7d05d0b3168ce08d9b2e23e8c0729268dbfd1e5bfc7235c507b9d77a8607

SHA512
0499f3351382c3ec7c33b6385bee769c62e509c403a89d3284788729ace3e3c64470d2ea25345c4ed9e8f7587849298acae4c80dcd8ecfb6cdfa464569c38704

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe

Filesize
184KB

MD5
1767353edf4123d17ca7bfb6d0a09372

SHA1
fff123addb1b91405e4a230e31157d8963b6ecd1

SHA256
36b9cae8259fa0dfdf116d6d0f02486112b6f1bcbff988e70fa7fed12e60ab67

SHA512
5feb55cbbb1d062879b19ec67e75d642db9147f613a33eb98add36a8188a6d0b49f001bf86e218b11e2ae00e0819bcda7a721405372fba6241fceaf8e433d0e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39416.exe

Filesize
184KB

MD5
240d818cfa78128b34b926844178fdd1

SHA1
34ef48c0f098aa611b77dea05ac0cd11915ddc4b

SHA256
1dcd7964aff931e0fcf2ef0e3c385af72106973bb4f5473d42a88698505fad69

SHA512
4d488c49e983b6d9772ccc3480666758d3049b424b5d1073bdd31b4d64bdc8ef5a6a2f8b46ff0eb6f7c0611ca3b070b6bf1bf525e3b8e58c34f2f07351937fc6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe

Filesize
184KB

MD5
aef7aed56ec7001346902843d7dd183e

SHA1
ba17c42b41a24e24f1f0464c1ce70c9cb5899713

SHA256
266c1e0821dc0602ff48eb79136931c6bc0249afaab0ff3e927d1515370ce318

SHA512
24a247287f5f5bcefd0ce3ae6951955cfc3d6d56b83819c990ff6ff2380843d156be99e724ac5430ca932ed3e6bfaa84e85209780a67b9a3ba8b4dabd544d70e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46209.exe

Filesize
184KB

MD5
73697ec3984c3cc90ceedf8637f2f2e9

SHA1
bdeb2db74e4bbea2673c231068e5158d7a755584

SHA256
106ab0523d1d5bee9e5bd70eaaed025bc9c5bae256c90476a3728c5573b77310

SHA512
15dc2db8b62aad569db15db9a028bacd524d44577529b85f6b7d36f2a33ac89672104a44525646907f3d6c6dd297d2f9447b8bcdb2fb5d85ba6e6930e2100034

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46764.exe

Filesize
184KB

MD5
81e2d3855dc52c8051b478ce01534929

SHA1
30953cb28f3977f04f2f63735b962aca0854cda1

SHA256
f4c222d019db643cb4375bacad47772aafecd7f920a3786b1b6d96c680c1d20e

SHA512
1d870188cc3f167569ee61a3dfbaae6155aed3c8e55003334e63f6b995c13b3f8c60f8ea316f07b46a257e716835744b753fd10b191c8104fa113f94a1522071

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe

Filesize
184KB

MD5
7459fc0e6c2b6f6a26ff082ac8229fc5

SHA1
665d61c2784b3eb5176d96beb480fb2a02df5eee

SHA256
cb88b2cb4a6648ad7c8e5518a05312bc41dec9c224e5056dd5f4d122b880ef27

SHA512
e7cb87d842df4921756a08d6aaac79a9d5ca608d8e0dff6f1883432d74bcdda2312018ec23062b49cb8c093dd34b8bc0b74ab62695bbeb84d1829c0e7416cd95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe

Filesize
184KB

MD5
e01be844992ba523f035ab6ef39d71f8

SHA1
97e350524f37df7032f714766d5b683b1d8f8adf

SHA256
d5a8cd4c0689a558fb1dfb9d0c7179e621e3f8cd0aad316101eccde2a7da89bc

SHA512
ac7c26ccbc9082781322d0d9ae5ebce6a392531d29d2abbf2c4215ab373428bbe97bc9a28a2d73612f917a8cdb0f857c5bee4b22c508f609c8b5bc062cb5e9f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe

Filesize
184KB

MD5
803ed6c891b3e12849c7b606593619f7

SHA1
eb83958b59e4d0de16dd30020de7167c172da291

SHA256
120e8be22c21e114ebc78e5329806548a9d6fbfab0a6e788ee026b7d31b592ad

SHA512
c5122ee290c841c50ace2cca505858cae944eea17164bf7cea3c80f91335d7f4d4ce4122139859961dd03e277bd2ffecae874a896ee3d2caa159e55a52780a75

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads