b6838ebc0a9d7d92b514996db6fe7f956f7b020f59558c72bf7aac8930a16d41

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe
Size

184KB
MD5

13f7668a2030fc8f9b494119515e3610
SHA1

56a91a0a2ebe1cf80668d8b6f082d695e4548c64
SHA256

b6838ebc0a9d7d92b514996db6fe7f956f7b020f59558c72bf7aac8930a16d41
SHA512

eb16ed4ca4035f395d03921cac39067dd053c0a45af516a20e38518eff6118cd358e87fd2c093f823055c1fa35002e572e1259d76f5e8e7f6039120c79fd2f38
SSDEEP

3072:KgXlCmoTlPxpdaVtFFzqbZ7Wcvnln1iFP:KgRobnaVlqt7WcPln1iF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2668	Unicorn-52320.exe
2624	Unicorn-46145.exe
2652	Unicorn-30363.exe
2452	Unicorn-54396.exe
1808	Unicorn-38614.exe
2496	Unicorn-30769.exe
1096	Unicorn-893.exe
1880	Unicorn-13145.exe
2824	Unicorn-25398.exe
2144	Unicorn-5532.exe
2412	Unicorn-27619.exe
2716	Unicorn-20005.exe
1516	Unicorn-64375.exe
2312	Unicorn-17867.exe
2024	Unicorn-45901.exe
2860	Unicorn-50540.exe
3052	Unicorn-58153.exe
1116	Unicorn-62320.exe
1976	Unicorn-54728.exe
1384	Unicorn-28086.exe
2088	Unicorn-52590.exe
976	Unicorn-52590.exe
1816	Unicorn-9611.exe
1884	Unicorn-24556.exe
1820	Unicorn-1998.exe
1764	Unicorn-34116.exe
560	Unicorn-59367.exe
1724	Unicorn-40892.exe
2356	Unicorn-27256.exe
2032	Unicorn-60675.exe
2552	Unicorn-41454.exe
2692	Unicorn-52315.exe
2548	Unicorn-27640.exe
2536	Unicorn-58921.exe
2596	Unicorn-56228.exe
2428	Unicorn-65465.exe
2544	Unicorn-37754.exe
1264	Unicorn-5958.exe
580	Unicorn-51630.exe
2736	Unicorn-54090.exe
2812	Unicorn-22295.exe
1848	Unicorn-43784.exe
1028	Unicorn-59798.exe
944	Unicorn-33155.exe
764	Unicorn-7904.exe
2524	Unicorn-22849.exe
3020	Unicorn-31423.exe
2060	Unicorn-25201.exe
1112	Unicorn-1251.exe
828	Unicorn-23063.exe
916	Unicorn-33923.exe
1796	Unicorn-53789.exe
2340	Unicorn-19555.exe
2948	Unicorn-46752.exe
2516	Unicorn-17417.exe
2648	Unicorn-3581.exe
2656	Unicorn-38413.exe
2664	Unicorn-17801.exe
2456	Unicorn-42305.exe
1336	Unicorn-7494.exe
2472	Unicorn-38221.exe
1392	Unicorn-26523.exe
2792	Unicorn-18355.exe
2908	Unicorn-42859.exe

Loads dropped DLL 64 IoCs

pid	Process
1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe
1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe
2668	Unicorn-52320.exe
1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe
2668	Unicorn-52320.exe
1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe
2624	Unicorn-46145.exe
2624	Unicorn-46145.exe
2668	Unicorn-52320.exe
2668	Unicorn-52320.exe
2652	Unicorn-30363.exe
2652	Unicorn-30363.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1172	WerFault.exe
1808	Unicorn-38614.exe
1808	Unicorn-38614.exe
2452	Unicorn-54396.exe
2452	Unicorn-54396.exe
2496	Unicorn-30769.exe
2496	Unicorn-30769.exe
2652	Unicorn-30363.exe
2652	Unicorn-30363.exe
1980	WerFault.exe
1980	WerFault.exe
1980	WerFault.exe
1980	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1996	WerFault.exe
1980	WerFault.exe
1096	Unicorn-893.exe
1096	Unicorn-893.exe
1808	Unicorn-38614.exe
1808	Unicorn-38614.exe
1880	Unicorn-13145.exe
1880	Unicorn-13145.exe
2452	Unicorn-54396.exe
2452	Unicorn-54396.exe
2824	Unicorn-25398.exe
2824	Unicorn-25398.exe
2496	Unicorn-30769.exe
2496	Unicorn-30769.exe
2144	Unicorn-5532.exe
2144	Unicorn-5532.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe
3048	WerFault.exe
1356	WerFault.exe
1356	WerFault.exe
1356	WerFault.exe
1356	WerFault.exe
3048	WerFault.exe
1356	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
3008	1704	WerFault.exe	27
1172	2668	WerFault.exe	28
1980	2624	WerFault.exe	29
1996	2652	WerFault.exe	30
2248	1808	WerFault.exe	33
3048	2452	WerFault.exe	32
1356	2496	WerFault.exe	34
1632	1096	WerFault.exe	36
2888	1880	WerFault.exe	37
2504	2824	WerFault.exe	38
1568	2144	WerFault.exe	39
596	2716	WerFault.exe	43
1448	2312	WerFault.exe	45
2868	2860	WerFault.exe	47
3044	1516	WerFault.exe	44
380	2412	WerFault.exe	42
1444	2024	WerFault.exe	46
2036	3052	WerFault.exe	48
2364	1116	WerFault.exe	52
1668	1976	WerFault.exe	53
2344	1816	WerFault.exe	57
2172	1820	WerFault.exe	58
2196	1384	WerFault.exe	54
2540	976	WerFault.exe	56
2028	560	WerFault.exe	60
2324	2356	WerFault.exe	67
2892	2032	WerFault.exe	68
2900	2692	WerFault.exe	70
2780	2548	WerFault.exe	71
2808	2088	WerFault.exe	55
1508	1884	WerFault.exe	59
1840	2536	WerFault.exe	72
2608	764	WerFault.exe	84
436	944	WerFault.exe	83
2408	2812	WerFault.exe	80
1940	1848	WerFault.exe	81
2264	2524	WerFault.exe	85
1376	1028	WerFault.exe	82
1440	1264	WerFault.exe	77
3132	2544	WerFault.exe	75
3476	828	WerFault.exe	97
3568	1112	WerFault.exe	95
3632	580	WerFault.exe	78
3660	916	WerFault.exe	98
3776	1724	WerFault.exe	62
3804	2948	WerFault.exe	101
3856	2552	WerFault.exe	69
3864	1764	WerFault.exe	61
3900	2516	WerFault.exe	102
3948	2648	WerFault.exe	103
4072	2596	WerFault.exe	73
3208	2908	WerFault.exe	111
3220	3020	WerFault.exe	91
3416	2060	WerFault.exe	93
3444	1164	WerFault.exe	142
3544	1008	WerFault.exe	115
3596	2656	WerFault.exe	104
3680	1952	WerFault.exe	116
3700	1988	WerFault.exe	113
3744	2736	WerFault.exe	79
4064	2176	WerFault.exe	122
3180	2040	WerFault.exe	120
3352	1796	WerFault.exe	99
3356	2672	WerFault.exe	112

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe
2668	Unicorn-52320.exe
2624	Unicorn-46145.exe
2652	Unicorn-30363.exe
1808	Unicorn-38614.exe
2452	Unicorn-54396.exe
2496	Unicorn-30769.exe
1096	Unicorn-893.exe
1880	Unicorn-13145.exe
2824	Unicorn-25398.exe
2144	Unicorn-5532.exe
2716	Unicorn-20005.exe
2412	Unicorn-27619.exe
2312	Unicorn-17867.exe
2024	Unicorn-45901.exe
1516	Unicorn-64375.exe
2860	Unicorn-50540.exe
3052	Unicorn-58153.exe
1116	Unicorn-62320.exe
1976	Unicorn-54728.exe
1384	Unicorn-28086.exe
2088	Unicorn-52590.exe
1816	Unicorn-9611.exe
976	Unicorn-52590.exe
1820	Unicorn-1998.exe
1884	Unicorn-24556.exe
1724	Unicorn-40892.exe
1764	Unicorn-34116.exe
560	Unicorn-59367.exe
2356	Unicorn-27256.exe
2032	Unicorn-60675.exe
2552	Unicorn-41454.exe
2692	Unicorn-52315.exe
2548	Unicorn-27640.exe
2536	Unicorn-58921.exe
2596	Unicorn-56228.exe
2428	Unicorn-65465.exe
2544	Unicorn-37754.exe
1264	Unicorn-5958.exe
2736	Unicorn-54090.exe
580	Unicorn-51630.exe
1848	Unicorn-43784.exe
2812	Unicorn-22295.exe
944	Unicorn-33155.exe
1028	Unicorn-59798.exe
2524	Unicorn-22849.exe
764	Unicorn-7904.exe
3020	Unicorn-31423.exe
2060	Unicorn-25201.exe
1112	Unicorn-1251.exe
828	Unicorn-23063.exe
916	Unicorn-33923.exe
1796	Unicorn-53789.exe
2340	Unicorn-19555.exe
2948	Unicorn-46752.exe
2516	Unicorn-17417.exe
2648	Unicorn-3581.exe
2656	Unicorn-38413.exe
1392	Unicorn-26523.exe
2664	Unicorn-17801.exe
2908	Unicorn-42859.exe
1336	Unicorn-7494.exe
2456	Unicorn-42305.exe
2472	Unicorn-38221.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2668	1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe	28
PID 1704 wrote to memory of 2668	1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe	28
PID 1704 wrote to memory of 2668	1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe	28
PID 1704 wrote to memory of 2668	1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe	28
PID 2668 wrote to memory of 2624	2668	Unicorn-52320.exe	29
PID 2668 wrote to memory of 2624	2668	Unicorn-52320.exe	29
PID 2668 wrote to memory of 2624	2668	Unicorn-52320.exe	29
PID 2668 wrote to memory of 2624	2668	Unicorn-52320.exe	29
PID 1704 wrote to memory of 2652	1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe	30
PID 1704 wrote to memory of 2652	1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe	30
PID 1704 wrote to memory of 2652	1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe	30
PID 1704 wrote to memory of 2652	1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe	30
PID 1704 wrote to memory of 3008	1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe	31
PID 1704 wrote to memory of 3008	1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe	31
PID 1704 wrote to memory of 3008	1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe	31
PID 1704 wrote to memory of 3008	1704	13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe	31
PID 2624 wrote to memory of 2452	2624	Unicorn-46145.exe	32
PID 2624 wrote to memory of 2452	2624	Unicorn-46145.exe	32
PID 2624 wrote to memory of 2452	2624	Unicorn-46145.exe	32
PID 2624 wrote to memory of 2452	2624	Unicorn-46145.exe	32
PID 2668 wrote to memory of 1808	2668	Unicorn-52320.exe	33
PID 2668 wrote to memory of 1808	2668	Unicorn-52320.exe	33
PID 2668 wrote to memory of 1808	2668	Unicorn-52320.exe	33
PID 2668 wrote to memory of 1808	2668	Unicorn-52320.exe	33
PID 2652 wrote to memory of 2496	2652	Unicorn-30363.exe	34
PID 2652 wrote to memory of 2496	2652	Unicorn-30363.exe	34
PID 2652 wrote to memory of 2496	2652	Unicorn-30363.exe	34
PID 2652 wrote to memory of 2496	2652	Unicorn-30363.exe	34
PID 2668 wrote to memory of 1172	2668	Unicorn-52320.exe	35
PID 2668 wrote to memory of 1172	2668	Unicorn-52320.exe	35
PID 2668 wrote to memory of 1172	2668	Unicorn-52320.exe	35
PID 2668 wrote to memory of 1172	2668	Unicorn-52320.exe	35
PID 1808 wrote to memory of 1096	1808	Unicorn-38614.exe	36
PID 1808 wrote to memory of 1096	1808	Unicorn-38614.exe	36
PID 1808 wrote to memory of 1096	1808	Unicorn-38614.exe	36
PID 1808 wrote to memory of 1096	1808	Unicorn-38614.exe	36
PID 2452 wrote to memory of 1880	2452	Unicorn-54396.exe	37
PID 2452 wrote to memory of 1880	2452	Unicorn-54396.exe	37
PID 2452 wrote to memory of 1880	2452	Unicorn-54396.exe	37
PID 2452 wrote to memory of 1880	2452	Unicorn-54396.exe	37
PID 2496 wrote to memory of 2824	2496	Unicorn-30769.exe	38
PID 2496 wrote to memory of 2824	2496	Unicorn-30769.exe	38
PID 2496 wrote to memory of 2824	2496	Unicorn-30769.exe	38
PID 2496 wrote to memory of 2824	2496	Unicorn-30769.exe	38
PID 2652 wrote to memory of 2144	2652	Unicorn-30363.exe	39
PID 2652 wrote to memory of 2144	2652	Unicorn-30363.exe	39
PID 2652 wrote to memory of 2144	2652	Unicorn-30363.exe	39
PID 2652 wrote to memory of 2144	2652	Unicorn-30363.exe	39
PID 2624 wrote to memory of 1980	2624	Unicorn-46145.exe	40
PID 2624 wrote to memory of 1980	2624	Unicorn-46145.exe	40
PID 2624 wrote to memory of 1980	2624	Unicorn-46145.exe	40
PID 2624 wrote to memory of 1980	2624	Unicorn-46145.exe	40
PID 2652 wrote to memory of 1996	2652	Unicorn-30363.exe	41
PID 2652 wrote to memory of 1996	2652	Unicorn-30363.exe	41
PID 2652 wrote to memory of 1996	2652	Unicorn-30363.exe	41
PID 2652 wrote to memory of 1996	2652	Unicorn-30363.exe	41
PID 1096 wrote to memory of 2412	1096	Unicorn-893.exe	42
PID 1096 wrote to memory of 2412	1096	Unicorn-893.exe	42
PID 1096 wrote to memory of 2412	1096	Unicorn-893.exe	42
PID 1096 wrote to memory of 2412	1096	Unicorn-893.exe	42
PID 1808 wrote to memory of 2716	1808	Unicorn-38614.exe	43
PID 1808 wrote to memory of 2716	1808	Unicorn-38614.exe	43
PID 1808 wrote to memory of 2716	1808	Unicorn-38614.exe	43
PID 1808 wrote to memory of 2716	1808	Unicorn-38614.exe	43

C:\Users\Admin\AppData\Local\Temp\13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\13f7668a2030fc8f9b494119515e3610_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7904.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7494.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
        10⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27282.exe
        11⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
        12⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19304.exe
        13⤵
        
        PID:7040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
        13⤵
        
        PID:7976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
        12⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
        11⤵
        
        PID:5216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
        10⤵
        
        PID:3404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 236
        9⤵
        Program crash
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe
        9⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
        10⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14557.exe
        11⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14.exe
        12⤵
        
        PID:6260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        13⤵
        
        PID:8536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
        13⤵
        
        PID:9160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
        12⤵
        
        PID:7496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
        11⤵
        
        PID:6076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
        10⤵
        
        PID:4108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
        9⤵
        Program crash
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 240
        8⤵
        Program crash
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22849.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44251.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        9⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23499.exe
        10⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38543.exe
        11⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5105.exe
        12⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30809.exe
        13⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
        13⤵
        
        PID:8524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
        12⤵
        
        PID:7928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
        11⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
        10⤵
        
        PID:4300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
        9⤵
        Program crash
        
        PID:3356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
        8⤵
        Program crash
        
        PID:2264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
        7⤵
        Program crash
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65465.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35267.exe
        7⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20873.exe
        8⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14946.exe
        9⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23769.exe
        10⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31317.exe
        11⤵
        
        PID:6768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
        12⤵
        
        PID:8240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
        12⤵
        
        PID:8944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 236
        11⤵
        
        PID:7660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
        10⤵
        
        PID:6284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
        9⤵
        
        PID:4836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
        8⤵
        Program crash
        
        PID:4064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
        7⤵
        Program crash
        
        PID:1508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
        6⤵
        Program crash
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17867.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41454.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23063.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
        9⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe
        10⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
        11⤵
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-175.exe
        12⤵
        
        PID:5904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        13⤵
        
        PID:7468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
        14⤵
        
        PID:8388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
        14⤵
        
        PID:5004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
        13⤵
        
        PID:8056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
        12⤵
        
        PID:6980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
        11⤵
        
        PID:4384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
        10⤵
        
        PID:3644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 216
        9⤵
        Program crash
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
        8⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42108.exe
        9⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37827.exe
        10⤵
        
        PID:4116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        11⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56439.exe
        12⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
        13⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 236
        13⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
        12⤵
        
        PID:8452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 236
        11⤵
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
        10⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
        9⤵
        
        PID:4808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
        8⤵
        Program crash
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26244.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46000.exe
        9⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23966.exe
        10⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53351.exe
        11⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
        12⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
        13⤵
        
        PID:5428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
        12⤵
        
        PID:7484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
        11⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
        10⤵
        
        PID:5488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
        9⤵
        
        PID:4652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 236
        8⤵
        Program crash
        
        PID:3660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
        7⤵
        Program crash
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52315.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53789.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-369.exe
        8⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27561.exe
        10⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
        11⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61659.exe
        12⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
        13⤵
        
        PID:8876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 216
        13⤵
        
        PID:9004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
        12⤵
        
        PID:7584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
        11⤵
        
        PID:5392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
        10⤵
        
        PID:4208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 236
        9⤵
        Program crash
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13067.exe
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
        9⤵
        
        PID:4156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7624.exe
        10⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        11⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        12⤵
        
        PID:8428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 236
        12⤵
        
        PID:9112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
        11⤵
        
        PID:7760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
        10⤵
        
        PID:6536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
        9⤵
        
        PID:4308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        8⤵
        Program crash
        
        PID:3352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
        7⤵
        Program crash
        
        PID:2900
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
        6⤵
        Program crash
        
        PID:1448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:3048
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
      4⤵
      Loads dropped DLL
      Program crash
      PID:1980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-893.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27619.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52590.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22295.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17801.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43815.exe
        9⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
        10⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        11⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5790.exe
        12⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
        13⤵
        
        PID:8260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 216
        13⤵
        
        PID:5108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 236
        12⤵
        
        PID:7848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
        11⤵
        
        PID:5608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
        10⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
        9⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
        8⤵
        Program crash
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26523.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47515.exe
        8⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
        9⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
        10⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23388.exe
        11⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
        12⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
        12⤵
        
        PID:8800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
        11⤵
        
        PID:7992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
        10⤵
        
        PID:6576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
        9⤵
        
        PID:4776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 236
        8⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
        7⤵
        Program crash
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34713.exe
        7⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
        8⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
        9⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8828.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6153.exe
        11⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6060.exe
        12⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
        13⤵
        
        PID:4400
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
        12⤵
        
        PID:8592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
        11⤵
        
        PID:7180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
        10⤵
        
        PID:5652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
        9⤵
        
        PID:4248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 216
        8⤵
        Program crash
        
        PID:3180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
        7⤵
        Program crash
        
        PID:1376
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 220
        6⤵
        Program crash
        
        PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1998.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56228.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17417.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42580.exe
        8⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
        9⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
        10⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
        11⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54254.exe
        12⤵
        
        PID:8004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64955.exe
        13⤵
        
        PID:9200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
        13⤵
        
        PID:5780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 236
        12⤵
        
        PID:7744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 236
        11⤵
        
        PID:6616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
        10⤵
        
        PID:6088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 216
        9⤵
        
        PID:4876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        8⤵
        Program crash
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47152.exe
        8⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
        9⤵
        
        PID:4292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61109.exe
        10⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62422.exe
        11⤵
        
        PID:8048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25350.exe
        12⤵
        
        PID:5832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 236
        11⤵
        
        PID:3516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 236
        10⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
        9⤵
        
        PID:5936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 216
        8⤵
        
        PID:5060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        7⤵
        Program crash
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1547.exe
        7⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32378.exe
        8⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15050.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8099.exe
        10⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
        11⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        12⤵
        
        PID:5356
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 236
        11⤵
        
        PID:8684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 236
        10⤵
        
        PID:7204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
        9⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 236
        8⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
        7⤵
        Program crash
        
        PID:3948
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
        6⤵
        Program crash
        
        PID:2172
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 240
        5⤵
        Program crash
        
        PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62320.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27256.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61521.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15741.exe
        9⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
        10⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
        11⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9241.exe
        12⤵
        
        PID:8268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
        12⤵
        
        PID:8952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 236
        11⤵
        
        PID:7452
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
        10⤵
        
        PID:6056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
        9⤵
        
        PID:4180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 216
        8⤵
        Program crash
        
        PID:3220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
        7⤵
        Program crash
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1251.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49508.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
        9⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
        10⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
        11⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41302.exe
        12⤵
        
        PID:5704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 236
        11⤵
        
        PID:8016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
        10⤵
        
        PID:6304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
        9⤵
        
        PID:5520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
        8⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 236
        7⤵
        Program crash
        
        PID:3568
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 240
        6⤵
        Program crash
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60675.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
        7⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
        8⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42160.exe
        9⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-761.exe
        10⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
        11⤵
        
        PID:8472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
        11⤵
        
        PID:9120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
        10⤵
        
        PID:7444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
        9⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 216
        8⤵
        
        PID:4268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
        7⤵
        Program crash
        
        PID:3416
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
        6⤵
        Program crash
        
        PID:2892
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        5⤵
        Program crash
        
        PID:596
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2248
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30363.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30363.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27640.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19555.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42388.exe
        9⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6482.exe
        10⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6970.exe
        11⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe
        12⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
        13⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
        14⤵
        
        PID:8296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 236
        14⤵
        
        PID:8416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 236
        13⤵
        
        PID:8104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
        12⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
        11⤵
        
        PID:4680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
        10⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56814.exe
        9⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49456.exe
        10⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19685.exe
        11⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
        12⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18064.exe
        13⤵
        
        PID:8492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 236
        13⤵
        
        PID:8560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
        12⤵
        
        PID:7892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
        11⤵
        
        PID:6276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
        10⤵
        
        PID:5008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
        8⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
        9⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19415.exe
        10⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59539.exe
        11⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44301.exe
        12⤵
        
        PID:6884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
        13⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
        13⤵
        
        PID:8884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
        12⤵
        
        PID:7688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
        11⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
        10⤵
        
        PID:4440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
        9⤵
        
        PID:3376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
        8⤵
        Program crash
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46752.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44718.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35502.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19825.exe
        10⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7759.exe
        11⤵
        
        PID:4144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32796.exe
        12⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11296.exe
        13⤵
        
        PID:7428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
        13⤵
        
        PID:8668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
        12⤵
        
        PID:7172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
        11⤵
        
        PID:5688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
        10⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63358.exe
        9⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
        10⤵
        
        PID:4780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13745.exe
        11⤵
        
        PID:6756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18614.exe
        12⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44099.exe
        13⤵
        
        PID:8308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
        12⤵
        
        PID:8420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
        11⤵
        
        PID:6752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
        10⤵
        
        PID:5396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
        9⤵
        
        PID:5100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
        8⤵
        Program crash
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
        7⤵
        Program crash
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38413.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34407.exe
        9⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23577.exe
        10⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        11⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
        12⤵
        
        PID:9188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 236
        12⤵
        
        PID:8368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 236
        11⤵
        
        PID:7780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
        10⤵
        
        PID:5920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
        9⤵
        
        PID:4536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
        8⤵
        Program crash
        
        PID:3596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
        7⤵
        Program crash
        
        PID:1840
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        6⤵
        Program crash
        
        PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54090.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        7⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        8⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20209.exe
        9⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        10⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53024.exe
        11⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
        12⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30368.exe
        13⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 236
        12⤵
        
        PID:8692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
        11⤵
        
        PID:7288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
        10⤵
        
        PID:5548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 216
        9⤵
        
        PID:4352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 236
        8⤵
        Program crash
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        8⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6472.exe
        9⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
        10⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
        11⤵
        
        PID:9028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
        11⤵
        
        PID:4520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
        10⤵
        
        PID:7680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
        9⤵
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 216
        8⤵
        
        PID:4596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
        7⤵
        Program crash
        
        PID:3744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
        6⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32850.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65133.exe
        8⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15216.exe
        9⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60637.exe
        10⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6631.exe
        11⤵
        
        PID:8708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
        11⤵
        
        PID:8792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
        10⤵
        
        PID:7748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
        9⤵
        
        PID:5932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
        8⤵
        
        PID:4600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        7⤵
        Program crash
        
        PID:3680
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 240
        6⤵
        Program crash
        
        PID:2028
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
        5⤵
        Program crash
        
        PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50540.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36083.exe
        7⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
        8⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        9⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
        10⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
        11⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60487.exe
        12⤵
        
        PID:9044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
        12⤵
        
        PID:5500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
        11⤵
        
        PID:7704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
        10⤵
        
        PID:6952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
        9⤵
        
        PID:5208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 236
        8⤵
        
        PID:4028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
        7⤵
        Program crash
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16217.exe
        6⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61630.exe
        7⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61049.exe
        8⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
        9⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35318.exe
        10⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        11⤵
        
        PID:8196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
        11⤵
        
        PID:8936
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 236
        10⤵
        
        PID:7420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
        9⤵
        
        PID:5964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 216
        8⤵
        
        PID:4576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
        7⤵
        Program crash
        
        PID:3700
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
        6⤵
        Program crash
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41869.exe
        7⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        8⤵
        
        PID:4760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34794.exe
        9⤵
        
        PID:5988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 224
        10⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59526.exe
        9⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48416.exe
        10⤵
        
        PID:8152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
        11⤵
        
        PID:8980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 236
        10⤵
        
        PID:8348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 220
        9⤵
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
        8⤵
        
        PID:5460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
        7⤵
        
        PID:4008
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
        6⤵
        Program crash
        
        PID:436
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
        5⤵
        Program crash
        
        PID:2868
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58153.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58153.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34116.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37754.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21605.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
        9⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60634.exe
        10⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
        11⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
        12⤵
        
        PID:8392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
        12⤵
        
        PID:9104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
        11⤵
        
        PID:7564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
        10⤵
        
        PID:5508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
        9⤵
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        8⤵
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
        7⤵
        Program crash
        
        PID:3132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1827.exe
        6⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54360.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65237.exe
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17446.exe
        9⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25521.exe
        10⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44182.exe
        11⤵
        
        PID:1472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 236
        10⤵
        
        PID:8496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
        9⤵
        
        PID:6968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
        8⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 216
        7⤵
        
        PID:4848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
        6⤵
        Program crash
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51630.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
        6⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe
        7⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
        8⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
        9⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60720.exe
        10⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
        11⤵
        
        PID:8704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
        11⤵
        
        PID:1700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
        10⤵
        
        PID:8132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
        9⤵
        
        PID:6504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
        8⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
        7⤵
        
        PID:4660
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
        6⤵
        Program crash
        
        PID:3632
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
        5⤵
        Program crash
        
        PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5958.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64775.exe
        7⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25336.exe
        8⤵
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40873.exe
        9⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51976.exe
        10⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61426.exe
        11⤵
        
        PID:4368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
        11⤵
        
        PID:308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
        10⤵
        
        PID:8072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
        9⤵
        
        PID:6628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
        8⤵
        
        PID:5128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
        7⤵
        
        PID:3304
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 216
        6⤵
        Program crash
        
        PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18355.exe
        5⤵
        Executes dropped EXE
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23826.exe
        6⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
        7⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26626.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
        9⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61447.exe
        10⤵
        
        PID:8280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
        10⤵
        
        PID:8488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
        9⤵
        
        PID:7916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
        8⤵
        
        PID:6996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
        7⤵
        
        PID:5164
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
        6⤵
        
        PID:3708
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        5⤵
        Program crash
        
        PID:3776
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
      4⤵
      Program crash
      PID:1568
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1996
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
  2⤵
  - Program crash
  PID:3008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-30769.exe

Filesize
184KB

MD5
38c0765ed1748412cc9e046eec0d9bfb

SHA1
64bdab756057c7c1378e7c2ac6655df763fe2079

SHA256
29a23b2310788faaf2d835c3a89f89a5e129d84b1247231d33efa6b2ee34f5ad

SHA512
f0e0c8290150cb5c7f6ebfe5939af686a9c189fedc4991659d87b11dcdd5b8a04cf1d5056836010d32ac4c6c26bbefcc5f29390dc095bfb9b0a270475e99eb74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe

Filesize
184KB

MD5
001c006513f804f4f76c63001ff16ba2

SHA1
a3bffcad02e4e5f77e3ea53fb0d7c73dfd31297e

SHA256
74406d22782222dcf19599c559c0649dd5b401a9b80031300888b27cf33d7143

SHA512
b838782826898094983c1d4c128d3e9b5375f4b48b3ee201751092fdab70fc43bd02d83ffc8f41d086f8ca854aa544c8f763131277bc42a5d358114a5e2f13f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe

Filesize
184KB

MD5
c194f7f1dba8770877e8e4ed5369ce55

SHA1
f742d5e149d6fdc64af71949985704716283d601

SHA256
19a8820922661294bc72b0ebe38a4158df8c2fe24b9a8317da520663419ae460

SHA512
8cc72b9e597a22bef47c4950c80938c135d016d4d819031fc9fb2b2bf40f1426dc11be75a1ef5a84b471717d81760523c28846041861269d42fddc8d0f66e349

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe

Filesize
184KB

MD5
0e174780a3c7dd08d1b635827bbea446

SHA1
a5afbf69327486437245357109703c68e6f125e7

SHA256
ab47bf54b095840542ef0ff16c62bf01bb92051e65c1472f01863afdd2d32912

SHA512
9b0b73e8bf9ae577630bc8dbe300efb68d31e2c5da3050009d107d12e45faa68e06f896a4378eba91dd11ff5da4e86b126145b1c46b4323ee2e6d847145a4387

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41302.exe

Filesize
184KB

MD5
9d3fb5953aa8aa30b4f1519ef4d05736

SHA1
5964db7df02282a310f40019b4761ea723e257e3

SHA256
f74068f481dfa43f2156b8d546720c0fd542ce80573e19c95181de7152a9c665

SHA512
aa09e0a312661469588c1a11968e874fc0da4616c26bae284064ba607e129ac6576f459c69f09c00a140267503a9b51cf5b141ecbe4c0599f508d1b9c0e5465d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5532.exe

Filesize
184KB

MD5
c5886d9de86c33c156e9d5943dbc6909

SHA1
a74fffab79604756f5212493967f95097025696c

SHA256
eeadaa9b8ec183743572e8526b0e354e43ecc49c6cf66181924c8a3ac6ff5132

SHA512
6c34d1541744f3e22dcdb80060237659003fa795ce1c7b974d09d2e7e56a4903a6710f516284fb441fbfd34ab9a3758da19c7101f24956952195cddf93fb39ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5958.exe

Filesize
184KB

MD5
956d33ef59a4dc967f8d573cac1a2609

SHA1
7aec7ef2573cbbb4027ab347e938ef15002634b8

SHA256
ea9fdb25eb4693dca1bf78b811e63be256dac9136505f565418537b0c2307106

SHA512
8cec3e6df08c03cf6bbedb2b89c59a62cb7ed6666cee813dd3aa0ae572018da7f96662f6ed85ea2c040f1445f7e977de213da3e9031953ff356d2e6767b63503

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6482.exe

Filesize
184KB

MD5
2384ef17c129ee4c4ec2168353bf3b02

SHA1
f150c04aafaf477b7508c8ce93e7062f82e0534b

SHA256
1acef1615f72ec29b6f64dfdd746ad3ed018e31bf0b7a993bb12af326b2c5099

SHA512
42486b761da0282f857af45b4e15119a11e8d7491386d620c2abe31e37b0ebab9fcb8ebadd6babe763fd42a5ad1960c6e12ab0437113159ce64aad5ff52e41eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe

Filesize
184KB

MD5
b4ef8e6168f7f04bf5cde2742fc31684

SHA1
404bfbe57056265489b799fc2656cfc85175ee8b

SHA256
48a56df93166159f856e3be1869bb5202b4eeefb6a9bd20ddfba646dbcc70ba4

SHA512
5cc2d35410256d91bdd1e7aae43868c3029f470049ac63cb101e1b164dbee5ad0c8ee02310c55f8338657299f2ad2a40fd0c9f78a64ad91aae6e367e35fa5741

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe

Filesize
184KB

MD5
5799f87352736a283dfb1023cac05317

SHA1
15f918315a6eece5983679803690948db9c11452

SHA256
0662695a9a023850172ec30d6c5e97320ccf8155db8f7363f742f1c9255b3344

SHA512
e84b092ad4a0ebda668c7caef0387eee8ee065068b1e3d94502f8c2e0803f17586b18a886c53cf3e7a7909f0d6505c32b7c220fa9117688c5ed4fdc1c47bb062

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17867.exe

Filesize
184KB

MD5
c43c4d6be213894c217357bde8e30a15

SHA1
1dc4df6644dcf794e674329b4da99ae3f789b6a4

SHA256
bd74d773efec288c71d18ab62cb48298c228eab601d82f69f9f619027af1baba

SHA512
e3df9b0a61635a778f87928ef993ade2b69564d35f4002ea957197dfc34db9cbca34aabad57e947cdfa9b6057855ff55d1c0fc2c1b61b6013ef0d20fb1f6a265

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe

Filesize
184KB

MD5
924f23130fccc338d1f77547c8e947d2

SHA1
a740544d3cc2532c29eac8e6424c97ee99bb4a17

SHA256
2718a2a5e19facff06d9208e334447c832976c580740aa709f8936d999061bc5

SHA512
e7c8e2955b7410e187cb0666c2807229c44cbc5c0ea050d3222bdae378309e0260b4667a2d301cd731d829a06b5ad30457a603b80f833d3936c2152235e8fb82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe

Filesize
184KB

MD5
1cf34a65e574dd6fda927f462d515040

SHA1
73517d1ead66f81c0983b9ae054b382815d15c1e

SHA256
342fecfa016e374bbaf6dcb9f4d22ec9cf1e5f0fa6c6a26ca427150c6dc3e082

SHA512
8b58b8cc234c6b8c7a90c075acfb80b3b132c8b14caebf0090de2bd723482f7a920d0804bcc307b4195a6a77fb7d9e48ed0b1f90b65b0f2b696fcec90f9e5328

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27619.exe

Filesize
184KB

MD5
46cb2a9a5cf6f4ed3bc2f850dda8f6e2

SHA1
164172a9152541ccdeb2b6ac5f57c78d31f7dc7a

SHA256
a3e583e7f37cfcfdbfea5cd07bf002a7327885980c98d1e636925e9dedefc005

SHA512
17d1ed5fe83de9c531225170a09a423ac49fd339fafc511c482c508b789763107f0b1a0b5bb3b8fb4005482124e4c8f9ebd33cc3540be993db7ca0ca920eda1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30363.exe

Filesize
184KB

MD5
0b2e410463a8819d354edf0b6fce7d6e

SHA1
0054cf3771508d990a0349cc024a25067289ba97

SHA256
949fe0602caa0d7d8e73ce721c7743bee0176a9fe51026c8a196fc3d1bbcb420

SHA512
c61ba1502630f7df0f9c362bd7a57dd841dfe32b9fc59dd7c4751d260bfd0e0a0e957d113fc817c77dc50fa3d1c24c4b85e70f9677abce14455578050ff20d8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe

Filesize
184KB

MD5
c9e728c329d92567692937cf15ea5006

SHA1
612ad48f86788fcf125a64b54d966b1116c36cc1

SHA256
68f0b3b958c83c102ad7c7a59f7f60b11eb7d8baa2f82df2e77494b7e876d8c3

SHA512
9edde882b382e791037f88bb3e80c4a028487b53484e77f35cfe1c09744be2fad1d0d7402a08a751fd9e931fd6b7fba4cac6c6cd7db028d818c932635e62d11c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe

Filesize
184KB

MD5
b69379f6a8cb271336d998cde8ba94f5

SHA1
6d310ba2fdc7fdfd8ff213b62f9859bd6b3e3c89

SHA256
8c39c4c362011630d4c34a46a847b10dda371930b4956c6f0a705a2e24e95254

SHA512
3ba0e6a67687a762ec3636cfc94c1ee54259d4541a54ea10e3ff3cb15c3c41441bb222ca3702392016c03bfb9f04ba7685ba0911a1300ae9ad1bce3fc2c12bdd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54396.exe

Filesize
184KB

MD5
8dee58a302c5e46d088afacfce2d69cd

SHA1
7fd64e121ec905be667132c3fc43bf5247d50023

SHA256
5a2944993ede245a711e518b7ae393569751c08fa454bc03b6b0465c5c692e20

SHA512
4d5d59b507970f03a3143ec3eccc0c35435dce1051cfb8d0b81f1bfd992f2e8ccdfa3942f40353860365b791f046949c519e583d74d3157380133f5a9af2cc48

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64375.exe

Filesize
184KB

MD5
67695ca291fa87665c9b89287771e784

SHA1
443ca595b82ced4c2f4ffed02675e42d5f2b586f

SHA256
f1a9dd2f2c686875cd7538a0fbf528480c0e2a5a848a8c008ffcaeaa207705a9

SHA512
14a13e122b26ce41090f187b0e3065e51bd0e1843cfb14017814216186dc6ab0d708404c049efba35b9e06e32078598c16d1247c98c0abaeddbb9c78fe061273

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-893.exe

Filesize
184KB

MD5
419582db8575bb80e5125d4568b1de80

SHA1
28f148e27b0aa1f6753bfd1289345e45e637b836

SHA256
0ad946f91355c6833b9514029f539735caa135b15f345295f628e0ea59ed4194

SHA512
d9695ce3cbf9691a047b2d5a8bcc7b4ddcd8ea685e59801e377790245dadc02c47e3970310f87b19e5f92b8aa016ccbeb48f700a5daf2290ffe2bc4afbf5d2c2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads